Proofpoint, the acquisitive cybersecurity and compliance firm that is making big moves to expand its European channel, has announced major innovations in the agentic AI space.
At its Proofpoint Protect customer and partner event in Nashville this week, the firm sought to address the foundational risks of the agentic workspace, by solving four critical challenges: protecting AI assistants from targeted attacks; ensuring the right controls to stop data loss by people and agents; governing the actions of GenAI and AI agents; and using AI agents themselves to automate collaboration and data security for security professionals.
As AI agents and assistants work alongside people to enable improved productivity, they also expand the attack surface. AI assistants and agents are also increasingly embedded in workflows, automating tasks, analysing information, and collaborating with people and each other. These agents are built to behave like people, points out Proofpoint: they click, share, and act.
That means they can also be tricked, misled, or compromised. People and agents face similar risks, from social and prompt engineering attacks to the unauthorised disclosure of sensitive data or credentials, and require similar, but expanded protection, says Proofpoint.
Sumit Dhawan (pictured), CEO of Proofpoint, told us at Proofpoint Protect today: “Protecting the agentic workspace is the next evolution of human-centric security, extending beyond people to safeguard AI agents and the points where they collaborate and share data.
“Our mission is to ensure our customers can confidently embrace AI, knowing we will protect them and their data against emerging threats.”
Proofpoint’s four updates announced today, and covered below, are designed to make the agentic workspace safe, securing the layer where people, agents, and data connect.
Detecting and preventing AI exploits over email: Enabling people and agents to trust agentic workspace collaboration:
Attackers are increasingly embedding malicious prompts in email to manipulate AI assistants like Microsoft Copilot and Google Gemini. These weaponised messages use prompt injections to provide malicious information to the end user, confuse AI-based defences, and exfiltrate sensitive data.
Proofpoint’s new tech, delivered through the Proofpoint Prime Threat Protection solution, blocks these exploits before they reach inboxes, ensuring people and AI agents can trust every interaction.
Proofpoint Data Security Complete and Proofpoint AI Data Governance:
Providing unified data security protection along with AI data governance data has become the fastest-growing source of security risk in the age of AI.
With Proofpoint Data Security Complete, organisations can locate their sensitive data, classify it correctly, control who has access to it, and monitor how people interact with it across all channels, from endpoints and email to the web and cloud.
Data Security Complete provides discovery and classification through Autonomous Custom Classifiers for more accurate, dynamic, and resilient data classification, with minimal human input. The solution also creates a consolidated data risk map - including cross-channel data lineage and the identification of configuration, access, and exfiltration risks - and provides “one-click remediation”.
It also delivers deep integration of DSPM, DLP, insider threat management, and data lineage into a single solution.
In addition, Proofpoint AI Data Governance enables organisations to discover both sanctioned and unsanctioned AI usage, apply prebuilt policies to prevent exfiltration and privacy violations, and govern access with automated workflows for security teams and content owners.
Proofpoint Secure Agent Gateway: Stopping customer-deployed AI agents from losing data
AI agents built and deployed by organisations also access valuable data and conversations that require the same level of protection as their human counterparts. To secure them, Proofpoint Secure Agent Gateway, built using Model Context Protocol (MCP), which controls how AI agents access data, monitors agent activity, enforces policies for data usage, and blocks or redacts sensitive data before it is shared with humans or other agents.
It works with the Proofpoint Data Security Complete offering for securing data across both people and agents.
Proofpoint Satori Agents and Proofpoint Satori MCP Access: A “force multiplier for security teams”:
Proofpoint Satori Agents operate within Proofpoint solutions and perform tasks such as handling data loss prevention alerts, recommending phishing simulations, and resolving user-reported email threats for enterprises using the Proofpoint platform.
With Satori Agents, teams that manage Proofpoint solutions can streamline and scale security operations, eliminate time-consuming repetitive tasks, reduce alert fatigue, and turn data insight into automatic action.
With Proofpoint Satori MCP Access, other agents, such as CrowdStrike Charlotte and Microsoft Copilot, can invoke Proofpoint Satori Agents to collaborate across platforms, accelerating security operations, automating repetitive tasks, and driving improved security outcomes. Satori MCP Access leverages Model Context Protocol to easily integrate Proofpoint with other security solutions.
Availability for the channel
The new capabilities will be rolled out across Proofpoint’s platform over the coming months, with AI exploit detection over email “expected to arrive in Q4 2025”. Proofpoint Data Security Complete is available starting this quarter (Q3 2025), with new features being added over the next two quarters.
Proofpoint Secure Agent Gateway and Proofpoint Satori Agents will enter “phased availability beginning in 2026”.
Earlier this month, Proofpoint unveiled an agentic AI solution for Human Communications Intelligence (HCI), “marking a significant leap forward in how organisations detect, understand and mitigate conduct and compliance risks in real time”, it said.
Designed for enterprises in regulated and “highly litigious industries”, the technology promises to “transform” digital communications governance (DCG) from post-incident compliance to real-time, AI-powered risk reasoning, detection, and prevention, “empowering” organisations to act on human behaviour before it becomes a compliance, security, or legal event, we were told.
As part of its channel ramp up, in May this year, Proofpoint acquired Hornetsecurity Group, the pan-European Microsoft 365 security, data protection, compliance, and security awareness services firm.
The acquisition is expected to enhance Proofpoint’s ability to provide "human-centric" security to small- and mid-sized businesses globally through managed service providers.
Hornetsecurity provides solutions to over 12,000 channel partners and MSPs, and more than 125,000 SMBs across Europe, while Proofpoint says it is currently trusted by 85% of the Fortune 100 and over half of the Fortune 1000.
“With the addition of Hornetsecurity, we’re extending our human-centric security platform to better serve the unique needs of MSPs and SMBs. We look forward to deepening our investment in the European markets as part of our global growth strategy,” said CEO Sumit Dhawan when the acquisition was announced.
Proofpoint intends to leverage its global reach to make the Hornetsecurity platform available for MSPs and their customers worldwide, with Hornetsecurity serving as the central hub for all MSP and SMB customers within the Proofpoint group.
In October 2024, Proofpoint acquired Normalyze, a specialist in data security posture management (DSPM).
With that acquisition, Proofpoint said it will further enhance its security platform, allowing organisations to discover, classify and protect data at scale, across SaaS, PaaS, public or multi-cloud, on-prem and hybrid environments, all while prioritising the reduction of human-centric risks in data security.
More from Proofpoint Protect in Nashville to follow...
