Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Securing the Agentic Workspace: AI Security Strategy

Proofpoint
05/31/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


CEO of Proofpoint. Sumit, thank you so much for joining. Great to see you again. Well, thanks for having me. Now, we're speaking at a really interesting time. Generative AI is moving from experimentation to production inside enterprises. Why was this the right time for Proofpoint to acquire Acubity, and why now? You know, just like you said, AI is getting adopted. It's actually getting adopted really, really fast, both for experimental reasons, but also what we call this agentic workspace where humans and AI assistants and AI agents are working together. It's here in some shape or form. The problem that in this world all enterprises have is that this adoption of AI increases the surface area of risk, because AI works very different than other systems. It works like humans to some extent where you can't predict what AI will do to answer a question when it's given to it. So Acubity essentially provides three major value propositions to our customers. Firstly, it gives them control over what AI applications are sanctioned and which ones should not be used. Secondly, it gives our customers ability to see and observe and be able to have forensics of all the actions and interactions that any of the AI applications are having in the enterprise, because that visibility helps them ensure they have the right governance. And third, to really complete the story, it provides intent-based guardrails. What I mean by that is if an AI application or agent is built to do a single function, a role, then their behavior should not drift from that specific function. Their intent of every action and every interaction that they have with other AI applications or humans should be in the scope of the purpose that they were designed for. Any drift from the intent of any action, it's able to detect and put the required guardrails on it. That's very, very interesting for the enterprise customers, and we're seeing tremendous interest at this show from the announcement we made. It's interesting you say that because you speak a lot about securing the agentic workforce where agents and humans are interacting together, operating in the same space. Why is now the right time to put this in practice, and why is this a completely different approach to cybersecurity than we've seen in the past? Listen, the time is now because the AI activation is something that cyber teams should not stand in oppose of. It's an important business decision. 50% of CEOs are measured by their boards to go adopt AI at speed. The last thing that cybersecurity wants is to have reasons why it shouldn't be adopted. In fact, cybersecurity teams need to be prepared to put the right platform with the right guardrail so that AI can be adopted with speed. That's why time is now. Why it's different is when you think about other applications or systems or automations, what do they do? They have a very predictable pattern. There is a Boolean or an if-then logic to any of the other traditional automation. If this happens, then do this action. As a result, you can have a very predictable kind of pattern of how the information will flow from inside the enterprise to outside the enterprise or from one system to the other. In the network topology, that's called north-south or east-west, but there's a predictable pattern to it. As a result, traditionally enterprises have put controls with those patterns in mind. With AI, they act like humans. If I ask you a question and if I ask the same question to another human or even when I ask you the same question a month later, your pattern of thinking will be you're going to look for all the places you have access to information, whatever pertinent information is needed to answer the question. You go collect it and then you'll analyze it and craft a response. AI works the same way with language models, essentially seeking all the information it has access to, then analyzing it, and then responding to it. That basically creates no pattern, just like humans. In that world, you really need to assess the behavior and the intent of every interaction that you are having. Does it match the purpose the AI agent was built for? That's not what traditional systems do. They're very deterministic. And that's what we're excited about this. It kind of takes the insider risk aspect of controlling your human behavior and protecting malicious intent from human behavior to now putting the same degree of control over integrity of the behavior of AI agents. So we're extending this human-centric security risk that Proofpoint has always done for insider risk protection for humans, now extending it to insider risk protection for AI agents. So who actually owns the AI and the agent? Is it the executives? Is it at the board level? When you think about it strategically, who's the owner? I mean, I think to some extent, the adoption of AI will be driven all the way up to from the CEO with CDOs and even business owners wanting to do both business model transformation or business workflow transformation. Both of those are happening for either revenue or cost reasons. So the adoption of AI, I think, will become a business thing. But safeguarding of AI is going to become a governance thing. It happened when we moved to cloud where the governance aspect of how the data was stored in the cloud and the cyber risk of digital transformation ended up becoming a major topic of risk committees and whatnot in the boardrooms. And I do think that in the boardrooms now, the cyber governance of AI is only going to become a topic of center stage. It has to be. Right. Like you said, AI governance is a core focus for businesses across the board. With your acquisition, what differentiates this acquisition? Why now? I think our differentiation is centered on we're the only ones who are providing this intent-based protection. Almost all the solutions are designed for discovering the technology or providing technology at the network level. And in the world of AI security, there is going to be layers of protection for the full governance and control. You're going to have a layer of protection at the network and the infrastructure level. And then to complement that, you're going to need a layer of protection that's behavior and intent level. That's what we are focused on. And from our knowledge, we are the only solution that provides that level of protection. You're really completing the proof point platform with this acquisition. And it does complete the proof point platform because we have a platform that provides human centric security today. Many of our customers use it for protecting from outside threats and insider risk. While human risks and AI risks are very similar. Just like humans can be socially engineered, AI can be prompt engineered. Just like humans can lose data or credentials, AI can lose credentials and data as well. And so the behavioral protection that we have on humans with this acquisition and the new product announcement we have made is an extension of a platform to now be able to do human and agent centric protection via one single technology platform. That's a behavioral layer protection for cybersecurity. That's amazing. And so what does this mean for the future? Listen, I'm very excited. There is the pace at which the new technologies of AI agents are coming up is exciting. You know, for example, with what we have seen with Claude as new skills development, what happened last year with MCP, the way these AI technologies will continue to expand mechanisms to seek information and do analysis and inference are growing at a rapid pace. Our commitment to the marketplace is that with our platform, they're not going to have to purchase controls at each and every one of these new protocols and new technologies that emerge with AI agents. They're going to get a behavioral level protection that aggregates the signals for all the activities and interactions that AI agents are making regardless of both current protocols or new protocols and are aggregated to protect the holistic behavior of AI agents. And that to me is an exciting journey while obviously making sure that the two human and agent centric protection comes together. That for Proofpoint is the focus area for times to come. And I think it's an exciting time. It's such an exciting time. And finally, what does this mean for security teams, your customer security teams? You know, for customer security team, it's more important than ever before to really think about their overall security stack. Security stack over time, predominantly because of maybe cloud and mobile security where there was too many siloed tools and products that had to be procured. Now there's really four or five major platforms that are emerging, all power designed for both AI and humans. Are you going to do a network security, endpoint security, SOC automation, identity? Those are your four other platforms. And then fifth, what are you going to do for human behavior and both for external and insider risk, which is what Proofpoint focuses on. Now it's more important than ever to rely on your strategic providers across these five pillars and make sure we all work together to give the foundation of cybersecurity that works in the AI era. It's an interesting point, that strategy component, because security is no longer a tool, but it's actually embedded in the strategic infrastructure of a company. It totally is. I think it's become very important. The importance has gone all the way up to the boardroom. And I do think that the board and the business expect cybersecurity team to act in that fashion. Sumit, thank you so much for joining. It was great to see you again. It was great to see you. Thanks for hosting me. Thank you.

