Agent Security & Governance — Market

Verified claims and product-axis read for Agent Security & Governance. Every fact below is sourced; every product judgment traces back to underlying signals.

Verified facts

• Snyk's 'ToxicSkills' research found ~36.8% of 3,984 scanned agent skills had at least one security flaw; 76 were confirmed malicious. ↗ _(failure_case)_
• Palo Alto Networks completed its acquisition of Portkey (an LLM gateway) in May 2026, folding it into its AI-security stack. ↗ _(historical_event)_
• The EU AI Act's GPAI transparency and enforcement powers activate Aug 2, 2026, with the high-risk obligations deferred to Dec 2027. ↗ (other)
• Agent identity, runtime guardrails, and red-teaming emerged as distinct 2026 sub-categories of AI security. ↗ (other)
• As agents gain autonomy (executing code, making payments), securing them shifted from prompt-filtering toward identity and action governance. ↗ (other)
• Security vendors are consolidating the AI-control-plane (gateway + guardrails + identity) — exemplified by Palo Alto's Portkey + Protect AI roll-up. ↗ (other)
• Palo Alto's Prisma AIRS — built in part on its Protect AI acquisition — is a leading agent/AI security platform. ↗ _(technical_spec)_
• Lakera builds real-time guardrails against prompt injection and other LLM/agent attacks. ↗ _(technical_spec)_
• Prompt Security provides runtime protection and governance for enterprise GenAI and agents. ↗ _(technical_spec)_
• HiddenLayer focuses on detecting and defending against attacks on machine-learning models. ↗ _(technical_spec)_

See the Products and Strategy modules for the full product list and forward-looking judgment.