AI has moved past the lab and into production. It’s handling sensitive data, running workflows, and making decisions inside critical systems. That shift raises the stakes. Jailbreaks, data leaks, and unpredictable agent behavior continue to chip away at confidence, and the tools most teams lean on - prompt filters, LLM firewalls, siloed deployments - were never built for this scale. They’re reactive, easy to work around, and expensive to keep up.
Xage Security is taking a different angle. Its new
Zero Trust for AI platform enforces policy at the protocol layer, closer to the infrastructure where access decisions can’t be gamed. Instead of hoping filters hold, the system makes every interaction subject to the same deterministic checks already used to protect critical infrastructure.
The company is calling the platform “jailbreak-proof”.
Duncan Greatwood, CEO at Xage Security, explained to MSSP Alert, "Jailbreak-proof means Xage enforces identity and policy at the network data protocol layer, not just at the AI prompt or AI output layer… Even if AI prompts are manipulated, unauthorized access is blocked because policy enforcement happens below the AI layer, where it can’t be bypassed.”
This shift reframes AI security from filtering what models say to controlling what agents and applications can actually do.
Identity reimagined for AI agents
Treating AI as an ungoverned black box creates more problems than it solves. Agents spin up connections to APIs, databases, and external tools at machine speed. Without identity and access management, every interaction risks becoming a blind spot.
Xage extends its Zero Trust Fabric - already proven in critical infrastructure - to wrap AI agents with identity-first controls. Each agent is treated like a non-human identity, complete with cryptographic credentials, scoped entitlements, and automated rotation.
"Each AI agent is wrapped with access control shielding based on its identity and entitlements,” Greatwood said. "The Fabric handles credential issuance, rotation, and revocation automatically, maintaining policy enforcement even across the most complex chains of interacting components, with policies being applied locally and in real time to avoid any risk of performance drag.”
That local enforcement is key. Policies aren’t reliant on a single central control plane, so security holds even in air-gapped environments or across multiple clouds.
Proof against jailbreaks in the wild
One of the most pressing issues for security teams is proving that jailbreak attempts won’t succeed in production. With most guardrail-based solutions, there’s always a lingering sense of uncertainty.
Greatwood outlined why Xage’s approach is different.
"Firewalls and guardrails operate at the prompt or output level. They can be bypassed with creative inputs, adversarial prompts, or chained queries. Xage instead enforces policy at the network protocol level, where jailbreak attempts can’t override identity and entitlements. Every AI interaction is intercepted and validated against policy, with tamperproof audit logs showing blocked attempts and permitted actions.”
This evidence-based enforcement provides the visibility security teams need. Audit logs not only show what was allowed but also capture the precise points where jailbreak attempts were stopped - giving organizations and their regulators confidence that protections hold up under real-world conditions.
A model for MSSPs
The platform also has implications for managed security service providers, who need a way to secure AI across many customers without losing efficiency. Xage’s architecture was built with multi-tenancy in mind.
"Xage Fabric is designed for federated operations,” Greatwood said. "Each environment is isolated within the Fabric, while MSSPs can centrally manage delegated administration, enforce consistent policies across cloud, on-prem, and edge, and avoid single points of failure.”
This means MSSPs can deliver AI security services as a scalable offering rather than managing separate silos for each client. They can standardize controls while preserving isolation, allowing them to move faster and offer a defensible security posture to customers who are demanding practical, production-ready AI protection.
AI is no longer confined to experiments or narrow use cases. Enterprises are embedding it into workflows that touch sensitive systems and regulated data. That shift changes the stakes: security can’t be bolted on later, and brittle controls won’t hold up to real-world attacks.
By anchoring AI security in the same Zero Trust principles used for critical infrastructure, Xage is betting it can move the market past reactive filters toward deterministic, identity-based enforcement. If the platform delivers in practice, it could give enterprises and MSSPs the confidence they’ve been waiting for to embrace AI at scale.
