AI Agent Security

AI Agent Security Overview

Check Point AI Agent Security secures the AI agents your organization builds and deploys. It discovers agents across the platforms where they run, assesses the risk of each agent’s configuration, and protects agent behavior at runtime.

AI Agent Security is an early access release. It covers the capabilities described in these pages today, and the product develops quickly. These docs are updated as new capabilities ship.

The two layers of the product

  1. Posture: the structural state of an agent. Its tools and toolsets, connected MCP servers, model, authentication, and level of autonomy. Assessed from configuration, before and independent of anything bad happening.
  2. Runtime: live behavior. Screening the prompts, tool calls, tool responses, and actions that flow through an agent as it operates, and blocking what your policy does not allow.

Many risks are addressed across both layers, so it is useful to attribute each capability to the layer it came from. Discovery and risk assessment are posture capabilities, managed in the portal. Runtime protection integrates through the Guard API; native platform runtime integrations are on the roadmap.

What AI Agent Security does

  1. Agent discovery: connect the platforms where your agents run and build a continuously updated inventory of agents, their tools, and their connected MCP servers.
  2. Risk assessment: a per-agent risk rating with the contributing factors explained, and a risk-types view across all agents so security teams know where to focus.
  3. Runtime protection through AI Guardrails: the full guardrail suite — Prompt Defense, Content Moderation, Data Leakage Prevention, Malicious Links, and Agent Behavior Defense — applied across the agentic workflow via the Guard API: user prompts, model outputs, tool calls, tool responses, and tool descriptions.

Tiers

AI Guardrails is the runtime layer of AI Agent Security, and is also sold on its own:

  1. AI Agent Security: discovery, risk assessment, and runtime protection. Includes everything in AI Guardrails.
  2. AI Agent Security - AI Guardrails: the runtime layer on its own, for teams that want to embed detection directly into their own AI applications through the Guard API. Available standalone.

How AI Agent Security fits with the rest of your architecture

AI Agent Security is one layer in a broader agent security approach. It provides discovery, risk assessment, and runtime protection for agents. Other parts of agent security are determined by how agents are built and configured, and by controls elsewhere in your architecture, such as your identity provider, cloud security, and network controls. The Security Framework Coverage page maps what each layer covers against the OWASP Top 10 for LLMs and the OWASP Top 10 for agentic applications.

Where to start

  1. Connect your agent platforms and let discovery build the inventory.
  2. Review the risk assessment for the agents that matter most.
  3. Integrate the Guard API for runtime protection.