[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-beyond-identity-s-new-ceros-platform-how-to-securely-run-autonomous-ai-agents-at-enterprise-scale-en":3,"ArticleBody_EyQB5pjuvvHuuiRpWvTlclLMexZymdPixK2S0JqE0U":214},{"article":4,"relatedArticles":185,"locale":58},{"id":5,"title":6,"slug":7,"content":8,"htmlContent":9,"excerpt":10,"category":11,"tags":12,"metaDescription":10,"wordCount":13,"readingTime":14,"publishedAt":15,"sources":16,"sourceCoverage":50,"transparency":52,"seo":55,"language":58,"featuredImage":59,"featuredImageCredit":60,"isFreeGeneration":64,"trendSlug":65,"trendSnapshot":66,"niche":75,"geoTakeaways":79,"geoFaq":88,"entities":98},"6a3340d631a9d982bd893cc5","Beyond Identity’s New Ceros Platform: How to Securely Run Autonomous AI Agents at Enterprise Scale","beyond-identity-s-new-ceros-platform-how-to-securely-run-autonomous-ai-agents-at-enterprise-scale","Autonomous and [agentic AI](\u002Farticle\u002Fnvidia-s-nemoclaw-how-an-open-ai-agent-toolkit-will-reshape-enterprise-workflows) are shifting from demos into core workflows such as code deployment, finance approvals, incident response, and customer operations.[7] [Gartner](\u002Fentities\u002F693feb44312dc892c4c19011-gartner) projects that by 2028 one‑third of enterprise applications will include agentic AI and 15% of day‑to‑day work decisions will be made autonomously.[7]  \n\nAs agents gain power to spin up tools, call internal APIs, and run for long periods without humans, the attack surface expands and traditional security and identity controls fall short.[2]  \n\n💡 **Key takeaway:** Enterprises need infrastructure‑grade controls for AI agents before trusting them with revenue‑generating and mission‑critical workflows.[5]\n\n---\n\n## Why Enterprises Need a Dedicated Platform to Secure AI Agents\n\nAs AI agents plug into CRMs, [CI\u002FCD](\u002Fentities\u002F6984cfcbe28785d1e150d753-cicd), and ticketing systems, basic security questions are often unanswerable:[2][6]  \n\n- Which user initiated an AI action?  \n- Which device or container did the agent run on?  \n- What internal data did it access?  \n- What did it do over time?  \n\nThis undermines governance, incident response, and audits.[2][6]\n\nTraditional IAM assumes:[2]  \n\n- Short, human‑driven sessions  \n- Clear login \u002F logout boundaries  \n- Limited tool chaining  \n\nAgentic systems instead:[2][5]  \n\n- Run for hours or days  \n- Chain across many tools and services  \n- Act on delegated permissions long after the human is gone  \n\nSession‑based controls do not capture this continuous, tool‑hopping behavior.[2][5]\n\n📊 **Key point:** Best practice now combines pre‑deployment governance with continuous runtime oversight of agent behavior and access.[5]\n\nForward‑leaning security teams treat AI agents as critical infrastructure:[5][8]  \n\n- Maintain an inventory of agents  \n- Map agents to owners and business processes  \n- Document which systems and data each agent may touch  \n\nWithout this discipline, enterprises face new risks:[1][2][5][6]  \n\n- **Data exfiltration** via [prompt injection](\u002Fentities\u002F69822206e28785d1e150b8aa-prompt-injection) or misconfigured connectors[2][6]  \n- **Shadow agents** deployed outside security’s view[1][5]  \n- **Over‑privileged access** to tools, models, and production data[6]  \n- **Non‑attributable actions** without provable identity[2]  \n\nThese gaps drive demand for identity‑centric, runtime‑aware security platforms for autonomous AI.\n\n---\n\n## Inside Beyond Identity’s [Ceros](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCeros) Platform and AI Security Suite\n\nBeyond Identity’s Ceros platform acts as a control plane for AI agents.[1] Security teams can:  \n\n- Decide which agents may launch  \n- Enforce policies at the process level for every session  \n- Constrain each agent to a tightly scoped authorization envelope (e.g., “triage internal tickets” rather than “access all Jira and GitHub”).[1]\n\n⚡ **Key capability:** Ceros restricts tasks, applications, and systems an agent can access, then degrades or terminates sessions that violate policy while emitting real‑time alerts.