Proofpoint has announced a new product it says is designed to help organisations secure autonomous AI agents as they become embedded in business workflows and begin taking actions across internal systems at machine speed.
The company’s new offering, called Proofpoint AI Security, is positioned around “intent-based” protection—aiming to assess whether an AI agent’s behaviour matches the user’s original purpose, rather than focusing only on permissions, trusted devices, or allowed traffic.
In the announcement, Proofpoint said AI agents are increasingly able to perform actions that are technically authorised but “contextually inappropriate”, creating a governance and oversight gap for security teams.
The product is built on what Proofpoint calls the Agent Integrity Framework, which it said defines how an AI agent should operate “with integrity” and includes a five-phase maturity model intended to guide implementation from discovery to runtime enforcement.
Proofpoint cited risks including prompt injection attacks and “agentic privilege escalation”, arguing that existing security tools can observe traffic and access rights but often cannot evaluate the semantic content of AI interactions or whether actions align with original intent.
The company referenced research from Acuvity—an AI security firm it said it recently acquired—claiming 70% of organisations lack optimised AI governance and 50% expect AI-related data loss within 12 months.
Proofpoint said the new product provides control points across endpoints, browsers, and “MCP agent connections” to help organisations discover sanctioned and unsanctioned AI tools, observe prompts and responses, apply access controls, and enforce policies during live AI interactions.
Sumit Dhawan, Proofpoint’s CEO, said in a statement that security “must evolve” as AI becomes embedded in work, adding that traditional approaches were not designed to validate intent. Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, said AI agents should be held to the same integrity expectations as humans using business systems.
