Startup Acquisition Enhances Centralized Policy Control Over AI Agent Communications
Palo Alto Networks, a prominent player in the cybersecurity industry, has announced plans to acquire Portkey, a startup founded by a former product leader at Pepper and Freshworks. This acquisition is aimed at centralizing the communication of artificial intelligence (AI) agents through a unified gateway, a move that is expected to help organizations enforce consistent security policies while monitoring agent activities in real time.
According to Anand Oswal, the Executive Vice President of Network Security at Palo Alto Networks, the decision to acquire Portkey reflects a strategic need in the industry. Oswal highlighted that without such centralization, organizations risk encountering fragmented visibility and inconsistent controls amidst thousands of interactions between AI agents. “We want all communication of agents to go through a centralized gateway,” he explained during an interview with Information Security Media Group (ISMG). He elaborated that this gateway allows for an agent registry, applying runtime protections, ensuring identity security, implementing AI governance, and achieving complete observability throughout the communication chain.
Portkey, established in 2023, employs a team of 47 people and has successfully raised $18 million, completing a $15 million Series A funding round under the leadership of Elevation Capital. The startup has been under the guidance of Rohit Agarwal, who brings experience from his previous role as head of product for AI writing assistant Pepper and a significant tenure in product management at Freshworks.
Understanding Portkey’s Role in AI Agent Security
Oswal noted that AI agents require extensive permissions across various platforms, whether they are integrated into endpoints, Software as a Service (SaaS) solutions, or cloud environments. These permissions include access to local files, external repositories, and APIs. The potential risk is profound: a compromised agent could possess the same privileges as a user or system, increasing the scope of potential damage in the event of an attack. "If agents need to act autonomously, they must have broad access," Oswal stated, referring to the necessary permissions agents require for their functions, such as access to file systems and third-party repositories.
Portkey’s platform is already demonstrating substantial traction in the real world, processing trillions of tokens, a sign of its readiness for widespread application. Additionally, Portkey’s design is developer-friendly, allowing easy onboarding for new agents. The startup’s adoption of open-source solutions has further contributed to its validation and extensive use across various enterprises, including numerous Fortune 500 companies.
“Portkey is being used by many large customers, and they are already running at scale,” Oswal indicated. The gateway provided by Portkey is anticipated to serve as the backbone for AI systems within Palo Alto Networks, offering full observability of agent behavior and monitoring the various steps in transaction processes. It will enforce governance by applying policies and maintaining an agent registry, crucial for ongoing monitoring as these agents evolve.
Integration with Palo Alto Networks’ Security Framework
The technology introduced through Portkey is set to be integrated into Palo Alto Networks’ existing Prisma AIRS solution, forming a cohesive platform designed to secure AI applications and agents. This integrated approach addresses the full lifecycle of AI systems, covering aspects from model scanning and red teaming to runtime protection and posture management. The addition of a centralized AI gateway is seen as a significant enhancement, allowing for a more structured control mechanism throughout the production phase.
By funnelling all AI transactions through this gateway, organizations can establish an agent registry, enhancing runtime protections and identity management while integrating key governance processes. As Oswal mentioned, ensuring continuous assessment of agents and their artifacts becomes increasingly important as they assume greater responsibilities. This necessitates a robust framework for managing identities effectively, incorporating the expertise of CyberArk to maintain permission structures, enforce least privilege access, and facilitate just-in-time access protocols.
The Future of Agent-Driven Security
Oswal pointed out a shift in focus within the industry, noting that discussions about agents have surged in popularity over the past year. He remarked, “A year back, no one talked about an agent. Now, all we do is talk about agents.” This growing attention underscores the need for a comprehensive architectural approach that accommodates the complexities of agent interactions with large language models (LLMs) and their autonomous decision-making capabilities.
Indeed, while AI gateways may share some similarities with traditional network gateways, they demand a fundamentally different functionality to manage the intricacies of the modern AI landscape. In a rapidly evolving environment where autonomous agents are taking on significant roles, the focus on security, governance, and observability becomes crucial for organizations striving to safely harness the power of AI technology.