Cequence backs behaviour-based zero trust for AI agents

Cequence Security said Anthropic, Dr. Chase Cunningham and Cequence have aligned on a behaviour-based approach to securing AI agents. It described this convergence as a shift in how the industry defines zero trust for agentic AI.

The shared view centres on a simple point: the main risk from AI agents lies not in whether they can log in, but in what they do after access is granted. The work of Anthropic, Cunningham’s research and Cequence’s AI Gateway architecture all point to controls that monitor and restrict runtime behaviour rather than relying mainly on authentication.

That marks a departure from traditional cybersecurity practice, which has focused on verifying identity at the point of entry. With autonomous software agents, the concern is that an authorised system may still carry out harmful actions, misuse APIs or remove sensitive data through approved channels.

The issue is drawing more attention as businesses move AI agents from trial environments into live operations. These systems are being used with access to internal tools, sensitive datasets and production systems, raising the stakes if an agent behaves unexpectedly or is manipulated by malicious prompts.

Cequence said this environment requires zero trust principles to be applied continuously throughout an agent’s activity. In practice, that means checking the context of each action, limiting the resources available to the agent and enforcing policy at the level of individual transactions.

Shreyans Mehta, Chief Technology Officer at Cequence Security, set out that argument directly.

“Most security teams are still trying to tackle AI risk with prompt detection and short-lived tokens – basically, really tight sign-in security. But that misses the point entirely. You can nail authentication and still get burned by an agent running amok inside the castle,” said Shreyans Mehta, Chief Technology Officer at Cequence Security.

Mehta also pointed to what he sees as broader agreement across the sector.

“Anthropic, Dr. Cunningham and Cequence all recognised early on that the gamechanger is securing agent behaviour. Seeing the whole industry pivot hard toward that truth, toward the approach we baked into the AI Gateway from day one, is the ultimate validation. It crowns the AI Gateway as the new reference architecture for the space,” he said.

Security model

Cunningham, who has published research on what he calls Agentic Zero Trust, framed the problem in similar terms. In his view, established controls focus too heavily on the “front gate” and do not address what happens once an AI system is inside a network or application environment.

“Traditional security controls focus obsessively on the front gate – who gets in. But with AI agents, the real damage happens after the front gate, through totally authorised channels,” said Dr. Chase Cunningham, a leading expert on Zero Trust security.

“You have to extend zero trust inside, to cover not just authentication, but every action an agent takes. Cequence’s AI Gateway is a huge leap toward that goal, toward getting zero trust to fully cover the AI agent threat model,” Cunningham said.

The broader technical argument is that AI agents can combine a series of individually permissible steps into harmful or unintended outcomes. Because those patterns may only become visible as they unfold, static rules or one-off login checks may not be enough to stop them.

That is why the behaviour-based model emphasises real-time monitoring and intervention. Instead of treating access approval as the main control, the system applies checks throughout the session, looking at which tools are being called, what data is being requested and whether the sequence of actions fits policy.

CIS guidance

Cequence also linked this thinking to the Model Context Protocol Companion Guide from the Centre for Internet Security. The guide adapts the CIS Controls to address risks that arise when AI agents interact with enterprise tools, systems and information, and identifies the protocol layer as an important point for governance.

According to Cequence, the guide calls for explicit tool-level permissions, audit trails for interactions and real-time protection for sensitive data. It said those ideas align with the design of its AI Gateway, which creates least-privilege agent profiles, records API activity and inspects requests and responses for sensitive information.

Mehta drew a direct link between the policy framework and implementation.

“The CIS MCP Companion Guide defines what enterprises should do; the Cequence AI Gateway operationalises it,” he said.

“The guide calls for explicit tool-level permissions, auditable interactions, and real-time sensitive data protection. AI Gateway delivers by generating least-privilege agent personas, logging every API call, and applying DLP scanning to tool requests and responses. It takes the CIS framework from theory to practice,” Mehta said.

The debate comes as security teams face a faster threat environment shaped by AI on both sides. Cequence argued that attack timelines are shrinking sharply, making immediate visibility into API calls and data flows more important as organisations deploy agents into business processes.

Cequence said its platform protects more than 10 billion daily API interactions and 4 billion user accounts.