TL;DR

  • Proofpoint's Acuvity acquisition addresses the security gap created by the agentic workspace, where AI agents operate alongside humans with unpredictable, non-deterministic behavior that traditional pattern-based controls cannot protect.
  • The platform provides intent-based guardrails that monitor whether AI agents stay within their designed purpose, extending Proofpoint's human-centric security model to detect behavioral drift and prevent unauthorized actions.
  • AI security governance is now a boardroom priority, with 50% of CEOs measured on adoption speed, requiring security teams to enable rather than block AI deployment through proper platform-based controls.
  • The solution consolidates security around five strategic pillars—network, endpoint, SOC automation, identity, and behavioral protection—replacing fragmented tools with integrated protection that adapts to emerging AI protocols.
  • Proofpoint positions itself as the only vendor providing behavioral and intent-level protection for AI agents, complementing infrastructure-level controls with a layer that monitors the purpose and integrity of AI interactions.

The Agentic Workspace Challenge

Proofpoint CEO Sumit Dhawan addresses the fundamental shift occurring as generative AI moves from experimentation into production environments. The emergence of the agentic workspace—where humans and AI agents operate side by side—creates an expanded attack surface that traditional security models cannot adequately protect. Unlike conventional systems with predictable if-then logic, AI agents behave like humans, accessing information unpredictably to answer queries. This non-deterministic behavior eliminates the pattern-based controls that enterprises have historically relied upon, requiring a fundamentally different approach to cybersecurity governance.

