Cequence Security, the leader in application, API, and Agentic AI protection, recently highlighted a significant convergence in the AI security industry.
In a striking show of consensus, three leading voices in AI security, Anthropic, Dr. Chase Cunningham, and Cequence Security, have independently converged on a shared conviction: the biggest risk with AI agents isn’t access, it’s what they do once they’re in. Anthropic’s recently published frameworks, Dr. Cunningham’s Agentic Zero Trust research, and Cequence’s AI Gateway architecture all emphasize the need to focus security efforts on controlling agent behaviour, not just authentication.
The key insight driving this convergence is that conventional security tools fixate on the login action, but for AI agents that can think, act, and cause damage autonomously, that’s guarding the wrong door. The real risk is an agent misusing legitimate access to take harmful actions, manipulate APIs, or exfiltrate data. That’s the security gap Cequence’s AI Gateway was purpose-built to close, by extending zero trust principles to cover not just who the agent is, but what it does.
“Most security teams are still trying to tackle AI risk with prompt detection and short-lived tokens – basically, really tight sign-in security. But that misses the point entirely. You can nail authentication and still get burned by an agent running amok inside the castle”, said Shreyans Mehta, CTO at Cequence Security. “Anthropic, Dr. Cunningham, and Cequence all recognised early on that the gamechanger is securing agent behaviour. Seeing the whole industry pivot hard toward that truth, toward the approach we baked into the AI Gateway from day one, is the ultimate validation. It crowns the AI Gateway as the new reference architecture for the space”.
“Traditional security controls focus obsessively on the front gate – who gets in. But with AI agents, the real damage happens after the front gate, through totally authorised channels”, said Dr. Chase Cunningham, a leading expert on Zero Trust security. “You have to extend zero trust inside, to cover not just authentication, but every action an agent takes. Cequence’s AI Gateway is a huge leap toward that goal, toward getting zero trust to fully cover the AI agent threat model”.
The behaviour convergence
Anthropic’s published frameworks, Dr. Cunningham’s research, and Cequence’s AI Gateway all recognise that for AI agents, authentication is necessary but nowhere near sufficient. Their core focus is on runtime behaviour: intercept, analyse, and tightly control what each agent is allowed to do, with what resources, in what context, with policy enforcement and threat detection at every step of every transaction. It’s a fundamental reframing of the AI security problem around agent actions, not agent identity.
They also agree that behavioural monitoring and policy enforcement must be dynamic and real-time, because AI agents can chain together individually legitimate steps into harmful patterns too complex to predict in advance. The line between good behaviour and bad must be redrawn constantly, reactively, in the moment.
Extending CIS controls to cover AI Agent behaviour
This convergence aligns with the guidance in the newly released Model Context Protocol (MCP) Companion Guide from the Center for Internet Security (CIS), which frames MCP as a critical control point for governing AI agent behaviour. The guide, published on April 20, 2026 and co-announced by CIS and Cequence, adapts the CIS Controls to cover the unique risks created when AI agents interact with enterprise tools, data, and systems.
“The CIS MCP Companion Guide defines what enterprises should do; the Cequence AI Gateway operationalises it”, said Mehta. “The guide calls for explicit tool-level permissions, auditable interactions, and real-time sensitive data protection. AI Gateway delivers by generating least-privilege agent personas, logging every API call, and applying DLP scanning to tool requests and responses. It takes the CIS framework from theory to practice”.
Why securing AI Agent behaviour matters now
AI agents are rapidly shifting from sandbox experiments to key players in production. They routinely access sensitive data, critical infrastructure, and powerful capabilities. Even carefully trained models can stitch together toxic patterns that evade static detection, while prompt-hacking techniques make it trivial to slip malicious instructions past login safeguards. Strict authentication matters, but it’s only the first line, not the front line.
At the same time, AI-powered attacks are drastically compressing threat timelines. What used to take adversaries months now takes hours. That means defenders have to spot and block threats in real time. Security must live where the agents live, at the level of API calls and data flows, in the moment, at machine speed.
Cequence’s AI Gateway delivers by extending zero trust security into the heart of agent operations – every API call, every data flow, every decision point, continuously analysed and gated by find-grained policy. Questionable agent actions are surfaced, scored, and blocked immediately, before damage is done.
Resources
Image Credit: Cequence
Source: Tahawul Tech