AI agents are starting to take on real work inside enterprises. They connect to systems, pull data, and complete multi-step tasks. The problem is that most security controls still focus on prompts, not on what happens across an entire workflow.
TrojAI’s latest updates are aimed at fixing that gap.The company is expanding its platform to give security teams better visibility into how AI agents behave, how they interact with tools and data, and how risks show up over time. This reflects a broader shift. AI security is no longer just about filtering inputs. It is about understanding how autonomous systems act once they are deployed.
Red Teaming That Understands AI Behavior
TrojAI is adding agent-led red teaming, where AI agents test other AI systems by simulating attacks. These tests can run multi-step scenarios and adapt as they go, without requiring manual setup.
Lee Weiner, CEO of TrojAI, explained how this differs from traditional approaches. He told MSSP Alert,
“TrojAI Detect specifically focuses on uncovering risks in AI systems such as agents, applications, and models. TrojAI Detect identifies where an AI system behaves in a risky way, for example, by finding manipulation attack risks such as prompt injection or jailbreak attempts. Traditional pen testing tools do not understand AI risks at the behavior level. TrojAI recently released a set of agents that strategize, plan, execute AI red teaming, adapting to responses and learning to achieve their goals more effectively. This simplifies the process significantly.”
This matters because AI systems do not behave like traditional applications. They change based on inputs, memory, and context. Testing needs to reflect that.
Runtime Visibility Into What Agents Actually Do
Another key update is runtime intelligence. TrojAI can now track how agents behave while they are running. That includes which tools they use, what data they access, and how actions unfold across a workflow.
This kind of visibility helps answer basic but important questions. What is the agent doing? What data is it touching? Is it staying within policy? Without that, it is hard to manage risk once AI systems are live.
Securing Coding Agents at the Source
AI coding tools are quickly becoming part of development workflows. But they introduce risks that traditional tools do not fully address. TrojAI is focusing on the system generating the code, not just the code itself.
As Weiner put it, “When securing AI-generated code, traditional AppSec tools focus on scanning the output, whereas TrojAI secures the system producing the output. Traditional AppSec tools identify vulnerabilities in AI-generated code such as insecure dependencies, injection flaws, or misconfigurations. While these are important, TrojAI focuses on a different problem. Instead of scanning code artifacts, TrojAI is designed to protect the AI systems generating that code. Coding agents can inadvertently expose or embed secrets in generated code, leak PII, or be manipulated through prompt injection. These risks originate from how AI models generate and process code rather than from flaws in the code itself.”
The shift here is simple. Instead of catching issues after code is written, security moves upstream to how the code is created.
What This Means for MSSPs
TrojAI is also positioning these capabilities for managed services. MSSPs can use the platform to deliver AI red teaming and runtime monitoring to customers.
“TrojAI is designed so MSSPs can deliver both AI red teaming and runtime monitoring as managed services for their customers. The TrojAI platform can be embedded in another technology through extensive APIs and technology integration capabilities,” Weiner said.
This gives service providers a way to add AI security without building new tools from scratch.
Bringing AI Security Into Existing SOC Workflows
Integration is another focus. TrojAI connects with SIEM, SOAR, and ticketing systems so AI-related alerts fit into existing workflows.
“TrojAI integrates with existing MSSP and SOC tooling so AI security alerts flow into the same workflows teams already use. Alerts can be sent to SIEMs for correlation with other security telemetry, trigger automated response playbooks through SOAR systems, and generate incidents in standard ticketing platforms. TrojAI has both out-of-the-box integrations here as well as APIs for customizability. Because TrojAI is highly extensible, MSSPs can customize integrations and workflows to fit their existing security stack while monitoring AI-specific risks like prompt injection,” Weiner added.
This reduces friction. Teams do not need a separate system to manage AI risk. It becomes part of the same process they already follow.
These updates point to a larger change in how AI security is being handled. Static checks are not enough when systems act independently and evolve over time. For enterprises, this means rethinking what it takes to secure AI. For MSSPs, it opens up a new service area tied to how customers are adopting agentic AI. The direction is clear. As AI agents take on more responsibility, security has to move with them into the workflow itself.
