AppViewX launches agent identity security for enterprises

AppViewX has launched Agent Identity Security, now in private preview for qualified enterprises.

The product is part of the company's existing platform and is designed to discover, govern, secure and monitor AI agents across an organisation. It extends AppViewX's work in machine identity and public key infrastructure into AI agent security, using a single control plane for machine and agent identities.

The launch comes as security teams face two pressures at once: the spread of autonomous AI agents inside corporate systems and the need to prepare cryptographic systems for the impact of quantum computing. AppViewX argues that existing identity and trust models were designed before the large-scale use of autonomous software agents and are not suited to a post-quantum environment.

Agent Identity Security targets areas that have emerged as new management and security challenges for companies adopting agentic AI. These include maintaining an AI Bill of Materials, overseeing MCP tools used by agents, and addressing the non-deterministic behaviour that can make AI systems harder to predict and audit.

Governance focus

According to AppViewX, the product continuously discovers agents, their large language models, connected tools, credentials and configured identities across different agentic platforms. It also creates a centralised inventory intended to give security teams visibility into what it describes as shadow AI blind spots.

The product also applies policy-based governance across an organisation's AI agents, with support for frameworks and regulations including NIST AI RMF, the EU AI Act, SOC 2 and SEC cyber disclosure rules. It is designed to assess agent posture, detect configuration drift and produce audit evidence for internal governance and external reporting.

Another feature is task-based access control, which limits what an agent can access based on its role. The product integrates with existing privileged access management and identity and access management tools so policies can be enforced consistently across human and non-human identities.

AppViewX has also included threat detection features aimed at spotting unusual agent behaviour and AI-related identity threats in real time. A component called Guardian Agent is intended to provide context-aware remediation guidance.

Market pressure

Businesses have been grappling with a rapid increase in non-human identities for several years as automation, cloud services and connected applications have expanded. The growth of AI agents adds another layer, as these systems can act autonomously, access sensitive data and interact with enterprise tools with limited direct human supervision.

That has raised concerns among Chief Information Security Officers about how to authenticate, authorise and monitor these systems, particularly when agents can trigger actions across multiple applications. Security leaders are also under pressure to show that governance controls can meet regulatory and audit requirements.

At the same time, organisations are assessing how quantum computing could weaken widely used cryptographic methods. That has pushed public key infrastructure and certificate lifecycle management higher up the technology agenda, especially for companies preparing identity systems for post-quantum standards.

AppViewX is positioning its latest product around that overlap, arguing that AI agent governance should be built on a native PKI foundation rather than added later as a separate layer. The company has worked in certificate lifecycle management and machine identity for a decade and is now using that background to expand into agent security.

"AI agents have become the largest workforce most enterprises never hired, operating autonomously across sensitive infrastructure with broad access and minimal oversight," said Archit Lohokare, Chief Executive Officer, AppViewX. "This new class of identity will lead to incredible innovation if governed appropriately for the post-quantum era. Agent Identity Security gives enterprises the visibility, governance, and threat detection to deploy AI agents at scale, without trading speed for security."

Outside analysts say the issue is becoming more urgent as companies roll out AI systems faster than their control frameworks evolve. The challenge is not only to identify agents in use, but also to understand which tools they can call, what credentials they hold and whether their permissions remain appropriate over time.

"Enterprises are deploying AI agents faster than they can govern them, and that identity security gap creates considerable business risk," said Todd Thiemann, Principal Analyst, Omdia. "AppViewX is taking the right architectural approach with Agent Identity Security. Grounding agent governance in a native PKI foundation gives enterprises the cryptographic depth needed to tackle both the AI and the quantum computing challenge in one motion, rather than bolting on solutions after the fact."

John Barrow, Chief Information Security Officer at JB Poindexter & Co, said he had worked with AppViewX on the product. "AI agents are a new identity group, and their rapid proliferation creates new risks for the enterprise. To reduce risk, we must monitor, audit, and control their privileged access to sensitive data and systems. We must ensure their lifecycle is automated and governed," he said. "I've been collaborating with the AppViewX team, and their innovative Agent Identity Security solution is the right response for reducing the risk of agents in the enterprise."