MSSP, CSPs, Generative AI, Threat Intelligence, MSP

Exabeam Pulls In Google Tools to Protect Against AI Agent Insider Threats

Exabeam is adding AI agents to the list of insider threats that its security platform protects against.

At Google Cloud’s Security Innovation Forum Tuesday, executives with the Foster City, California, company announced it is integrating telemetry from Google’s Agentspace and Google Cloud’s Model Armor into its New-Scale Security Operations Platform to enable organizations and MSSPs to detect and respond to threats presented by AI agents.

Through the integration, security teams will be able to monitor the behavior of AI agents, which act autonomously within an organization’s environment. Through the information gathered by Google’s tools and viewed via Exabeam’s platform, security teams can track the intent of the agents, see if their behavior goes awry, and identify compromise.

It allows security teams to look at AI agents as possible insider threats, according to Exabeam Chief AI Officer Steve Wilson.

“AI agents have the capabilities to move across systems, access data, and execute tasks on their own, which in the grand scheme, is a wonderful tool to have,” Wilson told MSSP Alert. “It can boost productivity, build efficiency and support employees. The problem is most organizations treat them like simple tools that you can just integrate and let free into your systems.”

The problem is that they are actors within the environment that work autonomously, he said. Their behavior needs to be carefully monitored and structured.

“Think of it as a new intern,” Wilson said. “They might have all the right information but what they do with it needs to be managed, taught, and improved on. These agents are not inherently malicious, but without oversight, they can bypass controls or behave in unintended ways. ...  Security teams need to evolve their insider threat detection strategies to include these AI actors as part of their overall behavioral analytics program.”

AI and Insider Threats

In general, generative AI – and AI agents – are both an increasingly important tool and a security threat, a problem highlighted by a survey released this year by Exabeam. The survey of more than 1,000 cybersecurity pros found that 93% of organizations have either experienced or anticipate a rise in insider threats driven by AI.

In addition, 76% said that they found unauthorized use of generative AI by employees, and that two of the top three insider threat vectors – AI-enhanced phishing or social engineering and the unauthorized use of AI – are related to AI. About 64% ranked insiders as a larger threat to their organizations than external actors.

Also, 74% said that AI has already increased the effectiveness of insider threats.

“The reality is that these AI security problems continue to evolve faster than many organizations can keep up with,” Wilson said. “AI agents introduce entirely new blind spots that did not exist even a year ago. If we don’t call them out and help organizations recognize where those gaps lie, both malicious actors and the agents themselves can and will continue to exploit them.”

MSSPs Bring Expertise, Scale

This is important for MSSPs and MSPs as well, given their evolving role with customers as strategic partners. They bring expertise and scale that many security teams can’t, he said.

“These partners enable consistent policy enforcement and help integrate behavioral monitoring into daily operations,” he said. “Without them, the risk of unmanaged AI agent activity can grow quickly. By bringing visibility and governance to AI usage, MSSPs and MSPs turn what could be a blind spot into a manageable and well-understood risk.”

Tracking Agent Behavior, Activities

In adding the telemetry from the Google tools to its platform, Exabeam executives say they are extending its capabilities beyond those of traditional SIEM and extended detection and response (XDR), which don’t have the intelligence features to detect when AI agents go bad. Combined, the Google tools collect data about the activity of AI agents, including the systems they access, datasets they interact with, and tasks they execute, Wilson said.

“This telemetry feeds into analytics that detect subtle changes before they escalate into real incidents,” he said. “It gives organizations a clear picture of how agents are operating and helps identify risk early. Having that level of insight gives teams the time, context, and tools to intervene quickly, reduce mistakes, and prevent misuse or unintended policy violations.”

Through this, companies can take advantage of agents’ productivity while keeping them accountable.

“This dual nature of AI has continued to take center stage because many organizations are still disregarding the warnings,” Wilson said. “Even when they do take them seriously, they’ve already fallen behind the new threat. Treating AI agents like insiders, with clear rules, monitoring, and behavioral analytics, is the only way to manage this safely.”

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds