Notifications
Clear all
Topic starter
25/06/2026 2:46 pm
TL;DR: Fortune’s 2026 Cyber 60 list spotlights 20 early-stage cybersecurity companies, and Zenity’s inclusion reflects how quickly AI agent security and governance have moved into mainstream enterprise concern, according to Zenity. The practical issue is not recognition itself but the widening gap between how agents behave at runtime and how current IAM and security controls are built to govern them.
NHIMG editorial — based on content published by Zenity: Fortune names Zenity a 2026 Cyber 60 company for AI agent security
By the numbers:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should security teams govern AI agents across SaaS, cloud, and endpoint environments?
A: They should govern AI agents as identities with explicit ownership, scoped tool access, and a runtime policy model that follows the agent across environments.
Q: Why do AI agents create more identity risk than standard automation?
A: AI agents create more identity risk because they can make runtime decisions about what to do next, which tools to invoke, and when to act.
Q: What do security teams get wrong about AI agent inventory and discovery?
A: They often assume application logs or cloud inventories are enough.
Practitioner guidance
- Inventory every active AI agent Create a single register for agents across SaaS, cloud, and endpoint environments, and tie each one to an owning team, purpose, and approved tool set.
- Bind policy to the agent, not the app Define access rules around the agent identity, its allowed actions, and its tool invocation paths.
- Add runtime thresholds for misuse Set behaviour-based triggers for unusual tool chaining, unexpected data access, or cross-environment movement.
What's in the full analysis
Zenity's full article covers the product and market detail this post intentionally leaves for the source:
- How Zenity positions its agent discovery and policy enforcement model across SaaS, cloud, and endpoint environments.
- Which enterprise environments and AI platforms the vendor says are already in scope for its control model.
- How the vendor describes lifecycle protection, detection, prevention, and response in one operating flow.
- Why Zenity says its agent-centric approach is built around how agents behave, what they access, and which tools they invoke.
👉 Read Zenity's statement on Fortune naming it a 2026 Cyber 60 company →
Fortune Cyber 60 and AI agent security: what does it mean for teams?
Explore further
25/06/2026 3:53 pm
AI agent security has moved from a niche control problem to a governance boundary problem. The Fortune Cyber 60 recognition reflects market demand, but the real issue is that agents now operate across SaaS, cloud, and endpoint contexts where identity, policy, and monitoring are fragmented. That fragmentation makes it difficult to assign ownership or prove control consistency. Practitioners should treat agent governance as a cross-domain identity programme, not a point solution.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Our research also shows: 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, which leaves delegated access and external trust paths poorly governed.
A question worth separating out:
Q: Who is accountable when an AI agent causes unauthorized access or data exposure?
A: Accountability should sit with the business or platform owner that approved the agent, the team that granted its permissions, and the group responsible for monitoring and offboarding it. If no owner can be named, the governance model is already failing.
👉 Read our full editorial: Fortune Cyber 60 recognition signals rising pressure on AI agent security