[1]\n\nBeyond Identity’s AI Security Suite introduces “real identity” for AI:[2]  \n\n- Every agent gets a cryptographic credential bound to the hardware of its device, VM, or container  \n- Identities cannot be copied or shared  \n- Every request has forensic proof: *which identity, on which device, did what, under which permissions*.[2]  \n\nCeros is part of the [Identity Defense Platform](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FDissociative_identity_disorder), which already delivers passwordless, device‑bound authentication and continuous device posture checks to stop credential‑based attacks on humans.[3] The same model now governs non‑human identities and agents, creating a single control plane across users, machines, and agents.[3]\n\n💡 **Visibility highlight:** Ceros shows:[1]  \n\n- Which end user owns an agent  \n- The device and applications it uses  \n- Which AI models, [inference engines](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FInference_engine), MCP servers, and tools it accesses  \n- Whether unapproved “shadow” agents are present  \n\nIt can then block, limit, or transparently replace unsanctioned tools with approved equivalents.[1]\n\n---\n\n## Enterprise Deployment Playbook: Safely Scaling AI Agents with Ceros\n\nA pragmatic rollout starts with discovery:[5][8]  \n\n- Inventory existing agents  \n- Map them to business owners and processes  \n- Standardize ownership, access reviews, and escalation paths  \n\nWith this model in place, Ceros can enforce guardrails as AI moves from pilots to core workflows.[5]\n\nNext, combine posture and runtime controls:[1][3][4]  \n\n- Use Beyond Identity’s device‑trust and phishing‑resistant authentication so only healthy, trusted devices can launch agents[3][4]  \n- Let Ceros continuously evaluate arguments, tool use, and behavior, revoking or downgrading access if risk rises mid‑session[1][4]  \n\n⚠️ **Security pattern:** Keep agents narrow and purpose‑built, then enforce that scope at runtime so they cannot quietly pivot into adjacent systems.[1][6]\n\nDesign agents with least‑privilege access to:[1][6]  \n\n- Only required tools and APIs  \n- Only relevant datasets  \n- Only approved workflows and environments  \n\nUse Ceros to block agents from pushing code or data directly into production without explicit approval or human review.[1][6]\n\nA real‑world pattern: Monolithic Power Systems built a private AI platform to protect IP and avoid public LLM exposure, now used by 1,000+ employees.[4] They pair internal agents with passwordless, phishing‑proof access and continuous device posture checks, blocking risky devices in real time.[4] Combined with Ceros’ process‑level controls, similar enterprises can broadly adopt agents without losing control over sensitive designs, models, or customer data.[1][4]\n\nOngoing governance should include:[1][5]  \n\n- Reviewing Ceros telemetry for shadow agents or anomalous tool chains[1]  \n- Detecting configuration drift as teams iterate on agents[5]  \n- Updating policies as new models and tools appear[1][5]  \n\n💼 **Operational reality:** Agent security becomes a standing discipline, similar to vulnerability management or identity governance.[5]\n\n---\n\n## Conclusion: Making Agentic AI Safe Enough for Core Workflows\n\nAs agentic AI embeds in revenue, operations, and security processes, enterprises must adopt identity‑centric, runtime‑aware governance rather than ad‑hoc controls.[5][7] Ceros and the AI Security Suite provide cryptographic identity, process‑level enforcement, and deep visibility so agents can operate autonomously without forfeiting control or exposing sensitive data.[1][2]\n\nNow is the time to act: identify where agents already run, close gaps in ownership and observability, and consider a Ceros proof of concept.[1][2][3] That foundation—provable AI identity, fine‑grained runtime controls, and unified governance for humans and agents—creates a safe path to scale agentic AI across your most critical workflows.[1][2][3]","\u003Cp>Autonomous and \u003Ca href=\"\u002Farticle\u002Fnvidia-s-nemoclaw-how-an-open-ai-agent-toolkit-will-reshape-enterprise-workflows\" class=\"internal-link\">agentic AI\u003C\u002Fa> are shifting from demos into core workflows such as code deployment, finance approvals, incident response, and customer operations.\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa> \u003Ca href=\"\u002Fentities\u002F693feb44312dc892c4c19011-gartner\">Gartner\u003C\u002Fa> projects that by 2028 one‑third of enterprise applications will include agentic AI and 15% of day‑to‑day work decisions will be made autonomously.\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>As agents gain power to spin up tools, call internal APIs, and run for long periods without humans, the attack surface expands and traditional security and identity controls fall short.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>Key takeaway:\u003C\u002Fstrong> Enterprises need infrastructure‑grade controls for AI agents before trusting them with revenue‑generating and mission‑critical workflows.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>Why Enterprises Need a Dedicated Platform to Secure AI Agents\u003C\u002Fh2>\n\u003Cp>As AI agents plug into CRMs, \u003Ca href=\"\u002Fentities\u002F6984cfcbe28785d1e150d753-cicd\">CI\u002FCD\u003C\u002Fa>, and ticketing systems, basic security questions are often unanswerable:\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Which user initiated an AI action?\u003C\u002Fli>\n\u003Cli>Which device or container did the agent run on?\u003C\u002Fli>\n\u003Cli>What internal data did it access?\u003C\u002Fli>\n\u003Cli>What did it do over time?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This undermines governance, incident response, and audits.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Traditional IAM assumes:\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Short, human‑driven sessions\u003C\u002Fli>\n\u003Cli>Clear login \u002F logout boundaries\u003C\u002Fli>\n\u003Cli>Limited tool chaining\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Agentic systems instead:\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Run for hours or days\u003C\u002Fli>\n\u003Cli>Chain across many tools and services\u003C\u002Fli>\n\u003Cli>Act on delegated permissions long after the human is gone\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Session‑based controls do not capture this continuous, tool‑hopping behavior.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>📊 \u003Cstrong>Key point:\u003C\u002Fstrong> Best practice now combines pre‑deployment governance with continuous runtime oversight of agent behavior and access.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Forward‑leaning security teams treat AI agents as critical infrastructure:\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Maintain an inventory of agents\u003C\u002Fli>\n\u003Cli>Map agents to owners and business processes\u003C\u002Fli>\n\u003Cli>Document which systems and data each agent may touch\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Without this discipline, enterprises face new risks:\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Data exfiltration\u003C\u002Fstrong> via \u003Ca href=\"\u002Fentities\u002F69822206e28785d1e150b8aa-prompt-injection\">prompt injection\u003C\u002Fa> or misconfigured connectors\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shadow agents\u003C\u002Fstrong> deployed outside security’s view\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Over‑privileged access\u003C\u002Fstrong> to tools, models, and production data\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Non‑attributable actions\u003C\u002Fstrong> without provable identity\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These gaps drive demand for identity‑centric, runtime‑aware security platforms for autonomous AI.\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>Inside Beyond Identity’s \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCeros\" class=\"wiki-link\" target=\"_blank\" rel=\"noopener\">Ceros\u003C\u002Fa> Platform and AI Security Suite\u003C\u002Fh2>\n\u003Cp>Beyond Identity’s Ceros platform acts as a control plane for AI agents.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa> Security teams can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Decide which agents may launch\u003C\u002Fli>\n\u003Cli>Enforce policies at the process level for every session\u003C\u002Fli>\n\u003Cli>Constrain each agent to a tightly scoped authorization envelope (e.g., “triage internal tickets” rather than “access all Jira and GitHub”).\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>⚡ \u003Cstrong>Key capability:\u003C\u002Fstrong> Ceros restricts tasks, applications, and systems an agent can access, then degrades or terminates sessions that violate policy while emitting real‑time alerts.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Beyond Identity’s AI Security Suite introduces “real identity” for AI:\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Every agent gets a cryptographic credential bound to the hardware of its device, VM, or container\u003C\u002Fli>\n\u003Cli>Identities cannot be copied or shared\u003C\u002Fli>\n\u003Cli>Every request has forensic proof: \u003Cem>which identity, on which device, did what, under which permissions\u003C\u002Fem>.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Ceros is part of the \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FDissociative_identity_disorder\" class=\"wiki-link\" target=\"_blank\" rel=\"noopener\">Identity Defense Platform\u003C\u002Fa>, which already delivers passwordless, device‑bound authentication and continuous device posture checks to stop credential‑based attacks on humans.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa> The same model now governs non‑human identities and agents, creating a single control plane across users, machines, and agents.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>Visibility highlight:\u003C\u002Fstrong> Ceros shows:\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Which end user owns an agent\u003C\u002Fli>\n\u003Cli>The device and applications it uses\u003C\u002Fli>\n\u003Cli>Which AI models, \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FInference_engine\" class=\"wiki-link\" target=\"_blank\" rel=\"noopener\">inference engines\u003C\u002Fa>, MCP servers, and tools it accesses\u003C\u002Fli>\n\u003Cli>Whether unapproved “shadow” agents are present\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It can then block, limit, or transparently replace unsanctioned tools with approved equivalents.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>Enterprise Deployment Playbook: Safely Scaling AI Agents with Ceros\u003C\u002Fh2>\n\u003Cp>A pragmatic rollout starts with discovery:\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Inventory existing agents\u003C\u002Fli>\n\u003Cli>Map them to business owners and processes\u003C\u002Fli>\n\u003Cli>Standardize ownership, access reviews, and escalation paths\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With this model in place, Ceros can enforce guardrails as AI moves from pilots to core workflows.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Next, combine posture and runtime controls:\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use Beyond Identity’s device‑trust and phishing‑resistant authentication so only healthy, trusted devices can launch agents\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Let Ceros continuously evaluate arguments, tool use, and behavior, revoking or downgrading access if risk rises mid‑session\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>⚠️ \u003Cstrong>Security pattern:\u003C\u002Fstrong> Keep agents narrow and purpose‑built, then enforce that scope at runtime so they cannot quietly pivot into adjacent systems.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Design agents with least‑privilege access to:\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Only required tools and APIs\u003C\u002Fli>\n\u003Cli>Only relevant datasets\u003C\u002Fli>\n\u003Cli>Only approved workflows and environments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use Ceros to block agents from pushing code or data directly into production without explicit approval or human review.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>A real‑world pattern: Monolithic Power Systems built a private AI platform to protect IP and avoid public LLM exposure, now used by 1,000+ employees.