Proofpoint Targets AI Agent Risks with Unified Security Platform

SAN FRANCISCO, CA – March 23, 2026 – As enterprises rapidly delegate tasks to autonomous AI systems, cybersecurity leader Proofpoint, Inc. today unveiled a suite of innovations aimed at securing the new “agentic workspace.” Announced at the RSAC Conference 2026, the company is integrating its email and data security portfolios to address the profound risks emerging from a world where both people and AI agents interact with critical business data.

The new capabilities merge the company's Secure Email Gateway (SEG) and API-based email protection into a single architecture, introduce AI-driven data access governance, and extend intelligent data discovery to on-premises systems. This unified approach is designed to provide visibility and control over a complex environment where AI agents can draft communications, access sensitive files, and take action at machine speed, fundamentally altering the enterprise risk model.

The New Frontier: Securing the Agentic Workspace

The term “agentic workspace” describes the evolving business environment where autonomous AI agents are no longer just tools but active participants, delegated to reason, plan, and act with minimal human oversight. This shift from deterministic, rule-based software to predictive, goal-driven AI introduces a new class of vulnerabilities that traditional security measures struggle to contain.

Industry analysts warn that these new risks are significant. Gartner predicts that by 2028, a quarter of all enterprise breaches will be traced back to the abuse of AI agents. The threats are unique and potent, including:

• Prompt Injection: Attackers can embed malicious instructions within emails, documents, or other data sources, tricking an AI agent into ignoring its safety protocols, executing unauthorized commands, or exfiltrating sensitive information.
• AI Agent Identity Compromise: AI agents function as powerful “non-human identities,” often with broad access privileges. If an agent's credentials are stolen or its logic is hijacked, it can be used to escalate privileges and move laterally across networks far faster than a human attacker.
• Autonomous Data Leakage: With the ability to read entire directories and databases to complete tasks, a compromised or poorly configured agent can autonomously exfiltrate massive volumes of data, creating breaches at an unprecedented scale.

This new reality demands a security posture that moves beyond verifying human identity and enforcing static access controls. It requires a deep understanding of behavior—both human and machine—to discern legitimate intent from malicious activity.

Proofpoint's Integrated Defense Strategy

To address these challenges, Proofpoint is combining its layered email defenses with AI-driven data governance on a single platform. The goal is to eliminate security blind spots and reduce the operational friction that plagues Security Operations Centers (SOCs).

“Email remains the front door to the enterprise, especially in environments where people and AI agents act on shared information,” said Tom Corn, executive vice president and general manager of the Threat Protection Group at Proofpoint. “As organizations delegate more operational decisions to AI systems, security must connect signals across detection layers to understand not just isolated events, but patterns of behavior and underlying intent.”

The company is integrating its two flagship email security solutions—Secure Email Gateway and API-based protection. The SEG provides perimeter defense, inspecting north-south traffic before it reaches user inboxes, while API-based protection monitors east-west internal email traffic and remediates threats post-delivery. By sharing threat intelligence and behavioral signals between these layers, Proofpoint aims to achieve what it claims is a 99.999% detection efficacy.

Beyond email, the new AI Data Access Governance capabilities provide a unified view of who and what can access sensitive data across cloud, SaaS, and on-premise environments. This allows security teams to identify and automatically remediate risks like over-permissioned AI agents, stale entitlements, and orphaned service accounts. To address persistent hybrid blind spots, the company is also extending its AI-native Data Security Posture Management (DSPM) to on-premises data stores, ensuring consistent discovery and classification of sensitive data wherever it resides.

“Data risk no longer sits in one place. It moves across cloud services, on-prem systems, human users, and AI agents,” said Mayank Chaudhary, executive vice president and general manager of the Data Security Group. “We’re bringing data access governance and hybrid DSPM together within a single platform so organizations can see where sensitive data lives, understand who and what can access it, and take action based on meaningful behavioral signals.”

A Crowded Field: The Industry Race to Secure AI

Proofpoint's announcement places it squarely in a competitive and rapidly accelerating race among major cybersecurity vendors to secure the agentic enterprise. The industry as a whole recognizes that the proliferation of autonomous AI is a critical inflection point for security.

Microsoft is aggressively pushing its Security Copilot and developing Agent 365 as a control plane for managing AI agent permissions and defending against AI-era threats. Similarly, Google Cloud is building an “agentic SOC” powered by its Gemini models and has fortified its position with the acquisition of Wiz. Other major players, including Palo Alto Networks with its agent-aware Prisma Browser and CrowdStrike with its endpoint-focused AI Detection and Response (AIDR), are also rolling out solutions to discover, monitor, and protect against rogue or compromised AI agents.

This industry-wide focus underscores the urgency and complexity of the problem. While each vendor is approaching it from its core strength—be it the endpoint, the network, or the cloud application stack—the common goal is to provide visibility and control over non-human identities and their unpredictable actions.

From Governance to Action: Reducing SOC Friction

For security teams on the front lines, the rise of AI agents represents a potential explosion in complexity. The number of non-human identities can quickly dwarf the number of human employees, creating an unmanageable number of alerts and access policies.

A key benefit touted by Proofpoint is the reduction of “console switching” and analyst fatigue. By unifying email security, data access governance, and DSPM into a single administrative workbench, the platform aims to streamline policy management, investigation, and response. This allows analysts to correlate activity across communication and data layers to build a more complete picture of a potential threat, whether it originates from a compromised human user or a hijacked AI agent.

This push for integrated governance also helps organizations align with evolving regulatory frameworks like the NIST AI Risk Management Framework and the EU AI Act, which increasingly require demonstrable oversight and auditability for AI systems that handle sensitive data. As organizations move from experimenting with AI to embedding it deeply within core business processes, the ability to secure and govern these autonomous agents will become a foundational element of their entire cybersecurity strategy. Proofpoint expects the new capabilities to be available in the second quarter of 2026.