Author: Alon Askal

Right now, across your organisation, an AI agent is making decisions, accessing systems, and taking actions on behalf of your business. It has no persistent identity. No guardrails. And no one is watching.

According to PwC’s 2025 AI Agent Survey, 79% of organisations have adopted AI agents. Yet 96% of technology professionals consider AI agents a growing risk, even as 98% of organisations plan to expand their use within the next year.

This isn’t a future problem. It’s happening now.

The Evolution of Security Posture Management

Every computing era has demanded its own security posture discipline:

  • CSPM secured cloud configurations and policy drift.
  • ASPM protected pipelines and code paths as DevOps accelerated.
  • DSPM gave visibility into where sensitive data lives and moves.
  • ISPM brought identity and entitlements under control.
  • Recently, AISPM emerged to focus on model and dataset safety.

Each generation addressed the most visible risk at that moment. Each left gaps that the next would address.

But now we face a fundamentally different challenge: autonomous agents that reason, decide, and act.

Why AISPM Falls Short

As the recent evolution in security posture, AISPM brings specific capabilities – protecting model integrity, preventing prompt injection, validating training data, and maintaining RAG hygiene. These capabilities are valuable and necessary.

But AISPM was built around a central assumption: the model is the risk surface. This made sense when AI primarily generated content that humans then acted upon, and it makes sense when your company is training and building its own AI models.

Something fundamental has changed. AI systems now act autonomously. Agents don’t just generate recommendations – they execute decisions. They remediate security findings, access customer records, query databases, trigger workflows, and modify configurations.

The Critical Gaps

  • No Identity for the Actor
    When an agent spawns, acts across systems, and disappears, there’s no attribution trail. AISPM secures the model, not the system that uses it. You can’t govern what you can’t identify.
  • No Runtime Decisioning
    AISPM focuses on pre-deployment model safety. It lacks the ability to allow, challenge, or block an agent action in real-time. By the time you detect an issue, the agent has already acted.
  • No Tool Chain Visibility
    Agents chain tools together: access database → call API → update ticket → send notification. AISPM sees the model, but not the tool chain or the permissions each step requires. The risk isn’t in any single action-it’s in the chain.

The Real-World Risk

Consider this scenario: A sales AI agent is asked to help justify pricing during customer negotiations. Acting autonomously, it pulls payment history from Stripe, customer contract data from Salesforce, and financial records from your billing system – then uploads everything to a third-party cloud bucket for processing.

Result: Thousands of sensitive payment records exposed in an unsecured location, with no visibility into what data moved, which systems were accessed, or what authorised these actions.

AISPM protects what creates content, not what acts on it.

Agents Are a New Security Primitive

Here’s the critical insight: Agents are not users. They’re not NHIs. They’re autonomous actors that reason, decide, and act.

The Fundamental Differences

Users have static roles, predictable workflows, manual decision-making, and session-based access. Traditional IAM was built for this.

Service Accounts (NHIs) are long-lived credentials with fixed permissions – used by software to perform predictable, repeating tasks.

Agents are goal-driven and stateful. They carry intent, adapt to context, chain tools dynamically based on reasoning, and make decisions that weren’t pre-programmed.

The critical distinction: A service account is a credential. An agent is a decision-maker.

A New Attack Surface

Because agents are a new primitive, they introduce entirely new attack vectors:

  • Shadow agent proliferation: Teams deploy agents without security visibility, creating blind spots across the organisation
  • Credential inheritance: Agents inherit over-permissioned credentials and use them for unauthorised purposes
  • Goal manipulation: Threat actors subtly alter an agent’s objectives or constraints, causing it to pursue legitimate-seeming goals that actually serve malicious purposes
  • Prompt injection attacks: Attackers embed malicious instructions in data sources agents access (websites, documents, emails), manipulating agent behaviour to leak sensitive information or take unauthorised actions

And the threat is evolving: New agent-specific attack vectors emerge as adoption accelerates and attackers adapt.

According to research from SailPoint, 72% of technology professionals believe AI agents present a greater risk to the business than traditional machine identities.

