Permiso Security has launched AI agent runtime security capabilities for its identity security platform, with Autodesk deploying the new features as a launch customer across its products, global workforce, and cloud infrastructure.
The update extends Permiso’s existing platform into a fast-growing area of enterprise technology as companies introduce AI agents into products, internal workflows, and cloud operations. Permiso argues that most security teams still lack a clear view of how many agents are active, what credentials they use, and which systems they can reach once they begin operating.
Runtime visibility over static posture
The new capabilities focus on what Permiso describes as runtime visibility rather than a static view of access rights. Organized around Permiso’s Discover, Protect, and Defend framework, the platform can discover agents and sessions across cloud, SaaS, identity providers, and code environments, including shadow agents running in serverless functions, containers, and VMs that traditional identity tools cannot see. It then ties every run, event, tool call, and MCP invocation to a specific human, non-human, or AI identity through what the company calls its agent graph.
Beyond discovery and attribution, the platform captures what tools an agent called, what MCP servers it connected to, what data it accessed, and what downstream systems it reached, mapping the full blast radius of any agent session as a connected sequence. Runtime detection flags over-privileged access, anomalous tool usage, policy violations, and high blast radius behavior in real time, while identity-first controls provide least privilege recommendations, approval gates for sensitive actions, and kill switches that operate at the identity layer.
For security teams, the challenge is that AI agents do not behave like conventional machine identities. They can inherit credentials, call tools dynamically, spawn or interact with sub-agents that have their own discrete access, and reach downstream systems in ways shaped by context rather than fixed rules. Permiso argues this creates a gap in traditional identity products, which often lose visibility after an agent authenticates. Many NHI security products, it says, still treat agents as static credentials rather than software entities that make decisions during live operation.
Sebastian Goodwin, Chief Trust Officer at Autodesk, described visibility into agent actions as essential for large-scale deployments. “Permiso Security was already our security platform for Identities, so the natural next step was to partner with them for Agentic AI Identities,” Goodwin said. “Permiso gave us the ability to discover agents across our environment, maintain a full registry, attribute actions to an initiating identity, and monitor all events, runs, and tool calls touching our systems. In the agentic era, visibility and threat detection are what allows us to move fast.”
Market context
The launch comes as cybersecurity vendors work to define how AI agents should be governed inside large organizations. Much of the market has focused on posture management, such as where agents authenticate and what permissions they hold, but vendors are increasingly shifting toward monitoring live activity and limiting harmful actions once an agent is running.
Jason Martin, Co-Founder and Co-CEO of Permiso Security, said the company does not view prevention as a complete answer to agent security. “You are putting a deterministic capability on a non-deterministic brain,” Martin said. “Agents will do things they were not supposed to do. The question is whether you have visibility into every run, every tool call, and every piece of data an agent touches to detect it, and the controls to contain it.”
Permiso said the capabilities are informed by research from its P0 Labs team, including work on LLMjacking techniques, cross-prompt injection vulnerabilities in enterprise AI copilots, and analysis of malicious AI agent skills in public marketplaces. That research now feeds into detection features aimed at identifying policy violations, over-privileged access, and anomalous behavior.
Paul Nguyen, Co-Founder and Co-CEO of Permiso Security, said customer demand is being driven by a lack of basic operational visibility. “Every enterprise we talk to is deploying AI agents. Almost none of them can tell us how many agents are running, what identities those agents are using, or what MCP servers they are calling,” Nguyen said. “We are not asking customers to buy a new product. We are extending the platform they already trust to cover the fastest-growing and least-governed identity class in the enterprise.”
The capabilities are available immediately through Permiso’s agentless, API-based architecture with no infrastructure changes required. Permiso won the 2026 SC Award for Best Threat Detection Technology. For more information, visit permiso.io.
