Straiker Confronts AI's Silent Takeover with New Security Platform

SAN FRANCISCO, CA – March 23, 2026 – As enterprises race to deploy autonomous AI agents, a new and largely invisible threat is emerging from within their own systems. At the RSAC 2026 conference today, cybersecurity firm Straiker launched a new platform designed to pull this 'shadow AI' into the light, arguing that when it comes to these new digital workers, the agents aren't in danger; they are the danger.

The company unveiled Discover AI and an expanded Defend AI, a suite of tools that provide a security control plane for the coding assistants, productivity bots, and custom agentic platforms that are rapidly becoming essential infrastructure. The move addresses a critical gap that has left security teams blind to the activities of AI agents operating with broad access, growing autonomy, and almost no human oversight.

The Unseen Threat in the Enterprise

The adoption of AI agents has moved from experiment to essential at a pace that has outstripped security frameworks. Research shows that 85% of developers are now using AI coding tools, while a staggering 80% of organizations have already deployed AI agents into production environments without formal governance policies. This rapid integration is creating a vast, uncharted attack surface.

These agents, from coding copilots like GitHub Copilot to enterprise assistants like Microsoft Copilot and custom platforms on AWS, are not just tools; they are autonomous actors. They can chain commands, access production systems, query databases, and interact with internal tools, compounding risk at every step. Recent industry analysis has revealed critical vulnerabilities, with security labs demonstrating how agents from major tech companies can be hijacked through simple prompt injections, leading to data exfiltration, workflow manipulation, and user impersonation.

One report detailed how a compromised chat agent integration cascaded into a widespread breach affecting over 700 organizations, granting attackers access to Salesforce, Google Workspace, and cloud storage environments. This new reality is underscored by findings that 90% of organizations are loosening identity controls for AI to accelerate adoption, creating a perfect storm where powerful, autonomous agents operate with high levels of privilege but minimal accountability.

"Agentic AI is moving from experimentation to production at a pace that governance frameworks simply haven't caught up with," said Ken Buckler, research director at EMA, in a statement. He noted that attackers are shifting from a 'break-in' to 'log-in' strategy, adding, "the future of cyber threats is shifting towards politely asking an agentic AI for access."

A Control Plane for the Agentic Wild West

Straiker's announcement at RSAC aims to provide the visibility and control that enterprises are desperately lacking. The new platform is designed to function as a dedicated security control plane for this agentic ecosystem.

The first component, Discover AI, acts as a comprehensive census-taker for an organization's AI landscape. It automatically identifies and inventories all AI agents, their underlying Model Context Protocols (MCPs), and the tools they access. The platform scans for vulnerabilities against a database of over 12,000 known MCP issues, flags risky configurations like excessive permissions, and classifies agent interactions to give security teams a centralized view of where threats are concentrated.

The second, expanded component, Defend AI, provides real-time protection. Trained on millions of agent traces, Straiker claims the system can detect and respond to agentic threats with over 98% accuracy and sub-300 millisecond latency. Its key capabilities include:
* Runtime Action Tracing: Monitors agent actions in real time to detect malicious instructions, prompt injection, and unauthorized tool use as they happen.
* Data Exfiltration Prevention: Actively stops agents from leaking sensitive data or executing destructive commands before they can cause damage.
* Tool-Chain Risk Detection: Identifies and flags vulnerable or malicious integrations in the agent's supply chain.

Defend AI can be deployed in a passive monitoring mode via API integrations with major agent-builder platforms like Amazon Bedrock and Microsoft Copilot Studio, or as an inline gateway that can actively block malicious actions.

"As an industry, we're rebuilding how we operate with AI agents at the center," commented David Levin, CISO of American Express Global Business Travel. "As agents gain access to code, tools, and enterprise systems, the security stakes grow quickly. It's encouraging to see companies like Straiker focused on the protections needed to help enterprises adopt agents safely."

A New Framework for a New Class of Risk

The challenges posed by agentic AI are so unique that they have warranted a new security framework from the open-source community. The OWASP GenAI Security Project recently released its "Top 10 for Agentic Applications," which outlines novel risks that traditional security tools are not equipped to handle.

These risks include Agent Goal Hijack, where an attacker manipulates an agent's objectives through a poisoned document or malicious prompt, and Identity & Privilege Abuse, where an attacker exploits an agent's often over-provisioned permissions to move laterally across a network. Another critical risk is Tool Misuse, where a legitimate tool is used for malicious purposes by a compromised agent.

"Agentic AI represents a major shift in how software operates, moving from AI user assistants toward multi-agent systems that can plan, act and interact autonomously," said Scott Clinton, co-chair of the OWASP GenAI Security Project. He emphasized that addressing these rapidly evolving risks requires an open, community-driven approach to establish clear guidance.

Straiker's platform appears designed to directly address these OWASP-defined threats. Discover AI's inventory and observability features provide the necessary visibility to manage privilege, while Defend AI's runtime tracing is built to detect and prevent the very behaviors described in goal hijacking and tool misuse scenarios.

The Road to Adoption

While solutions like Straiker's offer a path forward, the road to securing enterprise AI will be fraught with challenges. The cybersecurity industry is already grappling with a severe talent shortage, with reports indicating two out of three organizations face critical skills gaps. Implementing a new layer of security for a novel technology like agentic AI will require new expertise that is in short supply.

Furthermore, integrating these solutions into complex, sprawling security stacks presents its own hurdle. Traditional firewalls and security tools were built to monitor human-to-app or app-to-app communication, not the fluid, context-driven interactions of autonomous agents. This forces a fundamental rethinking of security architecture.

Despite these obstacles, the cost of inaction is proving to be even higher. Breaches involving 'shadow AI' are already costing organizations hundreds of thousands more than typical incidents. For CISOs heading into a new era of cyber threats, the focus must shift from building higher walls to implementing intelligent, identity-centric governance for a new class of digital citizens that are already operating inside them.