SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Beyondtrust
#
Endpoint Protection
#
Digital Transformation
#
PAM

BeyondTrust expands Pathfinder to secure AI agents

Mon, 23rd Mar 2026
Author image
By Mark Tarre, News Chief

BeyondTrust has expanded its Pathfinder Platform with new tools to secure AI agents across endpoints, cloud infrastructure and SaaS applications. The update brings oversight of AI agent identities, privileges and secrets into a single system.

The changes cover AI tools employees use on desktops and laptops, as well as autonomous AI workloads running in enterprise systems. Pathfinder now applies endpoint privilege controls to AI clients, adds discovery and risk analysis for AI agents across several major platforms, and extends secrets management for the credentials and API keys those agents use.

The move comes as companies deploy more AI agents into day-to-day operations, often through low-code services and automation software. Those agents can initiate API calls, access sensitive data, deploy code and use credentials, expanding the identity and access management challenge for security teams.

Research from BeyondTrust's Phantom Labs unit found that most enterprises are running shadow AI agents with privileged access that security teams cannot see or govern. Telemetry analysed through the Pathfinder Platform also showed a 466.7% increase in enterprise AI agents over the past year.

Broader scope

A central part of the update is endpoint privilege enforcement for what BeyondTrust calls AI coworkers, including desktop AI clients such as Claude and ChatGPT. Its Endpoint Privilege Management product can restrict what those applications are allowed to do under policy, applying least-privilege controls and application rules on endpoints.

Another part of the rollout is agent discovery and risk analysis through Identity Security Insights. BeyondTrust says the service can discover, classify and audit AI agents across OpenAI, Google Vertex AI, Salesforce Agentforce, ServiceNow AI agents and AWS Bedrock. It is designed to show where agents are deployed, map their privilege paths and assign risk scores, while identifying unauthorised or poorly governed AI activity.

The company has also tied its Password Safe product more closely to AI workloads. The system is designed to store, rotate and control access to secrets used by autonomous agents, including API keys and other credentials that could become a route into broader systems if exposed or misused.

Identity risks

For security teams, the broader issue is that AI agents increasingly sit alongside human and machine identities rather than in a separate category. In many large organisations, machine and AI identities already outnumber human users, making visibility and entitlement control harder to manage across cloud services, internal directories and software platforms.

Marc Maiffret, Chief Technology Officer at BeyondTrust, said the company sees AI agents as part of a larger non-human identity challenge.

"Agentic AI is not an isolated problem. It's a subset of the broader non-human identity landscape," said Marc Maiffret, Chief Technology Officer, BeyondTrust.

"Organisations cannot secure agentic identities in a silo. These agents are interconnected with human identities, machine accounts, secrets, and entitlements across every environment. You need a platform that sees and secures the full spectrum, and that's what Pathfinder delivers. Simply put, to get agentic AI right, you need to get privileged identity right," added Maiffret.

That interconnectedness means a compromised AI agent could provide a path into identity providers, cloud infrastructure, SaaS systems and on-premises directories at the same time. As AI agents move from experimental projects into routine production use, privilege mapping and secrets control are becoming more important.

Assessment offer

As part of the launch, BeyondTrust has added AI agent risk analysis to its Identity Security Risk Assessment. The company says the assessment can connect to enterprise identity and AI agent infrastructure in under an hour and deliver findings within 24 hours, including agent discovery, shadow AI detection, privilege path analysis and risk scoring aligned to MITRE ATT&CK.

The Pathfinder Platform is part of BeyondTrust's broader effort to manage human, machine and AI identities under a single model. It integrates with more than 100 connectors across enterprise infrastructure and extends its focus beyond human administrators to service accounts, certificates, API keys and autonomous AI agents.

Maiffret said the key issue for security teams is understanding what those agents can reach once deployed.

"The question security teams should be asking isn't 'do we have AI agents?' You do," said Maiffret.

"The question is: what can they access, what secrets are they using, and what happens if one gets compromised? A single AI agent's blast radius can span your identity providers, cloud infrastructure, SaaS platforms, and on-prem directories all at once. Pathfinder maps those cross-domain privilege paths so you can see exactly how a compromised agent could escalate access across your entire environment," said Maiffret.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member