Salt Security, a global leader in API security, announced the industry’s first solution designed to secure the actions of AI agents within enterprise environments. As organizations increasingly adopt agentic AI, these agents are making real-time API calls via protocols such as MCP and A2A, introducing a new layer of operational risk. Salt Security is the first company to merge API and AI security, offering organizations full visibility into agent-driven actions, governance to enforce correct security postures, and real-time protection against potential AI agent misuse.
Salt Security will showcase these innovations at CrowdStrike Fal.Con 2025 (Booth 2018) and will present “When AI Agents Go Rogue: The Security Gaps You’re Missing [2304]” on Tuesday, Sept. 16, 11:00–11:45 a.m. PDT.
The new release equips security teams with immediate visibility, automated governance, and real-time protection for agentic AI all without additional configuration. Its MCP Protect feature maps interactions with MCP servers and uncovers previously hidden endpoints, while built-in guardrails, enabled by default, automatically enforce safe agent behavior.
Also Read: Menlo Security & Google Cloud Use Gemini for Phishing Defense
A recent Gartner® report noted, “Widespread adoption of MCP and A2A will lead to more APIs and more API usage, not less.” The report further projects, “By 2028, 80% of organizations will see AI agents consume the majority of their APIs, rather than human developers.”
“Most organizations’ first AI security gap isn’t model jailbreaks, it’s the invisible API connections powering agents,” said Michael Nicosia, co-founder and COO of Salt Security. “Salt closes that gap by continuously discovering every API, governing it against policy, and protecting it in real time, including the fast-growing universe of agent-driven traffic.”
Key Innovations in Salt Security:
-
MCP Protect: Automatically discovers and monitors all MCP servers and their interactions with AI agents, providing visibility into previously hidden connections. It assesses risks, maps sensitive data in motion, and protects against unsafe or malicious MCP server usage.
-
Agentic AI Governance: Introduces a new category of out-of-the-box security controls that enforce safe AI agent behavior, automatically detecting and mitigating high-risk exposures in MCP and A2A environments.
Gartner recommends organizations “double down on API security by adding specialist security solutions to supplement standard gateway protections. Rate-limiting and access management, in particular, are vital for APIs AI applications will consume when addressing the risk of data and services being abused by agentic use.”
Recent research from Salt Security revealed that only 37% of organizations using agentic AI have a dedicated API security solution, while 48% operate 6–20 agent types, significantly widening the API attack surface. Out-of-the-box controls begin monitoring at first login, automatically detecting high-risk exposures.
“From a security standpoint, it’s not just about what AI agents say, it’s what they actually do,” said Nick Rago, VP Product Strategy of Salt Security. “AI agents act through APIs, MCP, and A2A, but most organizations don’t have visibility into those actions. Salt gives you that visibility from day one, puts the right guardrails in place, and protects against abuse and AI logic attacks in real time so your teams can move fast with confidence.”