\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa> They pair internal agents with passwordless, phishing‑proof access and continuous device posture checks, blocking risky devices in real time.\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa> Combined with Ceros’ process‑level controls, similar enterprises can broadly adopt agents without losing control over sensitive designs, models, or customer data.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Ongoing governance should include:\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reviewing Ceros telemetry for shadow agents or anomalous tool chains\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Detecting configuration drift as teams iterate on agents\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Updating policies as new models and tools appear\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>💼 \u003Cstrong>Operational reality:\u003C\u002Fstrong> Agent security becomes a standing discipline, similar to vulnerability management or identity governance.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>Conclusion: Making Agentic AI Safe Enough for Core Workflows\u003C\u002Fh2>\n\u003Cp>As agentic AI embeds in revenue, operations, and security processes, enterprises must adopt identity‑centric, runtime‑aware governance rather than ad‑hoc controls.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa> Ceros and the AI Security Suite provide cryptographic identity, process‑level enforcement, and deep visibility so agents can operate autonomously without forfeiting control or exposing sensitive data.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Now is the time to act: identify where agents already run, close gaps in ownership and observability, and consider a Ceros proof of concept.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa> That foundation—provable AI identity, fine‑grained runtime controls, and unified governance for humans and agents—creates a safe path to scale agentic AI across your most critical workflows.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003C\u002Fp>\n","Autonomous and agentic AI are shifting from demos into core workflows such as code deployment, finance approvals, incident response, and customer operations.[7] Gartner projects that by 2028 one‑third...","trend-radar",[],923,5,"2026-06-18T00:59:19.007Z",[17,22,26,30,34,38,42,46],{"title":18,"url":19,"summary":20,"type":21},"Beyond Identity Launches Platform to Secure AI Agents - Security Boulevard","https:\u002F\u002Fsecurityboulevard.com\u002F2026\u002F06\u002Fbeyond-identity-launches-platform-to-secure-ai-agents\u002F","Beyond Identity today made available a Ceros platform that enables cybersecurity teams to securely run artificial intelligence (AI) agents by continuously enforcing policies at the process level.\n\nAnn...","kb",{"title":23,"url":24,"summary":25,"type":21},"Beyond Identity Opens Early Access for the AI Security Suite","https:\u002F\u002Fwww.beyondidentity.com\u002Fresource\u002Fbeyond-identity-opens-early-access-for-the-ai-security-suite","You can't see what your AI agents are doing. Today, we're announcing Beyond Identity's AI Security Suite, the first identity security platform purpose-built for autonomous AI agents. With it, security...",{"title":27,"url":28,"summary":29,"type":21},"Beyond Identity | The Only Platform Built to Eliminate Identity-Based Attacks","https:\u002F\u002Fwww.beyondidentity.com\u002F","Unauthorized Access Ends Here\n\nUse the Identity Defense Platform to secure your AI-native estate, enabling security-conscious teams to govern access across users, machines, and agents, with identity t...",{"title":31,"url":32,"summary":33,"type":21},"Secure Your Private AI","https:\u002F\u002Fwww.beyondidentity.com\u002Fresource\u002Fsecure-your-private-ai","Written by\n\nPublished on\n\nJuly 29, 2025\n\nTL;DR\n\n- Monolithic Power Systems (MPS) built a private AI system to protect IP and prevent data leaks from public LLMs, now used by 1,000+ employees.