Cequence Security said Anthropic, Dr. Chase Cunningham and Cequence have aligned on a behaviour-based approach to securing AI agents. It described this convergence as a shift in how the industry defines zero trust for agentic AI.

The shared view centres on a simple point: the main risk from AI agents lies not in whether they can log in, but in what they do after access is granted. The work of Anthropic, Cunningham’s research and Cequence’s AI Gateway architecture all point to controls that monitor and restrict runtime behaviour rather than relying mainly on authentication.

That marks a departure from traditional cybersecurity practice, which has focused on verifying identity at the point of entry. With autonomous software agents, the concern is that an authorised system may still carry out harmful actions, misuse APIs or remove sensitive data through approved channels.

The issue is drawing more attention as businesses move AI agents from trial environments into live operations. These systems are being used with access to internal tools, sensitive datasets and production systems, raising the stakes if an agent behaves unexpectedly or is manipulated by malicious prompts.

Cequence said this environment requires zero trust principles to be applied continuously throughout an agent’s activity. In practice, that means checking the context of each action, limiting the resources available to the agent and enforcing policy at the level of individual transactions.

Shreyans Mehta, Chief Technology Officer at Cequence Security, set out that argument directly.

“Most security teams are still trying to tackle AI risk with prompt detection and short-lived tokens – basically, really tight sign-in security. But that misses the point entirely. You can nail authentication and still get burned by an agent running amok inside the castle,” said Shreyans Mehta, Chief Technology Officer at Cequence Security.

Mehta also pointed to what he sees as broader agreement across the sector.

“Anthropic, Dr. Cunningham and Cequence all recognised early on that the gamechanger is securing agent behaviour. Seeing the whole industry pivot hard toward that truth, toward the approach we baked into the AI Gateway from day one, is the ultimate validation. It crowns the AI Gateway as the new reference architecture for the space,” he said.

Security model

Cunningham, who has published research on what he calls Agentic Zero Trust, framed the problem in similar terms. In his view, established controls focus too heavily on the “front gate” and do not address what happens once an AI system is inside a network or application environment.

“Traditional security controls focus obsessively on the front gate – who gets in. But with AI agents, the real damage happens after the front gate, through totally authorised channels,” said Dr. Chase Cunningham, a leading expert on Zero Trust security.

“You have to extend zero trust inside, to cover not just authentication, but every action an agent takes. Cequence’s AI Gateway is a huge leap toward that goal, toward getting zero trust to fully cover the AI agent threat model,” Cunningham said.

The broader technical argument is that AI agents can combine a series of individually permissible steps into harmful or unintended outcomes. Because those patterns may only become visible as they unfold, static rules or one-off login checks may not be enough to stop them.

That is why the behaviour-based model emphasises real-time monitoring and intervention. Instead of treating access approval as the main control, the system applies checks throughout the session, looking at which tools are being called, what data is being requested and whether the sequence of actions fits policy.

CIS guidance

Cequence also linked this thinking to the Model Context Protocol Companion Guide from the Centre for Internet Security. The guide adapts the CIS Controls to address risks that arise when AI agents interact with enterprise tools, systems and information, and identifies the protocol layer as an important point for governance.

According to Cequence, the guide calls for explicit tool-level permissions, audit trails for interactions and real-time protection for sensitive data. It said those ideas align with the design of its AI Gateway, which creates least-privilege agent profiles, records API activity and inspects requests and responses for sensitive information.

Mehta drew a direct link between the policy framework and implementation.

“The CIS MCP Companion Guide defines what enterprises should do; the Cequence AI Gateway operationalises it,” he said.

“The guide calls for explicit tool-level permissions, auditable interactions, and real-time sensitive data protection. AI Gateway delivers by generating least-privilege agent personas, logging every API call, and applying DLP scanning to tool requests and responses. It takes the CIS framework from theory to practice,” Mehta said.

The debate comes as security teams face a faster threat environment shaped by AI on both sides. Cequence argued that attack timelines are shrinking sharply, making immediate visibility into API calls and data flows more important as organisations deploy agents into business processes.

Cequence said its platform protects more than 10 billion daily API interactions and 4 billion user accounts.

Emma Reynolds is understood to have written to water regulator Ofwat on Monday warning the current bid tabled by Thames Water creditors would place an “undue burden” on customers.

The Government’s misgivings over the deal comes as Ofwat is said to have been close to accepting the offer from bidding consortium London & Valley Water, which has proposed injecting £10 billion into debt-laden Thames Water in return for any new fines over sewage leaks being waived for four years.

READ MORE: Thames Water ‘would need to pay £749m’ under controversial deal

Thames Water – Britain’s biggest water supplier with 16 million customers – is hoping to secure the deal to stave off temporary nationalisation after being left close to collapse by nearly £20 billion of debt.

It has also faced a series of hefty fines for its poor environmental performance in recent years.

A rescue bid by creditors is seen as the final realistic option on the table to avoid being placed into the Government’s so-called special administration regime after a previous rescue deal with US private equity giant KKR collapsed in May last year.

Administrators have already been lined up to step in if needed.

Ms Reynolds’s criticism of the deal centres on concerns that customers will lose out under the creditors’ offer, according to The Times, which first reported the details of the letter.

It is thought she raised worries that the creditors’ proposal was “weak”.

But the Government has repeatedly said it prefers a “market solution” over temporary nationalisation.

Ofwat and the Department for Environment, Food and Rural Affairs have been approached for comment.

The letter from Ms Reynolds comes in a difficult week for Prime Minister Sir Keir Starmer, with Andy Burnham – the mayor of Greater Manchester – hoping to win the Makerfield by-election on Thursday, which would pave the way for him to launch a leadership challenge.

