P0 Security Aims to Tame AI Agents with New Authorization Platform

SAN FRANCISCO, CA – February 24, 2026 – As enterprises race to deploy AI and automation, a new and largely ungoverned workforce of non-human identities is multiplying within their digital infrastructure. Addressing this burgeoning security blind spot, P0 Security today announced the general availability of its platform extension designed to manage and secure these autonomous entities. Unveiled at the NHAI Global Summit, the new offering extends the company's authorization control plane to service accounts, workloads, and the AI agents that represent the next frontier of enterprise productivity and risk.

This move signals a significant shift in the cybersecurity landscape, moving beyond human-centric security models to tackle the complex challenges posed by machines acting on behalf of humans. P0's platform aims to replace the dangerous default of long-lived, overly permissive credentials with ephemeral, least-privileged access that is granted and enforced in real-time. The goal is to ensure that as AI agents become more integrated into critical business operations, they do so within strict, auditable guardrails.

The Unseen Workforce: A New Security Frontier

In the modern enterprise, a vast and growing number of tasks are performed not by people, but by non-human identities (NHIs). These include service accounts that connect applications, workload identities in the cloud, and increasingly, sophisticated AI agents designed to automate complex workflows. While these NHIs drive efficiency and innovation, they have also created a massive, often unmanaged, attack surface.

Recent industry data paints a stark picture of the risk. According to one report, a staggering 66% of enterprises have suffered a cyberattack originating from a compromised non-human identity. The root of the problem often lies in permissions. Security analysts have found that up to 97% of non-human identities possess excessive privileges, granting them far more access than required for their designated tasks. This practice of granting standing, broad-stroke permissions creates a ripe target for attackers who, upon compromising a single service account, can gain sweeping access to sensitive systems and data.

“We don’t see agentic systems as introducing new identity problems so much as amplifying existing ones,” said Shashwat Sehgal, CEO and Co-Founder of P0 Security, in the company's announcement. “Our platform ensures that agents and other NHIs operate within the same access constraints as the human end-users that invoke them, enforcing accountability and policy alignment across every identity type in production.”

This amplification is precisely what security leaders are concerned about. Traditional Identity Governance and Administration (IGA) and Privileged Access Management (PAM) tools were architected for a world of human users logging into static servers. They often struggle to manage the sheer volume and dynamic nature of cloud-native workloads and AI agents, leading to what experts call 'secrets sprawl' and a dangerous lack of oversight.

From Detection to Prevention: A Shift in Authorization

P0 Security's approach represents a fundamental shift from reactive monitoring to proactive authorization. Instead of merely detecting a breach after an over-privileged account has been misused, the platform is designed to prevent unauthorized actions from ever occurring. It achieves this through what it calls an 'Authz Control Plane.'

This system operates on a principle of Zero Standing Privilege. By default, no identity—human or machine—has persistent access to sensitive resources. The platform continuously discovers all identities, including service accounts and AI agents, through native API integrations with cloud and developer platforms. It maps their potential access, flags risky configurations, and assigns an accountable human owner to each NHI.

When an automated process or AI agent needs to perform an action, it must request access. P0's control plane then dynamically evaluates the request at runtime against a set of policies based on identity, context, and business intent. If the request is approved, the platform grants a temporary, purpose-specific credential that expires the moment the task is complete. This just-in-time model drastically reduces the window of opportunity for attackers.

This methodology is already providing value in complex enterprise environments. “As we continuously anticipate what the business will need next, we have to enable agility in a way that doesn’t compromise security or operational resilience,” noted Michael Chan, Director of AI and IAM Security at CNA, in a statement. “P0 enabled us to scale our governance of non-human identities with automated, policy-driven controls; bringing service accounts, static credentials and their entitlements under the same disciplined guardrails we uphold for all privileged access.”

Taming the Agentic Enterprise

The launch's timing and venue—the NHAI Global Summit—are no coincidence. The event brings together industry leaders focused squarely on the cybersecurity challenges of non-human identities and AI. P0's announcement directly addresses the summit's central theme: how to enable AI-driven innovation without inviting catastrophic risk.

The platform's capabilities are purpose-built for the new agentic era. It integrates with major enterprise AI platforms, including AWS Bedrock, Google Vertex AI, and Microsoft Agentic Foundry, to intercept and authorize actions during real-time tool execution. This means that when an AI agent attempts to access a database, call an API, or modify a piece of code, P0's control plane acts as a gatekeeper, ensuring the action is aligned with the approved intent defined by its human owner.

This creates a clear chain of accountability. Every action taken by an AI agent can be traced back to a specific policy and a human-in-the-loop, transforming the 'black box' of AI operations into a transparent and auditable process. This allows organizations to move forward with deploying powerful automation with confidence, knowing that guardrails are built-in, not bolted on as an afterthought.

A Crowded Field for a Critical Problem

P0 Security is not alone in recognizing the urgency of the NHI security problem. The NHAI Global Summit itself, sponsored by a host of security firms including Entro Security, Akeyless, and Britive, highlights a vibrant and competitive market emerging around this challenge. The consensus among security experts is that identity has become the new perimeter, and the explosion of non-human identities has rendered traditional network-based defenses insufficient.

Established giants in the identity space, such as Okta, CyberArk, and Microsoft, are also rapidly evolving their platforms to better manage machine identities. However, many of these solutions are extensions of human-centric PAM or IGA architectures. P0 and other emerging players are betting that a new, identity-native architecture built from the ground up for dynamic, multi-cloud environments is required.

The industry is at a pivotal moment, shifting from a model of privileged accounts to one of privileged access. The challenge is no longer just about who has the keys to the kingdom, but about ensuring keys are only issued for the right reason, for the briefest possible moment. As enterprises become increasingly reliant on their autonomous digital workforce, the race is on to provide the foundational security and governance that will keep that workforce in check.