\n- Beyond...",{"title":35,"url":36,"summary":37,"type":21},"10 Agentic AI Best Practices for Safe Enterprise Deployment","https:\u002F\u002Fzenity.io\u002Facademy\u002Fagentic-ai-best-practices","Agentic AI best practices start with visibility. If you don't know which agents exist, what they can access, and how they behave at runtime, you cannot secure or govern them effectively.\nThe strongest...",{"title":39,"url":40,"summary":41,"type":21},"AI Agents Are Transforming Enterprise Software in 2026","https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002F6204556817\u002Fposts\u002F10162654133741818\u002F","AI Agents Are Transforming Enterprise Software in 2026\n\nCompanies are rapidly adopting AI agents to automate workflows, customer support, analytics, and operations.\n\nBut there’s a major question every...",{"title":43,"url":44,"summary":45,"type":21},"Agentic AI is Transforming Security – What Enterprise Leaders Need to Know","https:\u002F\u002Fwww.cyberdefensemagazine.com\u002Fagentic-ai-is-transforming-security-what-enterprise-leaders-need-to-know\u002F","Michiel Prins\n\nHackerOne\n\nFebruary 16, 2026\n\nAgentic AI is the latest evolution in artificial intelligence, bringing a new level of autonomy to digital systems. Unlike traditional AI, which relies hea...",{"title":47,"url":48,"summary":49,"type":21},"How to embed AI Agents into daily workflows at enterprises","https:\u002F\u002Fcredal.ai\u002Fhow-to-embed-ai-agents-into-daily-workflows-at-enterprises","---TITLE---\nHow to embed AI Agents into daily workflows at enterprises\n---CONTENT---\nHow to embed AI Agents into daily workflows at enterprises\n\nby\n\nJessica Shen\n\nMarch 11, 2025\n\n### Why haven't AI ag...",{"totalSources":51},8,{"generationDuration":53,"kbQueriesCount":51,"confidenceScore":54,"sourcesCount":51},283832,100,{"metaTitle":56,"metaDescription":57},"Autonomous AI Agents: Enterprise-Grade Security for Scale","Agentic AI expands enterprise attack surfaces. Discover how Ceros centralizes identity, session and audit controls to secure autonomous agents — quick wins.","en","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1550096975-ea2d3d2468f9?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxiZXlvbmQlMjBpZGVudGl0eXxlbnwxfDB8fHwxNzgxNzQzODMwfDA&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60",{"photographerName":61,"photographerUrl":62,"unsplashUrl":63},"Kylie Lugo","https:\u002F\u002Funsplash.com\u002F@kylielugo?utm_source=coreprose&utm_medium=referral","https:\u002F\u002Funsplash.com\u002Fphotos\u002Fband-playing-on-stage-GmbUoENweuw?utm_source=coreprose&utm_medium=referral",true,"beyond-identity-launches-platform-to-securely-run-ai-agents",{"score":67,"type":68,"sourceCount":69,"topSourceDomains":70,"detectedAt":74,"mentionsLast7Days":69},97,"spiking",6,[71,72,73],"securityboulevard.com","siliconangle.com","prnewswire.com","2026-06-17T20:03:01.127Z",{"key":76,"name":77,"nameEn":78},"ia","Intelligence Artificielle","Artificial Intelligence",[80,82,84,86],{"text":81},"By 2028, 33% of enterprise applications will include agentic AI and 15% of day‑to‑day decisions will be made autonomously, creating a larger, persistent attack surface that session‑based IAM cannot secure.",{"text":83},"Beyond Identity’s Ceros issues hardware‑bound cryptographic credentials for every agent, ensuring identities cannot be copied or shared and every request is provably attributable to a device, identity, and permission set.",{"text":85},"Ceros enforces process‑level policies in real time: it constrains agent tasks and tool access, degrades or terminates sessions that violate policy, and emits forensic telemetry for audits and incident response.",{"text":87},"Enterprise rollout requires discovery, owner mapping, least‑privilege design, device posture checks, and continuous runtime governance; real deployments (e.g., a private AI platform used by 1,000+ employees) demonstrate this model at scale.",[89,92,95],{"question":90,"answer":91},"How does Ceros provide “real identity” for AI agents?","Ceros binds a cryptographic credential to the hardware of the device, VM, or container running the agent and issues that credential as the agent’s non‑human identity, which cannot be copied or shared. This approach means every API call and tool