Organizations are incentivised to grant agents access to more data and resources to make them more effective, but with expanded access comes increased business risk.

World Economic Forum reports

Why other approaches fail:

GenAI Security/AISPM secures models and prompts but misses autonomous agents. Traditional IAM secures human identities and static permissions but can’t handle dynamic reasoning actors.

Agents represent a net-new category of entity. They don’t fit existing frameworks because those frameworks were never designed for reasoning, autonomous actors.

That’s exactly why the Agentic Era demands Agentic Security Posture Management.

Introducing Agentic SPM

Agentic Security Posture Management is the next evolution of security posture purpose-built to discover, govern, and control autonomous agents as first-class security primitives.

Core Capabilities

  • Discovery & Attribution
    Automatically detect when agents spawn. Attribute to originating model, user, or system. Build complete inventory of your agentic landscape. You can’t secure what you can’t see.
  • Identity & Context Management
    Every agent gets persistent, governed identity capturing provenance, intent, capabilities, and state. Tracked through entire lifecycle. Every action is attributable.
  • Runtime Policy Enforcement
    Real-time decision gating: allow, challenge, or block based on context. Tool chain analysis before execution. Permission validation. Prevent unauthorised actions before they happen.
  • Audit & Compliance
    Complete decision trails with reasoning capture. Tool chain audit logs. Policy violation tracking. Compliance reporting for SOC 2, ISO 27001, GDPR. Explainability for regulators.

Business Outcomes

  • For CISOs: Complete visibility, demonstrable governance for boards and regulators, reduced risk of agent-driven incidents.
  • For Identity Leaders: Governance for non-traditional identities at scale, integration with existing IAM infrastructure.
  • For AI Innovation Teams: Security that enables rather than blocks innovation, clear guardrails, faster time-to-production.

Agents are the new security primitive. Agents are a new attack surface. And Agentic SPM is the discipline that governs them.

The question isn’t whether your organisation has agents. It’s whether you know where they are and what they’re doing.

Organisations that recognise this shift and act now will be the ones that safely unlock the potential of the Agentic Era-with visibility, control, and confidence.

Cyata: The First Agentic SPM

Cyata is the first Agentic Security Posture Management platform – built from the ground up to treat agents as first-class security primitives, not an afterthought.

Preemptive Security, Posture-First

Unlike reactive security tools that detect threats after they occur, Cyata takes a posture-first approach to agent security: establishing continuous governance before risks materialise. This preemptive security model means organisations establish posture guardrails and gain control over their agentic landscape from day one.

Cyata delivers what existing security tools cannot:

  • Complete agentic visibility across your entire technology stack, discovering shadow agents the moment they spawn.
  • Persistent agent identity that captures provenance, intent, and capabilities-finally bringing autonomous actors under governance.
  • Real-time policy enforcement that prevents unauthorized actions before they execute, not just alerts after the fact.
  • Built-in compliance with audit trails and decision transparency that regulators demand.

Why Cyata Now?

The timing is critical. Enterprise agent deployments are accelerating. First agent-driven breaches are emerging. Regulatory pressure is mounting with the EU AI Act and SEC cyber disclosure rules. AI governance has become a board-level discussion.

As the first and leading Agentic SPM platform, Cyata gives enterprises the foundation they need to scale AI agents safely-with the visibility, control, and auditability that the Agentic Era demands.

We’re not just solving today’s agent security problem – we’re building the governance infrastructure for the autonomous future.

Shahar Tal, Co-Founder & CEO of Cyata

See What Agents Are Running in Your Environment

Cyata is the first Agentic Security Posture Management platform-purpose-built to discover, attribute, and govern autonomous agents.

Schedule a free demo and discover:

  • What agents are already operating in your environment
  • Where your biggest agentic security gaps are
  • How preemptive, posture-first security works in practice

Who should attend: CISOs, Identity & Access Management Leaders, and AI Security Leaders seeking governance for Agentic AI.

Also in the news:

Default ThumbnailOfcom enforces age checks on 100,000 online services Default ThumbnailLloyds Banking Group secures patent for cybersecurity innovation Default Thumbnail100,000 online services must act now on Online Safety Act measures