From Helpful Assistants to Non-Deterministic Security Risks
Enterprises are rapidly deploying AI agents to write code, triage alerts and even execute changes across cloud infrastructure. Unlike traditional software, these systems don’t always respond the same way to the same input. Their non-deterministic behavior creates security gaps that existing controls—built for predictable, rule-based applications—struggle to cover. As agents gain permission to read sensitive data, call APIs and modify configurations, they become attractive targets. Prompt injection vulnerabilities are a particular concern: attackers can slip malicious instructions into documents, tickets or web content that an agent reads, quietly redirecting it to exfiltrate data or weaken defenses. Early mitigations such as human-in-the-loop review or a second model acting as a “judge” help, but they don’t scale well across dozens of autonomous tools in production. The industry is now racing to build agentic security systems that make AI behavior auditable, constrained and reliably safe inside enterprise boundaries.
CodeIntegrity’s Runtime Guardrails for Unruly AI Agents
Startup CodeIntegrity is betting that enterprises need something stronger than ad hoc review to rein in agents. After demonstrating how easily multiple vendors’ models could be tricked into exposing private information, the company secured a USD 5 million (approx. RM23,000,000) seed round to harden agentic AI. Its founders argue that the core issue is control: deterministic security policies are colliding with non-deterministic models. To reconcile the two, CodeIntegrity inserts a runtime control layer between agents and enterprise systems. This layer acts as both translator and filter, enforcing strict rules around which tools, data stores and operations an agent can access, regardless of how its underlying model behaves. By decoupling permissions from prompts, the approach aims to block prompt injection attacks that try to coerce agents into leaking credentials or tampering with workloads. The goal is permanent, machine-enforced guardrails rather than fragile, one-off patches around individual workflows.
IBM Pushes Agentic Security Earlier into the Coding Workflow
Major vendors are also reshaping their portfolios around AI agent security. IBM is extending its enterprise security program with offerings such as Concert and Secure Coder, along with autonomous defense tooling. Concert is designed to unify application, infrastructure and network signals so security teams see how AI-driven changes propagate across the stack, instead of chasing issues tool by tool. Secure Coder, available in development environments like Visual Studio Code, brings security checks directly into the moment developers write or modify code. It flags risky patterns, prioritizes issues by business impact and suggests automatic remediations inside the IDE, tightening feedback loops before vulnerabilities reach production. IBM’s participation in Project Glasswing ties these efforts to broader software infrastructure defense, positioning agent-aware protections as part of the foundation. Although benchmark and deployment data are still pending, the strategy reflects a shift toward embedding enterprise AI guardrails at the earliest stages of agent and application design.
Headless Cloud Security: Sysdig’s Agentic Defense for Runtime Threats
Sysdig is attacking the same problem from the runtime side, moving cloud-native application protection directly into AI coding agents and command-line tools. Its new headless cloud security model lets detection, investigation and response workflows run through interfaces such as Claude Code and Cursor instead of a fixed dashboard. That matters because breakout times are shrinking: recent research cited by Sysdig describes intrusions where attackers pivot from exposed credentials to cloud admin access in minutes, while broader industry reports show AI-enabled adversaries accelerating vulnerability exploitation. Sysdig’s approach leans on Falco-powered, kernel-level telemetry to give agents a high-fidelity view of container and cloud activity. Curated agent skills and trust boundaries limit what actions automated workflows can take, while keeping them auditable. By fusing deep runtime data with agentic security systems, Sysdig aims to let organizations remediate misconfigurations, prioritize vulnerabilities and investigate threats at “machine speed” without handing free rein to non-deterministic tools.
Toward Embedded Guardrails for Safer Agentic Workflows
Across these efforts, a pattern is emerging: security is being embedded directly where AI agents are built and operated. CodeIntegrity focuses on runtime controls that box in agents’ access to systems and data. IBM is pushing protections into development tools and unifying signals so humans can understand and govern autonomous changes. Sysdig is wiring cloud runtime telemetry straight into AI coding agents, enabling autonomous yet constrained responses to fast-moving threats. Collectively, these approaches acknowledge that non-deterministic security flaws cannot be managed solely with perimeter defenses or post hoc reviews. Instead, enterprises are turning to layered enterprise AI guardrails—policy-aware control planes, secure coding assistants and tightly scoped permissions—to contain prompt injection vulnerabilities and unauthorized actions. As more organizations experiment with autonomous remediation and threat hunting, the winners are likely to be those who treat agentic security as a first-class design requirement, not an afterthought bolted on around opaque models.