Permiso launches AI agent security tools with Autodesk

Permiso has launched AI agent runtime security features for its identity security platform, with Autodesk deploying the new functions as a launch customer.

The update is designed to help security teams identify AI agents operating across their environments, including those not formally approved, and track their activity across systems, tools and data sources.

Permiso is extending its existing identity platform into a fast-growing area of corporate technology use as companies introduce AI agents into products, internal workflows and cloud operations. It argues that many security teams still lack a clear view of how many agents are active, what credentials they use and which systems they can reach once they begin operating.

Autodesk, the design and engineering software company, is using the technology across its products, workforce and cloud infrastructure. The deployment gives Permiso an early reference customer as suppliers race to define security controls for software agents that can act with limited human oversight.

Runtime focus

The new functions focus on what Permiso describes as runtime visibility rather than a static view of access rights. That includes discovering agents and sessions, attributing actions to a human, non-human or AI identity, monitoring tool calls and data access, and detecting unusual or high-risk behaviour.

The platform also adds behavioural skill sandboxing and identity-based controls, including approval gates for sensitive actions and kill switches. It can build an inventory of agents, sub-agents, builders, models and users across cloud, software-as-a-service, identity providers and code environments.

According to Permiso, that inventory extends to agents running in serverless functions, containers and virtual machines. It also tracks activity involving MCP servers, which are increasingly used as connectors between models and external tools or data sources.

For security teams, the challenge is that AI agents do not behave like conventional machine identities. They can inherit credentials, call tools dynamically, create sub-agents and reach downstream systems in ways shaped by context rather than fixed rules.

Permiso argues this creates a gap in traditional identity and access products, which often lose visibility after an agent has authenticated. Many non-human identity products, it says, still treat agents as static credentials rather than software entities that can make decisions during live operation.

Sebastian Goodwin, chief trust officer at Autodesk, described visibility into agent actions as essential for large-scale deployments. "Autodesk is investing significantly in AI across our workforce, infrastructure, and products. Permiso Security was already our security platform for Identities, so the natural next step was to partner with them for Agentic AI Identities. Permiso gave us the ability to discover agents across our environment, maintain a full registry, attribute actions to an initiating identity, and monitor all events, runs, and tool calls touching our systems. This is non-negotiable when you're securing enterprise AI at scale. In the agentic era, visibility and threat detection are what allows us to move fast," he said.

Market debate

The launch comes as cybersecurity vendors try to define how AI agents should be governed inside large organisations. Much of the market has focused on posture management, such as how agents authenticate and what permissions they hold, but suppliers are increasingly shifting towards monitoring live activity and limiting harmful actions once an agent is running.

Jason Martin, co-founder and co-CEO of Permiso, said the company does not view prevention as a complete answer to agent security. "The market is full of vendors claiming they can prevent AI agent security incidents. As someone who has spent decades in the security industry, I can tell you that's not possible. You are putting a deterministic capability on a non-deterministic brain. Agents will do things they were not supposed to do. The question is whether you have visibility into every run, every tool call, and every piece of data an agent touches to detect when it happens, and the controls to contain it. That is what we built," he said.

Permiso said the new functions are informed by research from its P0 Labs team, including work on LLMjacking techniques, cross-prompt injection weaknesses in enterprise AI copilots and malicious AI agent skills in public marketplaces. That research now feeds into product features aimed at spotting policy violations, over-privileged access, anomalous tool use and behaviour with potentially wide impact.

The update is available to existing and new customers through Permiso's existing platform architecture, which connects by API and does not require infrastructure changes.

Paul Nguyen, co-founder and co-CEO of Permiso, said customer demand is being driven by a lack of basic operational visibility. "Every enterprise we talk to is deploying AI agents. Almost none of them can tell us how many agents are running, what identities those agents are using, or what MCP servers they are calling. We are not asking customers to buy a new product. We are extending the platform they already trust to cover the fastest-growing and least-governed identity class in the enterprise," he said.