The team that discovered the PleaseFix zero-click browser hijacking vulnerability just shipped GA runtime security for Microsoft Foundry agents — and the core pitch is simple: security that understands agent behavior, not just prompts.
Zenity, the end-to-end security platform for AI agents, announced general availability of inline runtime security controls for agents built on Microsoft Foundry on March 17, as part of an expanded Microsoft partnership.
The Problem: Risks Emerge at Runtime
As enterprises move AI agents from experimentation to production, the threat surface shifts from model development to real-time execution. Agents built on Foundry increasingly chain actions, invoke tools, and make decisions across enterprise systems — connecting to SharePoint, OneDrive, databases, SaaS platforms, and internal APIs.
Traditional security approaches — prompt filtering, post-execution logging — weren’t designed for this pattern. They evaluate isolated interactions, not the cascading decisions of an autonomous agent operating across multiple systems.
CTO Michael Bargury: “With agents, risks emerge and persist at runtime. This expanded partnership with Microsoft allows customers to build and run AI agents in production with confidence, with capabilities that block agent misuse in real-time, before data moves or tools execute.”
What Zenity Delivers
The integration sits natively in Foundry’s execution path, providing:
End-to-end runtime coverage across models, tools, data, and enterprise systems — not just the LLM layer.
Inline prevention for multiple threat classes:
- Sensitive data leakage
- Secret and credential exposure
- Jailbreak attempts
- Tool misuse (coming soon)
Agent-aware behavioral enforcement that evaluates decisions and chained actions — not isolated prompts. This is the key differentiator: an agent might pass every individual prompt filter while still executing a harmful sequence of steps.
Why This Matters for the RSAC Landscape
Zenity’s Foundry integration fills a specific gap in the emerging agent security stack. While Token Security governs what agents should do via intent-based identity, and CrowdStrike × NVIDIA embeds security in the agent hardware layer, Zenity operates at the application runtime layer — where agents actually connect to enterprise data and execute tool calls.
The company is positioned across three deployment models:
- SaaS agents (Microsoft Foundry, Copilot Studio)
- Home-grown agents (cloud-deployed custom agents)
- Endpoint agents (local AI agents on user devices — including OpenClaw)
Available now through the Azure Marketplace across IT, finance, healthcare, manufacturing, and public sector. Zenity has also achieved FedRAMP “In Process” status and AWS Marketplace availability for Amazon Bedrock platforms.
With 25+ agent security products launching around RSAC 2026, Zenity’s runtime-first approach — from the same team that keeps finding the vulnerabilities everyone else misses — deserves close attention.
Sources: Zenity · Microsoft Tech Community