Notifications
Clear all
Topic starter
25/06/2026 2:47 pm
TL;DR: Agentic application security has been named a 2025 Top InfoSec Innovator, with the company framing agent protection as full-lifecycle coverage across SaaS, cloud and endpoint environments, according to Zenity and Cyber Defense Magazine. For IAM teams, the key shift is that agent behaviour, tool use, and data access now need governance and runtime controls, not just static policy.
NHIMG editorial — based on content published by Zenity: Zenity named Top InfoSec Innovator for AI agent security in 2025
Questions worth separating out
Q: How should security teams govern AI agents that operate across SaaS, cloud, and endpoints?
A: They should treat each agent as an identity with explicit scope, observable behaviour, and cross-environment permissions.
Q: What breaks when AI agent security is handled like ordinary application security?
A: Application security assumes a relatively stable workload boundary and a predictable request path.
Q: How do organisations know whether AI agent governance is actually working?
A: They should test whether they can see the agent from discovery through action and response, not just whether the agent was approved.
Practitioner guidance
- Map agent identities to every control plane they can touch. Build an inventory that ties each AI agent to the SaaS applications, cloud services, and endpoints it can reach.
- Enforce runtime policy at the tool boundary. Block or step up sensitive actions when an agent requests data access, external calls, or privileged workflow steps that exceed its declared purpose.
- Correlate agent behaviour with identity evidence. Link agent discovery records, posture data, and audit trails so incident responders can reconstruct who or what acted, which tools were used, and which data paths were involved.
What's in the full analysis
Zenity's full article covers the operational detail this post intentionally leaves for the source:
- How the platform maps discovery, posture management, detection, prevention, and response across agent workflows
- The vendor's explanation of how it analyses actions, data flows, and intent inside agent execution paths
- Examples of how the agent-centric model is applied across SaaS, cloud, and endpoint environments
- Context on the research and standards work the vendor says it is contributing to in agent security
👉 Read Zenity's analysis of AI agent security across SaaS, cloud and endpoint →
AI agent security across SaaS, cloud and endpoint: what changes?
Explore further
25/06/2026 3:55 pm
AI agent governance is becoming an identity control problem, not just an application security problem. The article reflects a market shift toward treating agents as active actors that need discovery, posture, and runtime oversight across environments. That matters because the security failure is no longer confined to one model invocation or one prompt. Practitioners need to think in terms of agent identity, tool authority, and observable behaviour across the full execution path.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to SailPoint research.
A question worth separating out:
Q: Why do AI agents create new requirements for IAM and PAM teams?
A: Because the same identity may need access to data, tools, and escalation paths that change at runtime. IAM must govern scope and lifecycle, while PAM must constrain high-risk actions in the moment they are requested. Static entitlement review alone cannot contain a behaviour-changing actor.
👉 Read our full editorial: AI agent security governance now spans SaaS, cloud and endpoint