Intent-Based Protection for AI Agents

The Acuvity acquisition enables Proofpoint to deliver three critical capabilities: control over which AI applications are sanctioned for enterprise use, complete visibility and forensics of all AI interactions, and intent-based guardrails that detect behavioral drift. This approach extends Proofpoint's human-centric security model to AI agents, recognizing that both can be compromised in similar ways—humans through social engineering, AI through prompt engineering. By monitoring whether an AI agent's behavior aligns with its designed purpose, the platform can identify and prevent malicious or unintended actions before they result in data loss or security breaches.

Strategic Security Architecture for the AI Era

Dhawan positions AI security governance as a boardroom-level concern, noting that 50% of CEOs are measured on AI adoption speed. Rather than opposing AI deployment, security teams must enable it through proper guardrails. He outlines a consolidated security stack built on five strategic pillars: network security, endpoint security, SOC automation, identity management, and human-agent behavioral protection. This platform approach replaces the fragmented tool sprawl of the cloud and mobile era, providing integrated protection that works across current and emerging AI protocols without requiring new controls for each technological advancement.

Chapters

0:00 - Introduction
0:26 - Acuvity Acquisition Rationale
2:36 - The Agentic Workspace
4:12 - Why AI Security Is Different
5:38 - AI Governance Ownership
6:40 - Intent-Based Protection Differentiation
8:13 - Platform Vision and Future
9:20 - Strategic Security Architecture

Key Quotes

0:40 "This agentic workspace where humans and AI assistants and AI agents are working together. It's here in some shape or form."
1:50 "It provides intent-based guardrails. What I mean by that is if an AI application or agent is built to do a single function, a role, then their behavior should not drift from that specific function."
3:02 "... 50% of CEOs are measured by their boards to go adopt AI at speed."
4:51 "In that world, you really need to assess the behavior and the intent of every interaction that you are having. Does it match the purpose the AI agent was built for? ..."
6:50 "We're the only ones who are providing this intent-based protection."

Categories:
  • » AI & Machine Learning
  • » Data Protection
Channels:
News:
Events:
Tags:
  • AI & Machine Learning
  • Security Operations
  • Compliance & Governance
  • Executive Briefing
  • Thought Leadership
  • AI Security
  • Agentic Workspace
  • Intent-Based Protection
  • AI Governance
  • Behavioral Security
  • Enterprise AI Adoption
  • Insider Risk
  • AI Agent Monitoring
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Securing the Agentic Workspace: AI Security Strategy

              XStreaminars (watch here)

              • Jul
                28

                Illumio + Netskope: Zero Trust in the Age of AI Autonomy

                07/28/202601:00 PM ET
                • Jul
                  29

                  Ask Your Cloud Anything: Unlocking Governance Silos in your Environments

                  07/29/202601:00 PM ET
                  More events

                  Industry Events (watch there)

                  • Jul
                    22

                    Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                    07/22/202601:00 PM ET
                    • Aug
                      19

                      Becoming Agent Ready: Insights from Cyera's Expertise

                      08/19/202612:00 PM ET
                      More events

                      Upcoming Webinar Calendar

                      • 07/21/2026
                        04:00 AM
                        07/21/2026
                        Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                        https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
                      • 07/22/2026
                        06:30 AM
                        07/22/2026
                        Insights and Strategies in Data Protection and Privacy Management
                        https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-in-data-protection-and-privacy-management/
                      • 07/22/2026
                        01:00 PM
                        07/22/2026
                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                        https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
                      • 07/28/2026
                        01:00 PM
                        07/28/2026
                        Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                        https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
                      • 07/29/2026
                        04:00 AM
                        07/29/2026
                        Real-Time Strategies for Safeguarding Against Prompt Injections
                        https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
                      • 07/29/2026
                        01:00 PM
                        07/29/2026
                        Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                        https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
                      • 08/19/2026
                        12:00 PM
                        08/19/2026
                        Becoming Agent Ready: Insights from Cyera's Expertise
                        https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
                      • 09/02/2026
                        12:00 PM
                        09/02/2026
                        Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                        https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
                      • 09/30/2026
                        04:00 AM
                        09/30/2026
                        AI Command Center: Optimizing Visibility and Control in Your Operations
                        https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/
                      Truth in IT
                      • Sponsor
                      • About Us
                      • Terms of Service
                      • Privacy Policy
                      • Contact Us
                      • Preference Management
                      Desktop version
                      Standard version