This weekly update highlights significant developments in AI agent security and data protection as companies rapidly deploy artificial intelligence workers alongside human employees.

Proofpoint, a leading cybersecurity company based in California, announced four major innovations to secure what they call the "agentic workspace". This new type of workplace has people and AI agents working side by side. The company's CEO, Sumit Dhawan, explained that protecting this workspace is the next step in human-centric security.

The biggest threat Proofpoint identified is email-based AI exploits. Hackers are now embedding malicious prompts in emails to trick AI assistants like Microsoft Copilot and Google Gemini. These weaponized messages use prompt injections to make AI agents give wrong information to users, confuse security systems, or even steal sensitive company data. Proofpoint's new technology will block these attacks before they reach email inboxes.

Proofpoint also launched Data Security Complete, a new solution that helps companies find, classify, and control their sensitive data across all systems. This includes protection for both human employees and AI agents. The company introduced something called Autonomous Custom Classifiers that can identify sensitive data with minimal human help.

Another major concern highlighted this week is the explosive growth of AI agent identities. According to research shared by the World Economic Forum, the number of non-human and agentic identities is expected to exceed 45 billion by the end of 2025. This is more than 12 times the number of humans in the global workforce. However, only 10% of business executives have a well-developed strategy for managing these AI workers safely.

The security challenge is complex because AI agents need access to company data to be effective. Companies want to give agents more access to make them more useful, but this also increases business risk. Hackers can manipulate AI agent behavior through prompt injection attacks, where they use tricky questions to make agents share private information.

Managing AI agent identities is fundamentally different from managing human employees. While humans use passwords, biometrics, or multi-factor authentication to prove who they are, AI agents rely on technical tools like API tokens or cryptographic certificates. AI agents also have dynamic lifespans, needing very specific permissions for limited time periods and often requiring access to sensitive information.

Security experts recommend three key areas for protecting AI agents. First is granular security policies to ensure agents don't share sensitive information and only have access for certain time periods. Second is interoperability standards like Model Context Protocol (MCP) that let agents connect securely with other AI systems. Third is comprehensive visibility to monitor agent activity and detect unusual behavior.

Splunk, owned by Cisco, announced they are adding agentic AI capabilities to their Enterprise Security platform. The goal is to help security defenders by unifying "detection, investigation, and response into a single, intuitive workspace". This aims to eliminate tool fragmentation and boost efficiency for security teams. The company emphasized balancing high autonomy for AI agents with maintaining human oversight and control.

Intuit, the company behind TurboTax and QuickBooks, made significant advances to their Generative AI Operating System (GenOS). They developed custom Financial AI models specifically trained on financial data that show 5% better accuracy and 50% faster performance compared to general-purpose AI models for accounting tasks. Intuit also added "expert-in-the-loop" capabilities that seamlessly connect human experts to AI agents when needed.

The rapid deployment of AI agents across business functions - from sales and customer service to research and finance - is creating new security challenges that organizations must address immediately. With proper identity controls and security measures implemented from the start, companies can safely harness the power of AI agents while protecting their sensitive data and maintaining customer trust.