The rapid migration of generative AI from chat interfaces to autonomous agents that run directly on user workstations is reshaping enterprise risk profiles. A new study from Cyberhaven Labs shows that adoption of endpoint‑based AI agents has surged by 276 % over the past year, outpacing the growth of cloud‑hosted GenAI services by more than threefold. In the same period, the use of AI‑driven coding assistants on devices jumped from 20 % to 50 % of the workforce.
These “shadow agents” – AI programs that execute tasks without the oversight typically applied to traditional software – are creating a blind spot for security teams. While many organizations have begun to govern chat‑based tools, the same level of scrutiny has not been extended to the autonomous agents now embedded in everyday applications.
“AI is no longer just generating content, it is executing work,” said Nishant Doshi, CEO of Cyberhaven. “These agents have access to data, tools, and systems, operating with a level of autonomy the industry hasn’t seen before. Yet most governance programs still focus on what users type into AI, not on what AI agents are actually doing. Security can’t operate after the fact. It needs to operate in real time, at the point where AI is taking action.”
From Question‑Based Security to Action‑Based Guardrails
Traditional AI security solutions have been built around static queries such as:
-
- Who is accessing ChatGPT?
-
- Which datasets are being shared with Google Gemini?
Such checks are increasingly insufficient as the focus shifts from web‑hosted models to locally executed agents. Enterprises now need to answer operational questions:
-
- Which autonomous agents are active on each endpoint?
-
- What data streams are they tapping into?
-
- Which actions are they performing on behalf of users or systems?
Until now, there has been no unified mechanism to collect, analyze, and intervene in these processes.
Agentic AI Security: A Three‑Pillar Approach
Cyberhaven’s newly announced Agentic AI Security extends its existing unified AI & data security platform to the endpoint layer. The solution is organized around three core capabilities:
-
- Visibility – Automated discovery and inventory of AI agents, associated model‑control‑plane (MCP) servers, and network connections present on corporate devices.
-
- Observability – Continuous monitoring of agent behavior, capturing data access patterns, tool usage, and execution pathways.
-
- Controls – Real‑time enforcement of policies that can block or modify actions deemed risky, preventing data leakage or unauthorized operations at the moment they occur.
By integrating these functions, the platform aims to give security teams a live view of AI activity and the ability to intervene before any harmful outcome materializes.
Why Endpoint‑Centric AI Security Matters
The endpoint is fast becoming the primary execution environment for AI workloads, especially as organizations push AI capabilities to the edge for latency‑sensitive tasks such as code generation, document processing, and workflow automation. Relying solely on SaaS‑level telemetry or API logs leaves a substantial portion of agent activity invisible, exposing enterprises to:
-
- Data exfiltration through agents that can read and transmit sensitive files without detection.
-
- Privilege escalation when agents leverage locally stored credentials or system tools.
-
- Compliance gaps because regulatory audits often require evidence of data handling at the device level.
Cyberhaven’s offering positions itself as a countermeasure to these risks, promising a “control plane for AI execution” that can be integrated into existing security operations centers (SOCs) and zero‑trust architectures.
Market Implications and Competitive Landscape
The announcement arrives at a moment when several vendors are expanding their AI governance portfolios. However, most solutions remain focused on cloud‑native models and lack deep endpoint integration. By targeting the “shadow agent” problem, Cyberhaven differentiates itself with a niche that addresses a growing blind spot for large enterprises adopting AI‑driven automation.
Analysts predict that as AI agents become more capable—handling tasks ranging from code synthesis to automated decision‑making—the demand for endpoint‑level oversight will intensify. Cyberhaven’s move could spur other security providers to develop comparable capabilities, potentially leading to a new sub‑segment within AI security focused on autonomous agents.
Looking Ahead
Cyberhaven will showcase the Agentic AI Security platform at the upcoming RSA Conference, booth S‑1355, where it plans to demonstrate live detection and remediation of rogue agent activity. The company encourages organizations interested in fortifying their AI deployments to explore the solution further through its website.
