TL;DR: Agentic, multimodal AI changes the risk model because systems can now act across text, images, and voice, where one poisoned input or spoofed instruction can trigger approvals, transfers, or policy decisions, according to Enkrypt AI. The governance gap is no longer model quality alone but whether runtime controls can constrain action before auditless damage occurs.
NHIMG editorial — based on content published by Enkrypt AI: Enkrypt AI Recognized as a Gartner Cool Vendor in AI Security 2025
Questions worth separating out
Q: How should security teams govern AI agents that can act across text, image, and voice?
A: Security teams should govern those agents as runtime identities with constrained action rights, not as passive content systems.
Q: Why do multimodal AI agents create more risk than text-only assistants?
A: Multimodal agents expand the attack surface because instructions can arrive through images, audio, or documents that the system interprets as context for action.
Q: How can organisations tell whether agent guardrails are actually working?
A: They should test whether harmful inputs are blocked before execution, whether policy violations are logged with a clear decision path, and whether high-risk actions still require the intended approval gate.
Practitioner guidance
- Define runtime action boundaries Enumerate which actions an AI agent may propose, which it may execute, and which require human approval before completion.
- Treat every input channel as policy-relevant Extend control coverage to screenshots, PDFs, audio, and copied text that can influence agent behaviour.
- Separate model evaluation from access governance Use model safety scoring for selection, but require a distinct approval path for tool access, sensitive data access, and workflow execution.
What's in the full analysis
Enkrypt AI's full news post covers the product and recognition details this analysis intentionally leaves to the source:
- The exact guardrail and policy-engine capabilities described by the vendor for multimodal agent workflows.
- The AI Safety Leaderboard context and how Enkrypt AI says it is intended to evaluate risk beyond raw model performance.
- The source article's full explanation of the Gartner Cool Vendor recognition and the disclosure language around that citation.
- The vendor's named use cases across customer-facing agents, third-party AI risk, and secure vibe coding.
👉 Read Enkrypt AI's analysis of multimodal AI agent guardrails and AI security recognition →
Multimodal AI agent guardrails: are your controls keeping up?
Explore further
Multimodal AI guardrails are now an identity control, not just a model control. Once an agent can act on text, images, and voice, the security problem becomes whether the organisation can constrain what that identity is allowed to do at runtime. That means the governance boundary shifts from content safety to action authorisation, with IAM, PAM, and NHI controls all intersecting at the execution point. Practitioners should treat multimodal guardrails as part of identity enforcement, not an optional add-on.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Should AI model safety scores be used as the main approval criterion for deployment?
A: No. Safety scores are useful, but they only measure one part of the risk picture. Deployment approval should also examine tool access, delegated authority, workflow sensitivity, and audit requirements. A model can look safe in isolation and still become unacceptable once it is connected to privileged systems.
👉 Read our full editorial: AI agent guardrails are shifting from chat to multimodal action