Exabeam has launched an open-source tool called Praxen, positioning it as a reference implementation for what it calls Agent Behavior Verification (ABV), a proposed security discipline aimed at assessing whether AI agents are appropriately configured, authorised and governed before they are deployed in production environments.
The company said ABV is intended to address a gap it sees in current approaches to AI agent security, which often focus on runtime monitoring and testing methods such as vulnerability scanning and red teaming. As organisations adopt AI agents for more autonomous tasks—accessing systems, invoking tools and executing workflows—Exabeam argues there is limited practical capability to verify pre-deployment readiness and alignment with intended responsibilities.
According to the release, ABV evaluates agents as complete systems rather than focusing solely on code artefacts or known vulnerabilities, with the aim of defining an agent’s authorised role and checking whether its implementation, permissions and controls match that purpose.
Exabeam said Praxen uses an “ABV remit”, described as a policy contract defining what an agent is authorised to do, which resources it can access, and the boundaries it must operate within. The tool is designed to help developers and operators verify whether an agent’s tools, configurations, memory, integrations and operating environment align with that remit. Exabeam said Praxen reports gaps between intended and implemented behaviour, provides recommendations, and produces an overall maturity score for an agent’s security posture.
“Organisations are rapidly moving from AI experimentation to operational deployment,” said Steve Wilson, Chief AI Officer at Exabeam and Founder and Co-Chair of the OWASP Gen AI Security Project. “As agents become digital workers, security teams need more than runtime visibility. They need confidence that agents have the right permissions, the right controls, and the right boundaries before they enter production. Agent Behavior Verification helps answer a fundamental question: will this agent do its job, and only its job?”
Exabeam described ABV as a pre-deployment component of a broader agent security strategy that also includes Agent Behavior Analytics (ABA), which it said is aimed at identifying anomalous or risky agent behaviour in production.
“Traditional security tools help identify vulnerabilities in software,” Wilson said. “Praxen evaluates something different: whether an agent’s capabilities, permissions, tools, and controls align with the role it was authorised to perform. This addresses one of the most critical risks introduced by highly autonomous agents and establishes a stronger foundation for ongoing governance throughout the agent lifecycle.”
The release also included an endorsement from Sherri Douville, CEO of Medigram, who said the tool helped highlight differences between the governance remit and an agent’s capabilities and provided a remediation path.
Exabeam said Praxen is released under the Apache 2.0 licence and is available at https://open-agent-ai-security.github.io/praxen/.
