This new protection feature inspects both incoming queries and outgoing responses using behavioral and semantic analysis to detect suspicious patterns before they can inflict harm.

The Agentic AI Protection feature will be showcased at the RSA Conference 2025 in San Francisco and is set to be generally available in Summer 2025 as part of Wallarm's Advanced API Security platform.

Novikov emphasizes that while AI agents are crucial to modern digital infrastructure, their vulnerabilities remain poorly understood, necessitating robust security solutions.

Despite some organizations prohibiting the use of AI models, weak enforcement has led users to treat these tools as shadow IT services, further complicating security efforts.

AI agents are becoming increasingly prevalent in sectors like customer service and business automation, but their integration also introduces significant security risks.

Wallarm's analysis reveals that 65% of cybersecurity issues involving AI agents are linked to APIs, with an alarming average resolution time of 42 days for open issues and over 700 unresolved problems.

These AI agents communicate via APIs, making them susceptible to attacks that can be hidden within seemingly harmless user inputs.

Cybersecurity threats to AI models can be classified into four main types: data poisoning, backdoor attacks, data exfiltration through APIs, and manipulation of AI tasks.

As organizations increasingly integrate AI agents into their workflows, these systems become attractive targets for cybercriminals aiming to compromise security.

This situation underscores the urgent need for organizations to collaborate with cybersecurity teams to establish effective controls and policies regarding AI security.

Ivan Novikov, CEO of Wallarm, highlights the necessity of understanding the evolving attack surface of AI agents and implementing continuous defense measures.

In response to these challenges, Wallarm has developed Agentic AI Protection, which secures AI agents from various attack vectors, including prompt injection and system prompt retrieval.