invocation carries cryptographic proof of which identity acted, on which device, under which permissions, producing end‑to‑end forensics for audit, compliance, and incident response; combined with continuous device posture and process‑level enforcement, it prevents identity spoofing and supports attribution across long‑running, tool‑chain workflows.",{"question":93,"answer":94},"How does Ceros reduce risks like data exfiltration and shadow agents?","Ceros enforces narrowly scoped authorization envelopes and runtime policies so agents can only access explicit tools, APIs, and datasets, and it downgrades or terminates sessions that deviate from allowed behavior. It inventories agents, maps them to owners and processes, detects unapproved “shadow” agents via telemetry, and can block or transparently replace unsanctioned tools, thereby preventing misconfigured connectors, prompt‑injection driven exfiltration, and uncontrolled lateral access.",{"question":96,"answer":97},"What are the recommended enterprise deployment steps to scale agents safely?","Start with discovery and inventory, map agents to business owners and processes, and standardize ownership and escalation paths; design agents with least‑privilege access to required tools, datasets, and workflows. Then combine device‑trust and phishing‑resistant authentication so only healthy devices can launch agents, deploy Ceros for continuous runtime evaluation and enforcement, and maintain ongoing governance—regular telemetry reviews, drift detection, and policy updates—to treat agent security as a standing discipline.",[99,107,113,120,126,133,140,144,150,156,160,165,172,176,180],{"id":100,"name":101,"type":102,"confidence":103,"wikipediaUrl":104,"slug":105,"mentionCount":106},"693985b8312dc892c4c18386","agentic AI","concept",0.99,null,"693985b8312dc892c4c18386-agentic-ai",240,{"id":108,"name":109,"type":102,"confidence":103,"wikipediaUrl":110,"slug":111,"mentionCount":112},"69822206e28785d1e150b8aa","prompt injection","https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FPrompt_injection","69822206e28785d1e150b8aa-prompt-injection",121,{"id":114,"name":115,"type":102,"confidence":116,"wikipediaUrl":117,"slug":118,"mentionCount":119},"6984cfcbe28785d1e150d753","CI\u002FCD",0.98,"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCI%2FCD","6984cfcbe28785d1e150d753-cicd",27,{"id":121,"name":122,"type":102,"confidence":103,"wikipediaUrl":123,"slug":124,"mentionCount":125},"6981045ee28785d1e150ada7","data exfiltration","https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FData_exfiltration","6981045ee28785d1e150ada7-data-exfiltration",16,{"id":127,"name":128,"type":102,"confidence":129,"wikipediaUrl":130,"slug":131,"mentionCount":132},"6954efa719d266277e14b5eb","Autonomous AI",0.95,"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FAutonomous_agent","6954efa719d266277e14b5eb-autonomous-ai",3,{"id":134,"name":135,"type":102,"confidence":136,"wikipediaUrl":137,"slug":138,"mentionCount":139},"69c9869656ca3d78f8a04c8d","inference engines",0.88,"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FInference_engine","69c9869656ca3d78f8a04c8d-inference-engines",2,{"id":141,"name":142,"type":102,"confidence":129,"wikipediaUrl":104,"slug":143,"mentionCount":139},"6a334310add847c9a85019a9","Shadow agents","6a334310add847c9a85019a9-shadow-agents",{"id":145,"name":146,"type":102,"confidence":147,"wikipediaUrl":148,"slug":149,"mentionCount":139},"6a1d690fbaef06deebb72284","Device",0.9,"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FDevice","6a1d690fbaef06deebb72284-device",{"id":151,"name":152,"type":102,"confidence":153,"wikipediaUrl":104,"slug":154,"mentionCount":155},"6a334310add847c9a85019aa","Cryptographic credential",0.93,"6a334310add847c9a85019aa-cryptographic-credential",1,{"id":157,"name":158,"type":102,"confidence":147,"wikipediaUrl":104,"slug":159,"mentionCount":155},"6a33430fadd847c9a85019a8","Ticketing systems","6a33430fadd847c9a85019a8-ticketing-systems",{"id":161,"name":162,"type":102,"confidence":163,"wikipediaUrl":104,"slug":164,"mentionCount":155},"6a334311add847c9a85019ac","Passwordless, phishing‑resistant