Permiso Security, the unified identity security platform, today announced AI agent runtime security capabilities that give security teams the ability to discover every agent in their environment, managed or shadow, and maintain continuous visibility into agent runs, events, tool calls, and data access across agents, sub-agents, MCP servers, and the underlying infrastructure. Autodesk, a Fortune 500 design and engineering software company, is deploying the capabilities as launch customer.
Permiso extends unified identity platform to cover AI agents with runtime identity attribution and behavioral anomaly detection.
Autodesk deploys as launch customer for agentic AI identity security across products, workforce, and cloud infrastructure.
Platform discovers agents in Lambdas, containers, VMs that traditional identity tools cannot see.
Ties every run, event, tool call, and MCP invocation to specific human, non-human, or AI identity.
P0 Labs team discovered LLMjacking, cross-prompt injection vulnerabilities, and malicious AI agent skills.
Agentless, API-based architecture with no infrastructure changes required.
“Autodesk is investing significantly in AI across our workforce, infrastructure, and products. Permiso Security was already our security platform for Identities, so the natural next step was to partner with them for Agentic AI Identities. Permiso gave us the ability to discover agents across our environment, maintain a full registry, attribute actions to an initiating identity, and monitor all events, runs, and tool calls touching our systems. This is non-negotiable when you're securing enterprise AI at scale. In the agentic era, visibility and threat detection are what allows us to move fast.” - Sebastian Goodwin, Chief Trust Officer, Autodesk
Agents are making autonomous decisions, calling external tools and MCP servers, spawning sub-agents, and interacting with downstream data stores and systems at machine speed, often without human oversight. Most security teams cannot answer fundamental questions about their agent environment: how many agents are running, what identities they are using, what tools they are calling, or what data they are accessing.
Traditional identity providers lose visibility the moment an agent authenticates, and NHI security vendors are treating agents like static machine identities when agents actually behave more like humans in their credential usage, logging in as the users who deployed them and making context-dependent decisions in real time.
“The market is full of vendors claiming they can prevent AI agent security incidents. As someone who has spent decades in the security industry, I can tell you that's not possible. You are putting a deterministic capability on a non-deterministic brain. Agents will do things they were not supposed to do. The question is whether you have visibility into every run, every tool call, and every piece of data an agent touches to detect when it happens, and the controls to contain it. That is what we built.” - Jason Martin, Co-Founder and Co-CEO, Permiso Security
“Every enterprise we talk to is deploying AI agents. Almost none of them can tell us how many agents are running, what identities those agents are using, or what MCP servers they are calling. We are not asking customers to buy a new product. We are extending the platform they already trust to cover the fastest-growing and least-governed identity class in the enterprise.” - Paul Nguyen, Co-Founder and Co-CEO, Permiso Security
Agent and session discovery that inventories every AI agent, sub-agent, builder, model, and user across cloud, SaaS, IdPs, and code environments.
Identity attribution at runtime that ties every run, event, tool call, and MCP invocation to a specific human, non-human, or AI identity.
Tool, data, and infrastructure observability captures what tools an agent called, what MCP servers it connected to, what data it accessed, and what downstream systems it reached.
Runtime detection of over-privileged access, unused permissions, anomalous tool usage, policy violations, and high blast radius behavior.
Behavioral skill sandboxing of new and existing agent skills.
Identity-first controls including least privilege recommendations, approval gates for high-risk actions, and kill switches at machine speed.
Permiso's AI agent runtime security capabilities are available today for existing and new customers. The platform connects through agentless, API-based architecture with no infrastructure changes required.
Permiso Security is an identity security platform that discovers, protects, and defends against human, non-human, and AI identity threats across cloud and on-premise environments. The platform unifies and classifies identities across cloud and on-premise environments, assessing exposure risk and strengthening security posture before threats materialize. Permiso is the 2026 SC Award winner for Best Threat Detection Technology.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.