BeyondTrust has announced expanded capabilities across its Pathfinder Platform to deliver a unified approach to securing AI agent coworkers and autonomous AI workloads across cloud and SaaS environments. The update comes alongside new research from BeyondTrust Phantom Labs, which highlights the growing presence of shadow AI agents with privileged access that remain largely unseen by enterprise security teams.

AI agents are now operating as production workloads. They initiate API calls, use credentials, deploy code, and access sensitive data. In many cases, they are deployed quickly through low-code platforms with privileges that can match or exceed those of human administrators. As a result, machine and AI identities are increasingly outnumbering human identities in enterprise environments, expanding the privileged identity attack surface.

According to Marc Maiffret, Chief Technology Officer at BeyondTrust, agentic AI should not be treated as an isolated issue. He stated that organizations must secure agentic identities alongside human identities, machine accounts, secrets, and entitlements across environments. He emphasized that a unified platform is required to provide visibility and control across the full identity spectrum.

The Pathfinder Platform addresses both sides of the agentic AI challenge. It secures AI coworkers operating on endpoints as well as autonomous AI workloads running across cloud infrastructure and SaaS platforms. This approach aims to provide consistent enforcement and visibility across distributed environments.

The platform introduces several new capabilities. Endpoint Privilege Management enforces least privilege and application control for AI clients such as ChatGPT and Claude, ensuring actions remain within defined policies. Identity Security Insights delivers AI agent discovery, classification, posture auditing, privilege path mapping, risk scoring, and shadow AI detection across enterprise platforms, including OpenAI, Google Vertex AI, Salesforce Agentforce, ServiceNow, and AWS Bedrock.

In addition, Password Safe provides secrets management for autonomous agents. It vaults, rotates, and enforces just-in-time access for credentials and API keys used by AI workloads. Combined with Identity Security Insights, it enables end-to-end visibility from agent discovery to credential governance, reducing risks associated with static credentials.

Telemetry from Pathfinder Platform deployments shows rapid growth in enterprise AI agents. Organizations have recorded a significant increase in AI agent usage over the past year, often driven by low-code automation tools and cross-platform integrations. This growth has increased the complexity of managing identities across endpoints, cloud, and SaaS environments.

BeyondTrust noted that organizations must evaluate what AI agents can access and how they behave under compromise. A single compromised agent could potentially escalate access across identity providers, cloud infrastructure, SaaS platforms, and on-premises systems. The Pathfinder Platform is designed to map these privilege paths and identify potential attack routes across domains.

BeyondTrust’s Identity Security Risk Assessment (ISRA) also extends visibility into AI agent risk. The assessment integrates across enterprise identity and AI infrastructure, providing discovery, inventory, privilege path analysis, shadow AI detection, and risk scoring aligned with MITRE ATT&CK, along with remediation guidance delivered within a short timeframe.

BeyondTrust continues to position its Pathfinder Platform as a unified solution for managing human, machine, and AI identities, addressing the rising complexity of enterprise environments where agentic AI is becoming increasingly prevalent.

Related post

View all