What’s Happening
Beyond Identity has launched Ceros, a new business unit and platform it describes as an “agentic AI trust layer” purpose-built for securing autonomous AI agents in enterprise environments. Ceros aims to address a security gap that has grown alongside rapid AI agent adoption: enterprises deploying agents at scale have limited visibility into what data those agents access, what tools they invoke, and whether the actions taken are attributable to a verified identity. The platform combines AI discovery and inventory, runtime governance and policy enforcement, provenance tracking, and dynamic orchestration into a single control layer. Ceros is built as a business unit of Beyond Identity and inherits the company’s hardware-bound cryptographic identity infrastructure.
The Bigger Picture
The Security Gap Agentic AI Has Created
Autonomous AI agents introduce a fundamentally different threat surface than traditional software. A web application has a defined set of API calls and user interactions. An AI agent, by contrast, can browse, write code, invoke tools, call external services, and chain actions across systems, often with minimal human oversight. The existing security stack, built around static application boundaries and human-initiated sessions, doesn’t map cleanly onto that behavior.
ECI Research’s 2025 AI Builder Summit survey found that 44% of enterprise AI leaders have only moderate confidence that AI agents can act autonomously without human intervention. That finding isn’t surprising given what’s missing: most enterprises lack the tooling to enforce boundaries on what agents can actually do at runtime, not just what they’re theoretically permitted to do at configuration time.
The attack vectors Ceros targets are real and underappreciated. Prompt injection, over-permissioned workflows, and shadow AI agents running outside IT visibility are not theoretical risks. They’re operational conditions in any enterprise that has moved beyond pilot into production-scale agent deployment. The focus on a five-dimensional identity vector, covering user identity, authentication method, device compliance, tool access, and agent configuration, is a materially more precise approach than applying conventional identity and access management controls to an agent that may autonomously acquire new capabilities mid-session.
What ITDMs Need to Understand
The business case here is primarily risk containment, not cost reduction. CISOs who have approved AI agent deployments without a dedicated governance layer are carrying exposure they likely haven’t quantified. Data exfiltration via agent tool calls, unauthorized writes to production systems, and unattributable actions in audit logs are the categories of risk Ceros is targeting.
The compliance angle matters too. ECI Research’s 2025 AI Builder Summit survey found that two-thirds of enterprise AI leaders envision a future where humans and AI agents actively collaborate on complex tasks and shared goals, not one replacing the other. That collaborative model only holds if organizations can demonstrate, to auditors and regulators alike, that agent actions are traceable and governed. Ceros’s provenance and audit capability, including logged conversations, execution metadata, and attribution to specific sessions, is directly responsive to that requirement.
For ITDMs evaluating the platform, the relevant decision is not whether agentic AI security is necessary. It is. The question is whether a dedicated trust layer is the right architectural approach, versus attempting to extend existing security infrastructure. Given that ECI Research data shows 50.7% of organizations still rely on public AI tools such as ChatGPT or Copilot without an enterprise-wide governed framework, the governance deficit is already substantial. Adding agents to that environment without a dedicated control plane compounds risk rather than managing it.
What Developers and Security Engineers Should Know
The technical architecture Ceros has described is worth examining. Cryptographically tying each agentic action to hardware-bound identities is a meaningful design choice. It means the identity assertion is not software-only and therefore harder to spoof or escalate past through standard credential theft. The addition of device compliance as a dimension of the identity vector is consistent with Beyond Identity’s existing zero-trust posture, where a verified user on an unmanaged or non-compliant device is still treated as a risk.
The runtime orchestration capability, specifically the ability to inject approved tools, replace non-compliant tooling, and redirect agents to alternate LLM providers, has practical value for platform and security engineering teams managing heterogeneous agent deployments. Enterprises running multiple agent frameworks, whether LangChain-based, direct API integrations, or MCP-enabled ecosystems, need a layer that can enforce consistent policy without requiring per-framework customization.
The MCP (Model Context Protocol) coverage is notable. MCP has emerged as a common interface for connecting agents to external tools and data sources, and it’s an obvious attack surface. Discovering and governing MCP services alongside built-in tools in a unified inventory addresses a real operational gap.
One question worth watching: how Ceros handles the tension between runtime policy enforcement and agent reliability. Degrading or terminating a violating session is the right security posture, but it has operational consequences in production workflows. The platform’s approach to continuity during enforcement actions, including the LLM provider failover capability, suggests the team has thought about this, but production validation will matter.
What’s Next
Agentic AI Governance Is Becoming a Procurement Category
Ceros is entering a market that didn’t exist in its current form eighteen months ago. That’s both an opportunity and a risk. The opportunity is first-mover positioning in a category with strong secular tailwinds: enterprise AI agent adoption is accelerating, and security teams are visibly behind. The risk is that the incumbent security vendors, CrowdStrike, Palo Alto Networks, SentinelOne, and the major cloud providers themselves, are all developing AI security capabilities and have existing enterprise relationships.
Beyond Identity’s bet is that the identity layer is the right control point for agentic AI, and that building a dedicated business unit signals long-term commitment rather than a feature addition. That’s a credible thesis. Identity has historically been the foundational layer for access control, and extending it to agents rather than treating agents as a separate security domain is architecturally coherent.
What Organizations Should Do Now
Enterprises that have deployed AI agents in production, or that plan to do so within the next twelve months, should be conducting an inventory of their agentic AI attack surface before evaluating any specific vendor. The questions Ceros’s five-dimensional identity vector raises are the right ones: who approved this agent, on what device is it running, what tools does it have access to, and what did it actually do during that session? If those questions can’t be answered from existing tooling, the gap is real regardless of which platform fills it.
For organizations still in early-stage agent deployment, the governance architecture decision made now will be difficult to unwind later. Retrofitting trust and auditability onto an already-distributed agent deployment is significantly harder than building those controls in from the start. Ceros’s launch is a useful prompt for CISOs and platform teams to get ahead of that problem rather than respond to it after an incident.
Stay Ahead of Application Development Trends
Get weekly analyst insights, research notes, event coverage, and AppDevANGLE updates delivered directly to your inbox.
Subscribe for Weekly Insights
Join technology leaders, practitioners, and GTM teams following the trends shaping modern software delivery.
Looking for deeper research access?
Explore ECI Research reports, survey insights, and market analysis through the ECI Research Portal.
