AI Agent Security capabilities for the Pragatix AI Firewall, part of the AGAT Pragatix suite.

The Challenge: When AI Interaction Becomes Action

AI is evolving from simple chatbots to autonomous agents — software that can access databases, send emails, execute code, and make decisions independently. While this unlocks significant productivity, it introduces a new attack surface that traditional security tools were not designed for:

• Shadow Agents: Organizations often don't know how many autonomous agents are running across their environments.

• Identity Gaps: Agents frequently share high-privilege credentials without oversight or granular access control.

• Runtime Blindness: Standard monitoring sees an API call, but can't distinguish a legitimate operation from a rogue agent exfiltrating data.

• Autonomous Risks: A compromised or manipulated agent (e.g., via prompt injection) can take destructive actions at machine speed.

Traditional security tools see API traffic. They don't see agent intent.

The Solution: AI Agent Security in the Pragatix AI Firewall

Pragatix is AGAT's product suite, encompassing an AI-powered platform with RAG capabilities and an AI Firewall that monitors and secures AI usage across the organization. The AI Firewall already protects employee interactions with AI services via proxy and browser extension. AI Agent Security extends this firewall to cover autonomous AI agents — adding discovery, identity management, inline protection, and a full audit trail for agentic AI.

Key Capabilities

1. Discovery and Inventory

Network Proxy

Automatically detect and catalog every AI agent operating across the organization.

• Passive Discovery: The AI Firewall detects agent traffic (LangChain, AutoGen, CrewAI, and others) passing through the proxy without requiring any agent-side changes. Discover shadow AI.

• Cloud Scanning: Identify AI services deployed across AWS, Azure, and GCP via API.

• Central Registry: A live, searchable inventory of every agent — including its owner, connected tools, data access, and risk score.

2. Identity and Credential Shielding

Agent Proxy

Agents never hold real credentials. They can't leak what they don't have.

• Surrogate Credentials: Each agent is issued a proxy token instead of actual API keys or service account secrets.

• Just-in-Time Credential Injection: The AI Firewall intercepts the outbound request, validates the surrogate token and the intended action (URL, HTTP method, command), and only then injects the real credentials (e.g., Bearer token, AWS key) into the request before forwarding it to the destination.

• Zero Leakage Risk: Even if an agent is compromised and dumps its environment variables or logs, it only reveals disposable proxy tokens. Real infrastructure secrets remain in the firewall's secure vault and are never exposed to agent code.

3. Real-Time Protection and Firewalling

Agent Proxy / Network Proxy

Inline inspection and enforcement on every agent request.

• Inbound Prompt Injection Defense: Detect and block attempts to manipulate agent instructions or override system prompts.

• Data Loss Prevention (DLP): Context-aware scanning prevents agents from leaking PII, secrets, or intellectual property in their outputs.

• Kill Switch: Instantly revoke an agent's access and block all its traffic if a compromise is detected.

4. Adaptive Learning and Enforcement

Automated policy generation based on observed real-world usage.

• Learning Mode: When enabled, the AI Firewall observes and records an agent's standard behavior — the URLs it calls, the HTTP methods it uses (GET, POST, PUT, DELETE), data volumes, and access patterns.

• Enforce Mode: Once the baseline is established, switch to enforcement. Any request that deviates from the learned baseline is automatically blocked.

• Practical Example: A Support Bot that normally only reads ticket status will be blocked if it suddenly attempts to delete tickets, access unrelated databases, or export bulk customer data.

5. Governance and Compliance

Complete audit trail for every agent action.

• Immutable Audit Logs: Every decision, prompt, response, and action is logged to an append-only store for forensics and compliance (SOC2, GDPR, EU AI Act).

• Human-in-the-Loop Approvals: High-risk actions (e.g., data deletion, external API calls) can be held by the firewall and routed to a human approver via Slack, Teams, or webhook before execution.

6. MCP (Model Context Protocol) Security

Secure the connections between AI agents and external tools and services.

MCP is becoming the standard interface for AI agents to interact with databases, APIs, and SaaS tools. It also introduces new attack vectors: token theft, tool poisoning, shadow MCP servers, and excessive permissions. The AI Firewall addresses this from both sides:

For organizations using MCP-connected agents:

• MCP Traffic Inspection: All MCP client-to-server communication is routed through the AI Firewall, where tool calls, parameters, and responses are inspected in real time.

• Tool Allowlisting: Define which MCP tools an agent is permitted to call. Block access to unauthorized or unvetted MCP servers.

• Token Shielding: OAuth tokens used by MCP servers to access downstream services (Gmail, Drive, databases) are stored in the firewall's vault — never exposed to the agent or MCP client.

• Shadow MCP Detection: Discover unauthorized MCP servers deployed by developers without security review.

For providers offering MCP services:

• Inbound Request Validation: The AI Firewall acts as a gateway in front of your MCP server, validating that incoming agent requests have proper authentication, are within allowed scopes, and are free from injection payloads.

• Rate Limiting and Abuse Prevention: Protect your MCP endpoints from excessive or anomalous usage by connected agents.

• Audit and Compliance: Provide your customers with a verifiable audit trail of every tool invocation made against your MCP service.

How It Works

The AI Firewall is designed for minimal deployment friction, building on AGAT's existing proxy and browser extension infrastructure already deployed as part of the Pragatix suite.

1. Proxy Integration: The AI Firewall operates on the existing network traffic layer — no agent-side code changes required for basic protection.

2. Traffic Classification: Protocols and payloads are analyzed to distinguish human traffic from agent traffic automatically.

3. Inline Enforcement: Policies are evaluated and enforced in milliseconds, blocking unauthorized actions without impacting legitimate workflows.

Why AGAT

• Proven Foundation: The Pragatix AI Firewall is already deployed and protecting enterprise AI usage via proxy and browser extension. Agent security is a natural extension of this infrastructure.

• Part of a Complete Suite: Pragatix combines AI-powered RAG capabilities with security — providing both the platform to build with AI and the firewall to secure it.

• Immediate Visibility: Full agent inventory within minutes of deployment.

• Non-Intrusive: Works without requiring developers to modify agent code.

• Extensible: Built to support multi-agent systems and evolving agentic AI frameworks.