Standards bodies move slowly until they don’t. In cloud security, in zero trust architecture, in API security governance, there was a specific window during which the foundational frameworks were still being drafted when the working groups were still debating definitions, benchmarks, and baseline requirements. The vendors and practitioners who contributed substantive expertise during that window earned a durable credibility advantage. Their architectural assumptions became the reference frameworks. Their threat models became the compliance checklists. Late arrivals have spent years trying to retrofit their positioning to standards they had no hand in shaping.
That window is open right now for agentic AI security. The frameworks do not yet exist in any mature or standardized form. The benchmarks have not been finalized. The red teaming standards for autonomous systems pre-deployment testing have not been codified. Regulators examining AI-driven decisions in financial services, healthcare, and critical infrastructure are writing requirements that will eventually reference whatever the industry’s leading standards bodies produce.
AI governance gaps rarely begin with the model itself. They begin with unmanaged identities, persistent permissions, and invisible trust relationships. As autonomous agents gain access to enterprise systems, attackers are increasingly exploiting weak identity controls through credential abuse, impersonation, and AI-powered deception. Consltek’s Deepfake to Breach: SMB Playbook for Identity Attacks explains how organizations can secure the identity layer behind agentic AI adoption.
Akto’s announcement that it has joined the Cloud Security Alliance as an AI Corporate Member, with CEO Ankita Gupta stepping into the AI Safety Ambassador Program council, is a direct move to be inside that drafting process rather than outside it.
The Governance Deficit That Makes the Timing Significant
Before examining what Akto’s CSA membership means competitively, it is worth establishing the scale of the problem the working groups are being assembled to address.
Akto’s State of Agentic AI Security Report documents that 79 percent of organizations currently deploying AI agents have no visibility into what those agents are accessing, what actions they are executing, or whether those actions remain within defined policy limits. That figure describes the present state of enterprise AI deployment not a projected future risk profile, not a theoretical threat model. Autonomous agents are already embedded in production environments, already connected to sensitive databases and internal systems through Model Context Protocol integrations, and already accumulating privilege footprints that no human explicitly reviewed or approved.
The governance frameworks to manage that reality are largely absent because the security controls designed for traditional application environments were not built for agent behavior. Conventional AppSec tools monitor API calls, scan code, and flag known vulnerability patterns. They were not designed to assess whether an AI agent operating at machine speed, making autonomous decisions across a chain of tool invocations, is staying within the boundaries its deploying organization intended.
Model Context Protocol has accelerated that exposure. MCP’s function connecting AI models to enterprise tools, databases, and APIs through a standardized interface is architecturally elegant and operationally convenient. It is also a privilege escalation pathway at every integration point. Every MCP server connection expands the surface an agent can reach. Every tool integration introduces supply chain dependencies that the MCP ecosystem currently lacks the maturity to govern systematically. Organizations that have deployed MCP-connected agents without assessing that expanded attack surface are carrying risk that their existing security stacks were not designed to surface.
What Council Membership in the AI Safety Ambassador Program Actually Requires
CSA membership at the AI Corporate level is not ceremonial, and participation in the AI Safety Ambassador Program council is not passive. Working group contribution requires bringing practitioner-level expertise to draft outputs benchmarks, framework requirements, guidance documents that other practitioners and enterprise security teams will evaluate and scrutinize.
Gupta’s contribution commitments cover three specific areas: AI security benchmarks, MCP security guidance for enterprises, and agentic AI red teaming standards for pre-deployment testing of autonomous systems. Each of those outputs addresses a concrete gap in what enterprise security programs currently have available to them.
AI security benchmarks give procurement teams and compliance auditors a reference framework for evaluating vendor claims and assessing internal security posture against an external standard. Without benchmarks, “we have AI security controls” is an unverifiable assertion. With benchmarks, it becomes a testable claim with documented evidence requirements.
MCP security guidance addresses the specific supply chain and privilege escalation risks that MCP adoption has introduced faster than enterprise security programs have been able to track. Organizations deploying MCP-connected agents without a security framework for evaluating MCP server trust, scoping agent permissions, and monitoring agent behavior at runtime are making deployment decisions without a reference architecture. CSA guidance produced by practitioners with direct MCP security expertise fills that gap with something auditors can actually reference.
