Proofpoint just made its move into AI agent security — and it came through an acquisition, not a feature drop.
The company acquired Acuvity, integrated its research, and launched Proofpoint AI Security: an intent-based solution that continuously verifies whether autonomous AI agents are doing what they’re supposed to do. The product shipped globally on March 17, timed perfectly for RSAC 2026.
Why Proofpoint Matters Here
Proofpoint protects email and data for most of the Fortune 100. That installed base is now deploying AI agents that interact with the same systems Proofpoint already secures — endpoints, browsers, SaaS platforms, and internal APIs.
The company’s thesis: AI agents share the same risks as humans. Both can be manipulated. Both can take actions that diverge from their intended purpose. But traditional security was never designed to validate intent.
CEO Sumit Dhawan: “Humans and AI agents share similar risks: both can be manipulated and both can take actions that diverge from their intended purpose, yet traditional security was never designed to validate intent.”
What Proofpoint AI Security Does
The product operates across endpoints, browsers, browser extensions, and MCP connections — meaning it sees agents where they actually interact with enterprise systems, not just at the model layer.
Core capabilities:
Intent-based detection. Analyzes the semantic context of agent actions in real time: is this behavior consistent with the user’s request, the organization’s policies, and the agent’s stated purpose? If not, flag it.
Agent Integrity Framework. Proofpoint introduces an industry-first framework defining what “agent integrity” means — essentially the agent equivalent of data integrity. An agent with integrity does what it’s supposed to do, nothing more, nothing less.
Five-phase maturity model:
- Discovery of AI tools (OpenAI, ChatGPT, Ollama, etc.)
- Posture assessment
- Policy definition
- Monitoring
- Runtime enforcement
This is designed so organizations can adopt incrementally without overhauling existing security. Start by discovering what agents exist, end with inline enforcement.
The Acuvity Research
Acuvity’s pre-acquisition research sets the stakes:
- 70% of organizations lack optimized AI governance
- 50% expect AI-related data loss within 12 months
These aren’t projections — they’re current state. The governance gap is real, measurable, and growing as agent deployment accelerates.
The Competitive Position
Proofpoint’s advantage is reach. The company already sits on the endpoint, in the browser, and in the email flow of most large enterprises. Adding agent security to that footprint means customers don’t need another vendor — they extend existing coverage.
EVP Ryan Kalember framed the ambition: “AI agents must be held to the same standard as humans.” That standard includes continuous verification, not just access controls at deployment time.
In the RSAC 2026 landscape, Proofpoint joins Token Security and Geordie AI as the third major player converging on intent-based agent security — each from a different angle: identity (Token), runtime monitoring (Geordie), and data/endpoint protection (Proofpoint).
The convergence tells you something: the industry has agreed on the problem. The question now is which enforcement layer becomes the control plane.
Sources: Proofpoint · SecurityBrief · Acuvity