authentication",0.92,"6a334311add847c9a85019ac-passwordless-phishing-resistant-authentication",{"id":166,"name":167,"type":168,"confidence":103,"wikipediaUrl":169,"slug":170,"mentionCount":171},"693feb44312dc892c4c19011","Gartner","organization","https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FGartner","693feb44312dc892c4c19011-gartner",99,{"id":173,"name":174,"type":168,"confidence":129,"wikipediaUrl":104,"slug":175,"mentionCount":155},"6a334311add847c9a85019ab","Monolithic Power Systems","6a334311add847c9a85019ab-monolithic-power-systems",{"id":177,"name":178,"type":168,"confidence":116,"wikipediaUrl":104,"slug":179,"mentionCount":155},"6a33430eadd847c9a85019a4","Beyond Identity","6a33430eadd847c9a85019a4-beyond-identity",{"id":181,"name":182,"type":183,"confidence":136,"wikipediaUrl":104,"slug":184,"mentionCount":14},"69f0ea108e996ffbd50f33fa","MCP servers","other","69f0ea108e996ffbd50f33fa-mcp-servers",[186,193,200,207],{"id":187,"title":188,"slug":189,"excerpt":190,"category":11,"featuredImage":191,"publishedAt":192},"6a320f3b694667efd0f8300d","Inside the Trump Administration’s New AI Cybersecurity and Governance Push","inside-the-trump-administration-s-new-ai-cybersecurity-and-governance-push","The Trump Administration’s latest AI directives are reshaping how U.S. organizations think about cyber risk, compliance, and national security.[1][2] For security leaders, frontier models are now trea...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1614064641938-3bbee52942c7?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHx0cnVtcCUyMGFkbWluaXN0cmF0aW9uJTIwbmV3JTIwY3liZXJzZWN1cml0eXxlbnwxfDB8fHwxNzgxNjY1NTk1fDA&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-06-17T03:11:47.641Z",{"id":194,"title":195,"slug":196,"excerpt":197,"category":11,"featuredImage":198,"publishedAt":199},"6a2f7dd6ee4c77a2e4f20b46","OpenAI’s New Workforce AI Training: From Fundamentals to Agentic Workflows","openai-s-new-workforce-ai-training-from-fundamentals-to-agentic-workflows","Why OpenAI Is Launching Workforce AI Training Now  \n\nOpenAI has launched workplace-focused AI courses to close the gap between viral demos and everyday work tasks.[1] This reflects a broader shift fro...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1676299081847-824916de030a?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxvcGVuYWklMjBsYXVuY2hlcyUyMHdvcmtmb3JjZSUyMHRyYWluaW5nfGVufDF8MHx8fDE3ODE0OTczMDJ8MA&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-06-15T04:30:18.166Z",{"id":201,"title":202,"slug":203,"excerpt":204,"category":11,"featuredImage":205,"publishedAt":206},"6a2ceab630376196efeb9a91","Anthropic’s Mythos-Class Fable 5 Goes Public After a Controversial Private Rollout","anthropic-s-mythos-class-fable-5-goes-public-after-a-controversial-private-rollout","Anthropic’s move from a tightly controlled Mythos preview to the public release of Fable 5 reshapes how frontier models enter markets, regulation, and adversarial environments.[1][3]  \n\nFor enterprise...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1732304721505-7777969ce2da?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxhbnRocm9waWMlMjBwdWJsaWMlMjByZWxlYXNlJTIwbXl0aG9zfGVufDF8MHx8fDE3ODEzMjg1NjZ8MA&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-06-13T05:36:55.282Z",{"id":208,"title":209,"slug":210,"excerpt":211,"category":11,"featuredImage":212,"publishedAt":213},"6a29fb90bcf5996b53d54e47","Inside Apple’s WWDC 2026 Siri AI Overhaul and Software Integration","inside-apple-s-wwdc-2026-siri-ai-overhaul-and-software-integration","Apple used WWDC 2026 to center its entire software cycle on artificial intelligence. The headline is a fully reworked Siri AI, built on a new Apple Intelligence stack spanning iOS 27, iPadOS 27, macOS...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1621768216002-5ac171876625?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxhcHBsZSUyMHd3ZGMlMjBzaXJpJTIwbWFqb3J8ZW58MXwwfHx8MTc4MTEzNjI3Mnww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-06-11T00:13:24.601Z",["Island",215],{"key":216,"params":217,"result":219},"ArticleBody_EyQB5pjuvvHuuiRpWvTlclLMexZymdPixK2S0JqE0U",{"props":218},"{\"articleId\":\"6a3340d631a9d982bd893cc5\"}",{"head":220},{}]