Securing the Journey Down the AI Rabbit Hole

The past two years have transformed how organizations think about both productivity and security.

For many security leaders, the experience has felt a bit like Alice in Wonderland. Just as teams become comfortable with one generation of AI capabilities, a new one emerges and takes them further down the rabbit hole.

Not long ago, most organizations were focused on browser-based interactions with tools like ChatGPT. Security concerns centered on employees sharing sensitive information with external AI services. Soon after, desktop-native assistants such as Claude brought AI directly onto endpoints and into daily workflows. 

The next phase introduced native integrations, tool use, and Model Context Protocol (MCP) connectors, allowing AI systems to access enterprise applications and interact with business systems. Our Proofpoint AI Security uncovered at customer sites MCP connectors to Telegram and banking middleware – unapproved connections from approved AI tools. This would be an extremely dangerous setup if computing devices are compromised. 

Today, organizations are evaluating technologies such as Claude Code, AI coworkers, and autonomous agents that can write software, coordinate workflows, and take actions on behalf of users. There is now Human-Out-Of-The-Loop. There’s no knowledge worker pushing buttons, writing prompts, or moving files. Scheduled automated tasks with no supervision can now take place. 

Each step has unlocked new productivity gains. Each step has also expanded the attack surface.

What makes this shift particularly challenging is the pace of change. The progression from chat interfaces to connected and increasingly autonomous agents has largely occurred within a two-year period. Security teams are being asked to govern technologies that continue to evolve every quarter.

As AI capabilities have evolved, so have the risks.

The first phase of AI adoption introduced concerns around data exposure. Employees began using AI tools to summarize documents, generate content, and write code, often without understanding where sensitive information might be shared.

The second phase revealed that AI security and data security are inseparable. As enterprise copilots gained access to email, documents, collaboration platforms, and knowledge repositories, organizations realized that securing AI required understanding what information AI systems could access in the first place.

Today, agentic AI introduces a broader challenge. These systems can interact with tools, retrieve information, execute workflows, and take action on behalf of users. As a result, organizations must think beyond data leakage and consider issues such as prompt injection, fraud, compliance violations, policy violations, and legal liability.

In many ways, these risks look familiar.

For years, organizations have managed human-centric risks such as social engineering, insider threats, credential compromise, fraud, and accidental data mishandling. As AI systems become more capable, we are seeing similar patterns emerge. Prompt injection is increasingly becoming the social engineering attack of the AI era. Agents can be manipulated into taking actions they were not intended to take. Sensitive information can be mishandled. Policies can be violated. Fraud can occur.

Figure 1: AI Transformation has Created New Risks ​

The difference is that AI systems operate at machine speed and scale.

This is why we believe AI security cannot be approached solely as a technology problem. It is increasingly a behavioral problem. Organizations need to understand not only what AI systems are doing, but also the intent, context, and potential consequences behind those actions.

That belief has shaped our strategy for AI security.

A New Approach to AI Security

At Proofpoint, our vision is straightforward: organizations need a unified way to understand and manage risk across people, data, and AI agents.

Traditional controls remain important. Organizations still need visibility into AI usage, governance over sensitive data, and policies that prevent known risky behaviors. But as AI systems become more autonomous, security teams also need new capabilities that can identify emerging risks, understand intent, and investigate behaviors that do not fit predefined patterns.

Hence, it is critical that an AI Security solution provides Observability, Guardrails and Runtime Controls[MM1]  to ensure that you can secure how users are using AI and that your AI Agents do not go rogue. 

And this is exactly what Proofpoint’s AI Security solutions are built to deliver – a strategic solution that covers all the use cases aligned to the enterprise agentic journey. 

Figure 2: Proofpoint Solutions for AI Adoption ​

Understanding Intent with Proofpoint Nexus

At the core of our AI security platform is Proofpoint Nexus, a collection of specialized AI models designed to understand risk across AI interactions.

These models analyze user intent, agent behavior, prompt injection attempts, jailbreak activity, sensitive content exposure, and other forms of risk. Rather than relying exclusively on static rules, Nexus helps organizations understand the context behind AI interactions and identify behaviors that may indicate emerging threats.

As AI systems become increasingly capable, understanding intent becomes the key foundation for an AI runtime security solution. 

Today, we’re announcing several new innovations that we will make available over the course of the year that are designed to help organizations accelerate their AI Security adoption. 

A Unified Sensor for Data and AI Risk

We are accelerating the convergence of our DLP, Insider Threat Management, and AI Security capabilities through a single endpoint sensor called Proofpoint ZenOne. 

As AI usage increasingly shifts to endpoints and agentic environments, organizations need visibility across data and AI risks while deploying a single sensor at the endpoint. ZenOne provides a unified sensor that helps organizations understand interactions between people, data, and AI systems while simplifying deployment and operations. 

Introducing Satori Risk Investigators

We’re also introducing Satori Risk Investigators, a new family of AI-powered investigative agents.

One of the biggest challenges in security has always been the shortage of resources available to investigate potential risks. Security teams generate enormous volumes of signals, but often lack the time to analyze them comprehensively.

Satori Risk Investigators continuously analyze activity across users, data, and AI systems to identify insider risk indicators, fraud patterns, policy violations, compliance concerns, and emerging AI-related threats. These investigators help organizations uncover behaviors that may otherwise go unnoticed and provide security teams with actionable findings that can be reviewed and escalated when appropriate.

As AI becomes more deeply integrated into business operations, the ability to discover previously unknown risks will become increasingly valuable.

Bringing AI Security and Data Security Together

We’re also announcing Adaptive Data Posture, a new integration between Proofpoint’s AI security and Data security solutions.

Data classifications and governance policies will directly inform AI security decisions, while AI security findings can trigger automated remediation actions when risky behavior is detected. This creates a continuous feedback loop between governance and protection, helping organizations ensure that AI systems only have access to the information they truly need.

The goal is simple: reduce risk without slowing innovation.

Preparing for What Comes Next

Perhaps the most important lesson from the past two years is that no one knows exactly what the next stage of AI will look like.

A year ago, few organizations were discussing MCP servers. Today, they are becoming a common part of enterprise AI deployments. Similarly, the rapid adoption of coding assistants, AI coworkers, and autonomous agents has occurred much faster than many organizations anticipated.

The rabbit hole continues to deepen, and each new layer brings both opportunities and risks.

That is why we have built Proofpoint AI Security as an open and adaptable platform. Our approach is designed to evolve alongside the technologies our customers adopt, integrating with existing security investments while providing the visibility, governance, and intelligence needed to manage emerging forms of risk.

AI will continue to change how work gets done. The organizations that succeed will be the ones that can embrace those innovations without losing control of their data, their policies, or their security posture.

Our goal is to help customers do exactly that—by bringing together human-centric security expertise, data protection, and AI-native risk analysis into a single platform that is ready for whatever lies further down the rabbit hole.