New Features Deliver 100% Visibility Into AI Users, AI Builders and AI Agents to Protect Against AI Identity Compromise and Misuse

Palo Alto, CA, September 30, 2025 – Permiso Security, the leader in real-time identity security, today announced the expansion of its platform to include comprehensive protection for AI identities, including AI users, AI builders, and AI agents, in order to provide enterprises with a single platform to protect all digital identities against cyber security threats.

Available today, the expanded Permiso solution is unique in the market in that it treats AI security as an extension of identity security and offers the same comprehensive coverage for AI that has made the company’s platform the gold standard for human, non-human and vendor identity protection. The solution focuses primarily on runtime intelligence to discover actual AI usage patterns, along with the more common tracking of static information, which only captures the configuration supporting AI and AI usage. Static tracking alone does not provide any information about who and how AI is being used, leaving enterprises blind to an important part of AI risk. 

“Your AI security posture will be shaped by your overall security program,” said Jason Martin, Permiso co-CEO and co-founder. “Identity security is a core pillar of any strong program and essential to securely operationalizing AI. Every identity has unique risks, but all must authenticate and be authorized to access critical systems and data. Soon, enterprises will run hundreds or thousands of AI agents, making it vital to inventory them, assess identity risks and track real-time activity to spot suspicious behavior. Companies don’t want separate systems for each identity type - they need a single platform that provides full coverage and eliminates blind spots against identity-driven threats.”

The new AI features provide granular visibility into AI usage patterns, enabling security teams to understand not just who has AI access, but precisely how they're using it - from specific AI services to the types of activities performed. This is critical to enable organizations to discover vulnerabilities, protect against them, and defend against potential attacks. 

“AI isn’t a new silo, it’s an identity problem,” said Permiso CTO Ian Ahl. “Permiso finds every AI identity, human and non-human. We map static exposures, and use runtime detection on live activity so you can adopt AI without widening the attack surface.”

Permiso categorizes AI identities into three groups:

• AI Users: Employees and stakeholders using AI services like ChatGPT, Microsoft Copilot, Claude or other AI platforms.
• AI Builders: Developers and teams creating, modifying or deploying AI models and applications.
• AI Agents: Autonomous AI systems operating within organizational environments.

“As enterprises scale AI projects, they recognize that identity security is essential for protecting AI users, builders and agents. Solutions that apply proven identity security principles such as runtime intelligence and static tracking to AI agent identities can address a significant gap in enterprise security,” said Todd Thiemann, principal analyst at Enterprise Strategy Group.

Permiso’s specific AI identify security features, which integrate seamlessly with existing Permiso deployments and require no additional infrastructure, include the ability to discover, analyze and defend against threats via: 

• Tracking of shadow AI usage by employees using personal accounts, which can increase the AI attack surface and go unrecognized.
• Notification of unauthorized AI service access through federated authentication.
• Discovery of AI agents operating with excessive permissions, some of which have up to 90% unused permissions, similar to patterns seen across other identity types. This  introduces unnecessary risk.
• Discovery of sensitive data sharing with external AI models, whether initiated by human workers using AI or autonomous AI agents.

“As organizations embrace AI, it has to be viewed through the lens of identity. Whether it’s an employee, a developer, or an AI agent, the risks ultimately come down to who has access, what they can do, and how that activity is monitored," said Permiso customer Terrick Taylor, Security Operations Manager, YAGEO Group.

The industry is also taking note of Permiso’s unique approach to identity security. GigaOm recently recognized the company in its Radar for ITDR Report, calling Permiso a Challenger as well as a Fast Mover.  

ABOUT PERMISO

Permiso is the leading cloud identity security platform that helps organizations discover, protect, and defend against identity threats across multi-cloud and hybrid environments. The company's innovative approach combines static configuration data with runtime intelligence to provide comprehensive visibility into human identities, non-human identities, vendor accounts, and now AI identities. Trusted by multiple Fortune 500 companies and some of the Las Vegas Strip's premier resorts and casinos, Permiso enables organizations to secure their identity fabric across the full spectrum of modern computing environments.

For more information about Permiso and its AI security capabilities, explore our solutions or request a demo at hello@permiso.io