Artificial intelligence is entering the workforce, raising a new question: Who protects AI agents? For that, agentic security could well be the answer.
If traditional human-centric security is focused on protecting people, their devices and their data, agentic security extends that model to digital counterparts. And human-centric models alone are no longer sufficient, according to Sumit Dhawan (pictured), chief executive officer of Proofpoint Inc. The company recently announced innovations that aim to solve four critical challenges through agentic security — including protecting AI assistants from targeted attacks.
“People, AI agents and assistants [will all be] working together,” he said. “These … announcements are to extend our human-centric security platform to human and AI agent centric security. Why? Because AI mimics humans, so AI risks are no different than humans. AI loses data. AI can mishandle data. AI loses credentials, AI can run malware and AI can have prompt engineering just like humans have social engineering. All of these four solutions are simply extending our human-centric security to human- and agent-centric security.”
Dhawan spoke with theCUBE’s John Furrier for theCUBE + NYSE Wired: Security in the AI Era interview series, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. Their discussion explored how chief information security officers are under new pressure to enable innovation and what agentic security means for the future of cyber defense.
Agentic security is a ‘must have’ for chief information security officers
What began as small experiments with AI agents has quickly become full-scale adoption. But this industry-wide shift in deployment also opens new attack surfaces for malicious actors, ranging from prompt injection to unauthorized data sharing. Agentic security must evolve alongside this reality and expand to cover both human and agent activity, Dhawan explained.
“You may have agents,” he said. “Now, you are telling the agents what to do. I’m an attacker. What can I do? I can attack you. I can attack your copilot, and I can attack your agents. Now if you have to secure your workspace, [it’s not just yourself], but also your copilot and agents.”
The recent capabilities Proofpoint announced involving data safeguards, agent controls, exploit protection and agentic defense highlight how quickly the security landscape is expanding. But for chief information security officers, that expansion comes with a mandate to enable AI rather than stand in its way. Nearly all enterprises will soon be running multiple AI agents, and vetting entirely new technologies is impractical. The path forward is extending existing, trusted platforms to secure AI without slowing adoption, according to Dhawan.
“Thirty-three percent of enterprises, they already have agents,” he said. “In the next 18 months, 93% of enterprises will have agents enabled. What [CISOs] are saying is, ‘If that’s the case, what security solution can I extend because I don’t have time to vet out a brand new tech?’”
This tension comes in a time where AI deployment is increasingly viewed as a business directive coming top-down from chief executive officers, rather than a purely technical decision from the CISO’s office. Therefore, a robust cybersecurity strategy must be reframed not as a brake on innovation, but as the mechanism that allows enterprises to safely accelerate, Dhawan added.
“Cyber is there not to stop innovation; it’s to innovate faster,” he said. “I think at this point in time, if I were to just qualitatively assess, cyber has to very quickly step up because by doing so, AI will go faster. That’s something that CEOs have to realize.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of theCUBE + NYSE Wired: Security in the AI Era interview series:
Photo: SiliconANGLE