What’s Happening
Codenotary announced that its AgentMon platform is now monitoring more than 3 million AI-agent interactions per day across enterprise environments. Of those interactions, approximately 7% triggered security, compliance, or operational anomaly detections, producing roughly 210,000 potentially unsafe AI events daily. The company positions this milestone as evidence that agentic AI systems have moved firmly into production at scale, and that the runtime behaviors of those systems now constitute a distinct and largely unmonitored risk category. The announcement marks a meaningful moment in the maturation of the AI observability market.
The Bigger Picture
A New Attack Surface Nobody Built For
The Codenotary announcement crystallizes a problem that has been building quietly for the past two years. Enterprises have been deploying AI agents rapidly, but the governance and observability infrastructure lagging behind that deployment was built for a different era. Traditional security platforms protect endpoints, networks, and identities. They were not designed to detect a customer-support AI agent exfiltrating sensitive records, an infrastructure automation agent calling unauthorized external APIs, or a recursive workflow burning through compute and capital with no human in the loop.
The 7% anomaly rate AgentMon is observing is significant precisely because the denominator is so large. At 3 million interactions per day, even a fraction of a percent represents material risk. At 7%, the daily exposure count exceeds 210,000 events. Extrapolate that across a large enterprise with hundreds of deployed agents operating across finance, legal, manufacturing, and customer systems, and the risk surface is substantial.
Critically, Codenotary’s telemetry indicates that most of these anomalies are not classic external attacks. They are unexpected behaviors originating inside legitimate workflows: prompt injection, context poisoning, unauthorized tool invocations, runaway task execution, and inadvertent exposure of credentials or healthcare data. That internal, workflow-native character makes them nearly invisible to a SIEM or a traditional endpoint detection platform.
What This Means for ITDMs
Enterprise AI adoption is accelerating faster than governance frameworks can follow. According to ECI Research’s 2025 AI Builder Summit survey, 44% of enterprise AI leaders have only moderate confidence that AI agents can act autonomously without human intervention. That confidence gap is not irrational. It reflects genuine uncertainty about what agents do at runtime, particularly in complex multi-agent architectures where one system delegates tasks to another and the chain of custody for a decision becomes difficult to trace.
The economics of that uncertainty are real. A single AI agent that inadvertently exposes a database of patient records, generates a non-compliant financial transaction, or triggers an infinite retry loop can produce regulatory, financial, or reputational damage that far exceeds the cost of the monitoring infrastructure that would have caught it. For ITDMs, the question is no longer whether to govern AI runtime behavior. The question is whether to build that governance capability now, while AI deployment is still manageable, or reactively, after a material incident forces the issue.
The Codenotary data also has budget implications. Organizations that have been treating AI observability as a nice-to-have add-on to their existing monitoring stack should revisit that framing. The runtime layer of an agentic AI system, where agents interpret context, invoke tools, make decisions, and exchange information, is operationally distinct from the application and infrastructure layers traditional platforms cover.
What This Means for Developers and Platform Engineers
For engineering teams building and operating AI-assisted workflows, the anomaly categories Codenotary is surfacing read like a checklist of hard-to-catch production bugs. Prompt injection and context poisoning are particularly thorny because they exploit the AI system’s own capabilities rather than a code vulnerability. An agent that is functioning exactly as designed can still be manipulated through crafted inputs or poisoned context. Standard integration testing won’t catch that.
ECI Research’s 2025 AI Builder Summit data shows that two-thirds of enterprise AI leaders have already implemented multi-agent collaboration in live or pilot workflows. That means the coordination surface, where agents hand off tasks, share context, and invoke each other’s capabilities, is already a production reality for most enterprises. Each handoff is a potential point of policy violation or information leakage. Developers need to think about inter-agent trust boundaries the same way they currently think about API authentication and authorization, because the blast radius of a compromised or misbehaving agent in a multi-agent system can cascade quickly.
The observed anomaly types, particularly excessive token consumption, abnormal retry behavior, and recursive runaway tasks, also have direct cost implications for engineering teams accountable for cloud spend. An agent stuck in a loop is both a security event and a FinOps event. Platforms that can correlate those signals in real time close a visibility gap that currently exists in most enterprise stacks.
What’s Next
Runtime Governance Becomes a Procurement Line Item
The trajectory here is clear. As enterprises move from dozens to thousands of deployed agents, the visibility problem Codenotary is documenting will intensify. Organizations that currently treat AI observability as a development-phase concern will encounter production incidents that force a reclassification. We expect AI runtime monitoring to become a standard procurement category within the next 12 to 18 months, evaluated alongside SIEM, CNAPP, and application performance monitoring in enterprise security and infrastructure reviews.
Regulatory Pressure Will Accelerate Adoption
Regulatory attention to AI systems is increasing across major jurisdictions. The EU AI Act’s requirements around transparency, human oversight, and accountability for high-risk AI systems create a compliance mandate that goes directly to what runtime observability platforms like AgentMon aim to address. Financial services and healthcare organizations, which appear prominently in the anomaly types Codenotary is detecting (financial records, healthcare data, credential exposure), face the most immediate compliance exposure.
ECI Research’s survey data shows that 78.3% of enterprise organizations are already subject to regulations like HIPAA or GDPR. Layering agentic AI into those regulated workflows without runtime governance is a liability that compliance and risk teams will increasingly flag. Organizations building multi-agent architectures today should treat AI runtime observability not as an operational enhancement but as a compliance prerequisite for regulated AI deployments.
Integration With Existing Security and FinOps Stacks
The next evolution for platforms like AgentMon will be tight integration with SIEM, SOAR, and cloud cost management tooling. A runtime anomaly that involves both a policy violation and runaway compute consumption is simultaneously a security event and a cost governance event. Platforms that can route those signals to the right teams in real time, without requiring manual correlation across separate tools, will have a structural advantage. Expect Codenotary and its competitors to prioritize these integrations as the market matures.
Stay Ahead of Application Development Trends
Get weekly analyst insights, research notes, event coverage, and AppDevANGLE updates delivered directly to your inbox.
Subscribe for Weekly Insights
Join technology leaders, practitioners, and GTM teams following the trends shaping modern software delivery.
Looking for deeper research access?
Explore ECI Research reports, survey insights, and market analysis through the ECI Research Portal.
