Astrix Expands AI Agent Security Platform to Govern Shadow and Enterprise Agents
What Happened — Astrix Security announced a major upgrade to its AI‑agent security platform, adding four discovery methods that surface both sanctioned and “shadow” AI agents across the enterprise stack and enforce policy on their access to resources. The solution now integrates with major AI platforms (Microsoft Copilot, Amazon Bedrock, Google Vertex, OpenAI, Salesforce Agentforce), fingerprints non‑human identities, leverages endpoint and network telemetry, and supports custom “bring‑your‑own‑service” integrations.
Why It Matters for TPRM —
- AI agents are being deployed in minutes, outpacing traditional third‑party risk review cycles and creating blind spots.
- Uncontrolled agents can obtain privileged credentials and access critical systems, introducing supply‑chain‑style risk.
- Visibility without enforcement leaves organizations exposed; Astrix’s platform offers both discovery and policy enforcement in a single pane.
Who Is Affected — Enterprises that adopt AI assistants, copilots, developer agents, or custom automation across any industry; SaaS providers offering AI services; MSPs managing client environments with AI workloads.
Recommended Actions —
- Review current AI‑agent inventory and compare against Astrix’s discovery capabilities.
- Validate that existing third‑party risk frameworks include AI‑agent governance and enforce policy on non‑human identities.
- Pilot Astrix’s platform (or a comparable solution) in a controlled environment to assess detection coverage and policy enforcement.
Technical Notes — The platform uses four discovery methods: direct AI‑platform integrations, non‑human‑identity fingerprinting, sensor telemetry from EDRs and network devices, and a BYOS extension for custom services. It maps agents, MCP servers, and associated credentials, enabling real‑time policy enforcement. No specific CVEs or vulnerabilities are disclosed. Source: Help Net Security