BeyondTrust has announced expanded capabilities in its Pathfinder Platform aimed at managing privileged identities for AI agents used both on employee endpoints and as autonomous workloads in cloud and SaaS environments.
The company said the update is intended to address growing use of “agentic” AI systems that can make API calls, use credentials, deploy code and access sensitive data, often with elevated privileges. BeyondTrust cited research from its Phantom Labs unit claiming many enterprises are running “shadow” AI agents with privileged access that security teams cannot see or govern.
Marc Maiffret, BeyondTrust’s chief technology officer, said organisations should treat agentic AI as part of a broader non-human identity challenge rather than an isolated category, arguing that AI agents are interconnected with human identities, machine accounts, secrets and entitlements across environments.
BeyondTrust’s release outlined three areas of new capability:
- Endpoint privilege enforcement for AI clients operating on endpoints, using its Endpoint Privilege Management product to apply least-privilege and application-control policies.
- AI agent discovery and risk analysis through its Identity Security Insights product, including connectors across AI and enterprise platforms such as OpenAI, Google Vertex AI, Salesforce Agentforce, ServiceNow AI agents and AWS Bedrock. BeyondTrust said this supports discovery, classification, privilege mapping, risk scoring and detection of “shadow” AI agents.
- Secrets management for autonomous agents through its Password Safe product, which the company said can vault and rotate secrets and API keys and support just-in-time access.
BeyondTrust also claimed telemetry from organisations analysed through the Pathfinder Platform showed a 466.7% increase in enterprise AI agents over the past year, attributing part of the growth to low-code platforms and automation frameworks operating across endpoints, cloud infrastructure and SaaS applications.
Separately, BeyondTrust said its Identity Security Risk Assessment offering now includes visibility into AI agent risk. The company said the assessment can connect to enterprise identity and AI agent infrastructure “in under an hour” and deliver findings within 24 hours, including an inventory of AI agents, “shadow” AI detection, privilege path analysis and risk scoring mapped to MITRE ATT&CK.