Agentic AI red teaming standards for pre-deployment testing address the deployment gate that most organizations are currently missing entirely. A software application goes through security testing before production deployment. An AI agent, in most organizations today, does not go through any equivalent evaluation specifically designed to assess how it behaves when it encounters adversarial inputs, ambiguous instructions, or tool chains that enable unintended actions. Pre-deployment red teaming standards give security teams a defined methodology rather than requiring each organization to invent its own from scratch.
Where the Budget Signal Points
Enterprise security investment follows a recognizable cycle. A threat category is documented by practitioners. Standards bodies codify the threat and establish baseline requirements. Compliance frameworks incorporate those standards. Procurement decisions reference the frameworks as evaluation criteria. Budget justifications cite the compliance requirements as business drivers.
Akto’s CSA membership positions it at the earliest stage of that cycle for agentic AI security the practitioner documentation and standards drafting phase. The working group outputs it contributes to will eventually become the reference material that enterprise security teams use in their planning cycles, that auditors reference in their examination criteria, and that regulators cite in their guidance documents.
For security leaders currently building FY2027 budget cases for AI governance investment, the CSA’s emerging agentic AI standards will provide the external validation that internal champions need to convert a CISO recommendation into an approved line item. An organization that has invested in agentic AI security controls aligned to CSA benchmarks before those benchmarks are finalized is positioned to demonstrate compliance readiness when the frameworks mature. An organization that waits for the frameworks before beginning investment is managing a compressed timeline against an audit clock.
The Competitive Positioning Argument
Akto is not the only vendor recognizing that agentic AI security is a category being defined in real time. Platform vendors across the identity, API security, and runtime security segments are extending existing tooling toward the agent governance problem from different architectural starting points. CrowdStrike, Palo Alto Networks, and Wiz have all made public statements about AI security roadmaps. The identity security vendors addressing non-human identity management are approaching the same problem from the access provisioning layer.
What differentiates Akto’s positioning is the explicit focus on runtime agent behavior what an agent does during execution rather than what access it was granted before execution began. The threat scenarios specific to AI agents, including prompt injection that redirects agent behavior, privilege escalation through chained tool invocations, and goal drift that causes agents to take actions outside their intended scope, occur during agent operation. They are not detectable at the access provisioning stage where identity security tools apply their controls, and they are not surfaced by static analysis tools that examine code rather than runtime behavior.
CSA membership deepens that differentiation by embedding runtime behavior monitoring and red teaming expertise into the standards drafting process. When enterprise agentic AI security benchmarks reference runtime visibility requirements, those requirements will reflect Akto’s practitioner knowledge of what runtime agent behavior monitoring actually requires creating evaluation criteria that favor architectural approaches aligned with what Akto has built.
The Regulatory Timeline Compressing Enterprise Decisions
The EU AI Act’s requirements around high-risk AI system documentation, transparency, and human oversight are already in effect for the highest-risk categories, with broader scope provisions entering enforcement through 2026 and 2027. NIST’s AI Risk Management Framework, while voluntary for most private sector organizations, is being incorporated into procurement requirements by federal agencies and referenced by regulators in financial services and healthcare as a baseline for AI governance diligence.
Neither framework currently provides the specific technical guidance that enterprise security teams need to govern AI agent deployments at the control implementation level. That gap between high-level AI governance principles and concrete security controls for autonomous agent deployments is precisely what CSA’s agentic AI working groups are positioned to fill.
Organizations that are currently deploying AI agents without a governance framework are accumulating audit exposure that will become visible when their auditors and regulators begin referencing whatever standards emerge from the working groups now drafting them. The organizations best positioned are those building controls now, during the drafting phase, rather than after the standards are finalized and the compliance clock starts running.
What Security Leaders Should Recognize in This Announcement
Akto‘s CSA membership is a signal about where the industry’s institutional attention is focusing, regardless of any single vendor’s positioning. Standards bodies assemble working groups when a threat category has matured from theoretical concern to documented practitioner problem requiring structured response. The AI Safety Ambassador Program’s formation, and the caliber of expertise it is recruiting for its council, reflects institutional recognition that agentic AI security has crossed that threshold.
For enterprise security programs currently managing AI deployment decisions without formal governance frameworks, the practical implication is not primarily about Akto. It is about the timeline for when standards-based compliance requirements will arrive, what evidence those requirements will demand, and how much runway remains to build controls before the first audit examination references a benchmark that the organization cannot demonstrate alignment to.
That runway is measured in months, not years. The working groups writing the standards are already convened.
Research and Intelligence Sources: Akto
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
