Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the ever-evolving landscape of AI, a new enabler has emerged that's quietly transforming how language models interact with the digital world: Model Context Protocol, or MCP. It may not be a household name yet, but if your organization is experimenting with AI agents, it's time to get acquainted. MCP is becoming the cornerstone of LLM integration - bridging the gap between isolated AI systems and the interconnected web of enterprise & client applications.

In the ever-evolving landscape of technology, the allure of AI tools and agents is undeniable. They promise enhanced productivity, innovative solutions, and a competitive edge. With more tools and platforms available that democratize the usage and creation of AI systems, there is a surge in AI tools that are being built, customized, and deployed for business operations. However, the gold rush for AI comes with significant risks that cannot be ignored.

More than 80% of Fortune 500 companies rely on ChatGPT Enterprise, not just as a productivity tool, but as a platform for building custom GPTs, leveraging knowledge files, and enabling collaboration through Canvas. As AI Agent adoption accelerates across every corner of the enterprise, business users are innovating faster than ever, often without security oversight.

While AI Agents introduce tremendous benefits to the enterprise, they are also automatically available to anyone to create, customize, and use. Similar to the citizen development revolution, as business users of all technical backgrounds are building and using powerful AI Agents to optimize productivity, there are distinct security and compliance risks that need to be accounted for.

As enterprises rapidly adopt AI Agents to enhance operations, the imperative for robust governance and security has never been clearer. We are pleased to announce Zenity's inclusion in Forrester's "The AI Governance Solutions Landscape, Q2 2025," recognizing leading vendors that assist enterprises in securing and governing their AI initiatives.

If you’ve started exploring how to secure AI agents in your environment (or even just reading about it), you likely already know that it’s not as straightforward as applying traditional AppSec practices. AI agents aren’t just another workload or API to monitor, they’re dynamic, semi-autonomous entities operating at the intersection of user intent, agent behavior, and enterprise systems. And not all AI agents are created equal or secure.

Microsoft Power Platform, specifically Power Automate and Copilot Studio, makes it easy for organizations to quickly build automations and AI agents. To keep them secure and compliant, Tenant Isolation is a critical feature designed to prevent unauthorized cross-tenant communication. However, in our latest research, we discovered a high-severity vulnerability that bypasses Tenant Isolation policies using the HTTP Connector - potentially exposing sensitive data and enabling unauthorized actions.

The AI Agent Security Summit 2025 brought together a vibrant community of security leaders, consultants, professionals, thought leaders, and vendors to discuss the unique security risks, obstacles, and solutions facing today's enterprises. The Summit was marked by an amazing turnout and engagement from the audience, presentations that centered around attack pathways, practitioner insights, and actionable solutions, and enlightening conversations that left attendees inspired and informed.

I recently had the fantastic opportunity to represent Zenity in a round of strategic discussions with legislative and policy leaders in Washington DC as a part of the OpenPolicy Coalition. Zenity has recently partnered with OpenPolicy and joined the ecosystem in the effort to bridge the gap between bleeding edge innovation and traditional policy.

AI Agents are not just another tech trend; they are fundamentally reshaping how enterprises operate. These autonomous systems are deeply embedded into workflows, making real-time decisions, executing tasks, and integrating across an organization’s most critical systems. With this shift comes an undeniable reality: enterprises are handing over operational control to AI-driven entities without the necessary governance and security frameworks in place.