Zenity CEO Ben Kliger with Safety Detectives: Most Security Teams Have No AI Agent Strategy. Here’s How to Build One

In this exclusive interview with Safety Detectives, we try to understand why most enterprise security teams are still flying blind when it comes to AI agents, and what can be done about that, with the help of Ben Kliger, an 18-years cybersecurity veteran and co-founder at Zenity, a pioneering AI security governance platform.

Kliger explains why securing autonomous agents requires a totally new approach than traditional tools can offer. One where, instead of focusing on input filtering, security shifts toward governing behavior, context, and autonomy.

If you’re adopting AI, this is the conversation your security team needs to have now.

What’s the most urgent cybersecurity problem in your industry that no one talks about?

Security teams have no idea what AI agents are actually doing.

They can’t see what those agents are accessing, how they behave, or how they evolve once they’re deployed. These agents are often launched with good intentions, but over time, they change. They chain tools together, make decisions on their own, and interact with APIs and other agents in unpredictable ways.

And most security teams? They’re stuck trying to apply old playbooks to a brand-new problem.

Today’s tools aren’t built to handle this kind of autonomy. Some teams throw DLP or prompt filters at the problem, but that’s like trying to stop a runaway train with a speed bump. The real threat isn’t the input. It’s the agent’s logic. It’s how they reason, what they chain together, and why they act the way they do.

Until we start treating agents as autonomous systems, not fancy chatbots, we’re going to keep getting blindsided.

Why do you think this issue is so ignored or avoided? Does anyone actually benefit from keeping it hidden?

Because it’s hard. Understanding how an agent behaves means building new telemetry, new tools, and a new mindset. Most orgs aren’t ready for that.

It’s also inconvenient. This problem doesn’t fit into any existing security category, so no one really “owns” it yet.

And let’s be honest: it’s uncomfortable. It means admitting we don’t fully understand the systems we’re deploying.

There are two groups who benefit from the silence:

1. Business teams, who are racing to adopt AI and don’t want to slow down for security reviews.
2. Vendors, who downplay the risks, just like they did in the early days of cloud. They claim they’ve “got it covered,” but the reality is that customers are left dealing with the fallout.

Have you personally witnessed a situation where this issue led to real damage or loss?

One company used an AI agent to automate procurement tasks… Seemed harmless, until a vague prompt triggered a chain of API calls that leaked sensitive supplier data.

The problem wasn’t the prompt. It was the agent’s autonomy. No one had scoped or governed how it could behave in different contexts. That’s where the risk came from.

We’ve seen this in our own research at Zenity too. Our Labs team has shown again and again: if you can’t observe and govern agent behavior, you can’t secure it. Period.

Want another example?

Here’s how a hacker used a normal-looking email to hack an AI agent and start using it to steal financial information, sending answers to controlled bank accounts, and more.

Who is being hurt the most by this problem?

The people paying the price are:

• Enterprise security teams who are stuck playing whack-a-mole with prompt filtering while the real threats come from the agents themselves.
• Developers and end users who are forced to bolt on security after the fact, or slow down deployments because no one trusts the system.

But the biggest cost is invisible: loss of trust.

Every time an agent misbehaves, it chips away at user confidence. That’s incredibly hard to win back, and even harder to measure. Meanwhile, security teams waste hours just trying to spot problems instead of solving them. That adds up fast.

If someone reading this wants to avoid this problem, what should they start (or stop) doing today?

First, step back and ask better questions:

What’s your actual strategy for governing AI agents? (Not your tools, your strategy!)

Here’s what to start doing right away:

• Talk to peers. Most teams are struggling with this. Start comparing notes.
• Instrument your agents. Add telemetry to track decisions, tool usage, and context switching.
• Implement policy-as-code. Platforms like Zenity can help define clear behavioral boundaries.
• Audit entire workflows. Don’t just test prompts. Test the whole task chain.
• Partner with the business. Security should enable AI adoption, not block it.

And here’s what to stop:

• Stop relying only on prompt filtering. It’s necessary, but nowhere near enough.
• Stop treating agents like chatbots. They’re more like autonomous microservices. Secure them like it.

To wrap up, if there was one key takeaway you wish people could bring home from this conversation, what would it be?

Stop asking, “What did the user say?” Start asking, “Why did the agent do that?”

If we keep focusing on inputs, we’re going to miss the real threats.

And if security is always seen as the team that says “no,” we’ll never get invited to the conversation early enough to help.

Security teams must enable safe AI adoption, not slow it down.