CyberArk Announces Identity Security Solution to Secure AI Agents At Scale

CyberArk (NASDAQ: CYBR), the global leader in identity security, today announced the CyberArk Secure AI Agents Solution, which will allow organizations to implement identity-first security for agentic AI using the CyberArk Identity Security Platform. The solution will help organizations mitigate new and unique identity-centric risks as AI agents autonomously communicate with other agents, access sensitive information, escalate privileges, interact with critical infrastructure, and modify their behaviors to accomplish complex tasks.

According to Gartner®, "By 2028, 25% of enterprise breaches will be traced back to AI agent abuse, from both external and malicious internal actors."¹ This new, growing attack surface is tied to the emergence of a new, complex class of digital identities: AI agents that act like humans in their autonomy, but like machines in their ability to scale exponentially. Managing and securing the privileged access, lifecycles, and orchestration of agents goes beyond prompt security to become an identity security challenge that demands a defense-in-depth approach.

"When millions of autonomous, adaptable, and interactive AI agents gain privileged access to resources and services, organizations must not find themselves in a situation where security has lagged innovation. Relying solely on basic identity and access management controls will leave organizations vulnerable to breaches they won't see coming," said Matt Cohen, CEO at CyberArk, "Agents must be secured on day one by combining the principles of human identity security with the scalability and automation of machine identity security. With CyberArk, organizations can plan for an identity-first model to secure the future of agentic AI, unlocking innovation while maintaining control, trust and resilience."

The CyberArk Secure AI Agents Solution will leverage the breadth of intelligent privilege controls offered by the CyberArk Identity Security Platform – built to secure the full spectrum of identities across every environment – to treat each agent as a privileged, autonomous identity subject to continuous discovery, oversight, and adaptive control. By offering these capabilities natively, the solution will match the pace of innovation inherent to the agentic workforce. The Secure AI Agents Solution will enable:²

• Discovery and context to provide observability into known and shadow agents across SaaS applications, off-the-shelf and custom agents, and agentic infrastructure.
• Privilege control: secure access management, enforcing least privilege and managing credentials - such as secrets and certificates - for agents with privileged access.
• Privilege control: threat detection & response for real-time behavioral monitoring to detect drift and prevent misuse.
• Automated lifecycle management tohelp eliminate stale or excessive access, securely onboarding and offboarding the entire agentic population as needed.
• Governance to ensure AI Agents operate in compliance with organizational and regulatory requirements.

In parallel, CyberArk has launched a new open-source security toolset for developers building AI agent environments. Available on the CyberArk GitHub account, the CyberArk Labs AI Agent Tool Set is designed to assist developers in creating AI agents by providing a view of how they communicate and highlighting potential risks that might require attention. It also includes just-in-time credential provisioning to enhance security and streamline development.

Complementing the capabilities of the new solution is CyberArk CORA AI™, the platform's embedded AI engine. CORA AI helps secure agentic AI and also uses AI to improve security across the board. It analyzes user and agent behavior, detects emerging threats, recommends automated response actions, and enables administrators to interact with the platform using natural language commands, simplifying operations and accelerating response.

Further information:

• CyberArk Secure AI Agents Solution
• Securing the Backbone of Generative AI with the CyberArk Blueprint
• CyberArk CORA AI
• CyberArk GitHub
• Blog: Securing Identities for the Agentic AI Landscape

1Source: Gartner, "Predicts 2025: AI's Impact on the Future of Enterprise Technology," by Arun Chandrasekaran, Deepak Seth, Afraz Jaffri, Avivah Litan, Tigran Egiazarov, Joe Antelmi, March 18, 2025, (Report Accessible to Gartner clients only).

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

2Solution capabilities will be available to customers towards the end of 2025.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in identity security, trusted by organizations around the world to secure human and machine identities in the modern enterprise. CyberArk's AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organizations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere. Learn more at cyberark.com.

Copyright © 2025 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders. This release is for informational purposes only, and represents CyberArk's current view of its innovation direction. It is not a commitment or an obligation to deliver any product or functionality. The development, release, timing, if any, of any future innovation or product remains at our sole discretion and may be subject to applicable fees.

Cautionary Language Concerning Forward-Looking Statements

This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk's (the "Company") management. In some cases, forward-looking statements may be identified by terminology such as "believe," "may," "estimate," "continue," "anticipate," "intend," "should," "plan," "expect," "predict," "potential" or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company's future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include, but are not limited to: risks related to the Company’s acquisitions of Venafi Holdings, Inc. (“Venafi”) and Zilla Security Inc. (“Zilla”), including potential impacts on operating results; challenges in retaining and hiring key personnel and maintaining business; risks related to the successful integration of Venafi’s or Zilla’s operations and the ability to realize anticipated benefits of the combined operations; disruption of the current plans and operations of the Company and/or Zilla as a result of the announcement of the transaction, including risks of cyberattacks; changes to the drivers of the Company’s growth and the Company’s ability to adapt its solutions to the information security market changes and demands, including artificial intelligence (“AI”); the Company’s ability to acquire new customers and maintain and expand the Company’s revenues from existing customers; intense competition within the information security market; real or perceived security vulnerabilities, gaps, or cybersecurity breaches of the Company, or the Company’s customers’ or partners’ systems, solutions or services; risks related to the Company’s compliance with privacy, data protection and AI laws and regulations; the Company’s ability to successfully operate its business as a subscription company and fluctuation in its quarterly results of operations; the Company’s reliance on third-party cloud providers for its operations and software-as-a-service (“SaaS”) solutions; the Company’s ability to hire, train, retain and motivate qualified personnel; the Company’s ability to effectively execute its sales and marketing strategies; the Company’s ability to find, complete, fully integrate or achieve the expected benefits of additional strategic acquisitions; the Company’s ability to maintain successful relationships with channel partners, or if the Company’s channel partners fail to perform; risks related to sales made to government entities; prolonged economic uncertainties or downturns; the Company’s history of incurring net losses, the Company’s ability to generate sufficient revenue to achieve and sustain profitability and the Company’s ability to generate cash flow from operating activities; regulatory and geopolitical risks associated with the Company’s global sales and operations; risks related to intellectual property claims; fluctuations in currency exchange rates; the ability of the Company’s products to help customers achieve and maintain compliance with government regulations or industry standards; the Company’s ability to protect its proprietary technology and intellectual property rights; risks related to using third-party software, such as open-source software; risks related to stock price volatility or activist shareholders; any failure to retain the Company’s “foreign private issuer” status or the risk that the Company may be classified, for U.S. federal income tax purposes, as a “passive foreign investment company”; changes in tax laws; the Company’s expectation to not pay dividends on the Company’s ordinary shares for the foreseeable future; risks related to the Company’s incorporation and location in Israel, including wars and other hostilities in the Middle East; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise, except as required by applicable law.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250410622924/en/