Mr Burnham recently signalled he could bring in a 10-year plan to renationalise the water industry, saying reform is needed to put the public interest first.

A spokesman for Thames Water said: “We remain of the view that a market-led solution is the best way to secure the long-term stability needed to continue improving performance and advancing our turnaround plan, for the benefit of customers, the environment and our stakeholders.

“Our priorities remain on providing safe, resilient services for customers, supporting our colleagues and working closely with suppliers, government and regulators.”

It had been expected that the Government would give its backing to the Thames Water takeover this summer, with the utility fast running out of cash and said to be facing collapse within months if a deal is not forthcoming.

London & Valley Water’s proposed deal would see it inject £3.35 billion of new equity into Thames Water and up to £6.55 billion in new debt.

But it is said that Thames Water would also have to pay nearly £750 million to its creditors, lawyers and advisers as part of the restructuring.

TWM Solicitors has deployed 10ZiG thin client devices across its offices as part of a migration to Microsoft Azure Virtual Desktop. The rollout covers about 240 devices for the Surrey law firm’s 240 staff across three sites.

The project was part of a broader overhaul of the firm’s desktop and back-end systems, carried out by a four-person IT team over several months. Alongside the move from Microsoft Remote Desktop Services to Azure Virtual Desktop, the firm shifted back-end infrastructure into Microsoft Azure, upgraded to Microsoft 365, introduced new practice management software and rolled out dual monitors across desks.

For the firm, the move marked a shift away from on-premise systems towards cloud and software-as-a-service tools. The aim was to reduce capital spending, move to a more predictable operating cost model and simplify the delivery of new technology services to staff in the office and at home.

Azure Virtual Desktop became the main desktop virtualisation platform, reflecting the firm’s use of software built largely within the Microsoft environment. Session hosts are provisioned from a single image applied across endpoints, giving the firm centralised patching, tighter security controls and the option to rebuild infrastructure if needed.

Nerdio manages the scaling of session hosts during the day, allowing the firm to match computing use to demand. The approach is designed to avoid paying for unused cloud compute.

Endpoint overhaul

The desktop migration also required new endpoint hardware. TWM wanted devices that could support dual 24-inch monitors, run Windows drivers for SpeechWrite digital dictation software and be managed remotely across sites.

The firm sourced the devices through Softcat, a reseller it has worked with for more than a decade, and after a trial bought about 240 units running Windows IoT LTSC. The devices are configured to open Azure Virtual Desktop sessions and hold no local user data, so failed units can be replaced without data recovery or software reinstallation.

Alan Barrett, Head of IT at TWM Solicitors, outlined the technical requirements behind the decision. “Our requirements were clear: new desktop hardware needed to drive dual 24-inch monitors at full resolution, support Windows drivers for our SpeechWrite digital dictation software and provide a robust, centralized remote management platform to keep devices updated without requiring physical site visits,” he said.

The endpoints are also set up to handle Microsoft Teams and Zoom calls running within Azure Virtual Desktop by using local device resources where needed. That was important for a legal practice with staff working in a hybrid pattern and relying on voice and video tools as well as dictation software.

Barrett said the shift changed the role of the desktop device rather than reducing its importance. “When we moved to AVD, the endpoint became both less important and more critical at the same time,” he said. “Less important because all the compute is now happening in the cloud; more critical because it’s the device that everyone uses to do their work. 10ZiG has been the right answer on both counts. They’re so low maintenance that they’ve essentially become invisible, which is exactly what you want from an endpoint.”

Rollout process

Before shipment, the IT team worked with 10ZiG to create a standard device image with the required software, drivers and settings. The devices then arrived configured and ready to connect to the network, reducing work during installation.

That proved useful during a large-scale office swap-out. “This saved us a lot of time during the rollout, which was welcome given the physical effort involved: unpacking computers and monitors, assembling thin client bases and monitor arms, fitting everything to desks, then removing old equipment and recycling packaging. At our largest office in Guildford, we replaced more than 100 machines and monitors in a single day,” Barrett said.

He added that preparation before the rollout was central to avoiding disruption for staff returning after the changeover. “I remember saying to our Managing Partner afterwards: where else have you worked where so many computers have been changed over a weekend and everything worked on Monday?” he said.

Cost and management

TWM now uses 10ZiG Manager to power devices on and off remotely, deploy patches and maintain the same configuration across its offices. The firm said central management has reduced the need for engineers to travel between sites, saving hundreds of hours of IT time as well as transport costs.

The economics of the hardware also formed part of the case for the move. The firm put the device cost at about £450 each and estimated a lifespan of eight or nine years, which works out at roughly £50 a year per unit.

Barrett said that translated into low ongoing support demands. “When you break it down, we’re paying roughly £1 a week for a device with very little day-to-day management required,” he said. “We’ve made the right decision to invest in 10ZiG modernized thin clients. They’re easy to manage, easy to maintain and the 10ZiG team has been excellent to work with. The burden of desktop management, which used to be time-consuming, boring and frustrating, has simply disappeared.”

James Broughton of 10ZiG said the project reflected a wider pattern among organisations moving desktop environments into the cloud. “Organisations moving towards Microsoft AVD and cloud-based work environments increasingly need endpoint solutions that are secure, simple to manage and operationally efficient,” he said. “By combining our thin client endpoints with Microsoft AVD and 10ZiG Manager, TWM Solicitors is an excellent example of how organizations can modernize desktop infrastructure while simplifying IT operations and supporting long-term cloud transformation strategies.”