Agentic Workspace Requires a Different Security Model
Traditional data security tools like DSPM or DLP were not built for a world where autonomous agents can click, share, and act just like people. Tim Choi, Group Vice President of Product Marketing at Proofpoint, explained why the company is taking a broader approach.“What makes our approach to securing people and AI agents unique is our breadth in technologies that understands what’s in the content, the behavior around the content, and also the context of all that is taking place,” Choi said. “That allows us to have great fidelity when it comes to understanding a data exfiltration event. This core fidelity can be applied to humans and also agents. As such, when an agent is mishandling data, we’re able to provide greater accuracy that something has happened.”
- AI exploit detection over email blocks malicious prompts before they reach inboxes, reducing the chance of corrupted AI outputs.
- Data Security Complete consolidates discovery, classification, lineage, insider threat detection, and remediation into a single platform. It helps organizations understand where sensitive data lives, who touches it, and how it moves.
- AI Data Governance adds controls for sanctioned and unsanctioned AI use, with policy enforcement to prevent data loss and privacy violations.
- Secure Agent Gateway, built on the Model Context Protocol (MCP), monitors AI agent activity and applies guardrails to control access, redact sensitive data, and enforce compliance.
Tackling the Governance Gap
The growth of sanctioned and unsanctioned AI tools has also opened new blind spots for enterprises. Without proper oversight, sensitive data can flow into applications beyond IT’s control. Choi pointed to visibility and remediation as the two biggest hurdles.“In the last six months we saw a four times increase in AI-assisted applications installed into cloud environments to help end users perform their work. This begs the question, ‘Do you have the visibility to see what data mishandling is taking place, through approved or sanctioned applications like Copilot or ChatGPT - or unsanctioned applications that a user may self-select and install without company approval?’”
'What Proofpoint AI Data Governance does is exactly what is needed by first off bringing that visibility to life. We are able to monitor and see the prompts, understand the intent behind the prompts, and stop any data from being revealed unintentionally. We’re able to remove these third-party applications that should not be within the environment - applications that have access to the data within your company,” Choi said.
Enabling Service Providers to Deliver Agentic Workspace Security
MSSPs and channel partners play a key role in how enterprises adopt new technology. With Proofpoint’s Secure Agent Gateway and Satori Agents, providers can now extend their offerings into agentic workspace security.“As MSSPs and service providers are working together with their customers to deploy and build out a customer’s agentic workspace with new agents that perform the work, Proofpoint AI Data Governance and Proofpoint Secure Agent Gateway could be an easy add-on or integrated solution to provide additional security to these agents,” Choi said.
