Two days ago, Doug declared the Containment Era. Yesterday, Willie showed what network-layer containment looks like for AI workloads — default-deny enforcement, Validated Containment Architectures shipping May 27, and the enforcement infrastructure the Containment Platform delivers. Today I want to answer the question every security leader asks first: what AI workloads am I actually running?
When prevention fails and detection is too slow, containment decides whether the incident becomes a catastrophic breach. That is the category. Aviatrix AgentGuard is the industry's first Containment Platform purpose-built for AI agents — discovery, enforcement, and guardrails on a single fabric. It is available in early access today.
Why AI Agents Are the Hardest Workload to Govern
AI agents are autonomous, non-deterministic, and make outbound calls on behalf of an LLM through dependencies no single team fully controls. When an agent is compromised, it looks and behaves like a legitimate agent. Detection tools trained on user behavior cannot model it. And 82% of intrusions now use valid credentials — trusted code doing trusted-looking things. The Cascade proved this at scale in March 2026.
Meanwhile, shadow AI is everywhere. According to IBM's 2025 Cost of a Data Breach Report, shadow AI adds an average of $670,000 in additional breach costs per incident — and 97% of organizations with an AI-related breach lacked proper access controls. Developers point backend services directly at OpenAI, Anthropic, Bedrock, and Gemini without telling security. Code-based tools only see what developers instrument and miss everything else.
This is the Toxic Combination applied to AI security. One path leads to more application-layer gateways that only see the traffic routed through them — Chokepoint Security for AI. We analyzed 41 MCP and LLM gateways — 19 open-source, 22 commercial. Not a single one provides network-layer enforcement. The other path leads to Communication Governance at the workload — the only control point that covers all AI traffic, instrumented or not.
Eighty-three percent of organizations use AI in daily operations. Only 13% have strong visibility into how that AI is being used. And 48% of CISOs name agentic AI their top attack vector. The gap between AI adoption and AI governance is where risk lives — and it is growing faster than any security team can close with manual processes.
But you cannot govern what you cannot see. That is why we built AgentGuard.
Three Capabilities, One Fabric
Aviatrix AgentGuard delivers a progressive path from visibility to enforcement to content governance — all on the Aviatrix fabric customers already run. No new agents. No new control plane. No application changes.
Discovery. Connect a cloud account and Aviatrix AgentGuard scans your entire cloud estate — VMs, Kubernetes clusters, serverless functions — for authorized and shadow agent workloads. It uses cloud native APIs and logs to identify every workload calling an AI provider, every provider, and whether those connections are sanctioned or unknown. Aviatrix Cloud Asset Inventory pulls metadata from the places where agents run: agent platforms, serverless functions, and Kubernetes clusters. The result is a risk-scored inventory organized by workload identity via SmartGroups — not IP addresses — surfaced in an executive AI dashboard in CoPilot. Aviatrix-managed AI WebGroups cover the full AI provider landscape — every major LLM, embedding service, vector database, and agent platform — so customers never maintain the lists themselves. Fifteen minutes from onboarding to full inventory. No gateway. No agents. No code changes.
Containment. Every AI workload that Aviatrix AgentGuard discovers becomes immediately targetable for Workload Containment via Zero Trust for AI Workloads on the same fabric. AgentGuard extends the Aviatrix Cloud Native Security Fabric to enforce Communication Governance at the agent workload — governing what each agent can reach and what can reach it. Global guardrails for agents can be applied, and the most common exfiltration vectors — data posting to public code and file-sharing services — can be blocked by default. For organizations deploying on specific agentic frameworks, Validated Containment Architectures ship with lab-tested, partner-validated containment deployments — SmartGroup model, baseline policy pack, and deployment guide included. Wave 1 ships May 27 for AWS Bedrock AgentCore, Azure AI Foundry, and Enterprise MCP Security with OBOT, a new Aviatrix partner. Five more Validated Containment Architectures follow weekly through July.
Advanced Guardrails. Coming Q3 2026: transparent AI guardrails that detect and block prompt injection and data loss at the conversation level — granular enforcement within individual agent interactions. Our joint solution, in partnership with industry-leading AI Detection and Response platforms, enhances pervasive detection and governance deep in the agentic application layer without requiring any changes to the agent's code. Together, they shrink the Blast Radius of every agent an enterprise deploys.
Map that to the formal framework. Discovery via SmartGroups delivers identity-aware visibility at the workload level. Enforcement at the VPC boundary via spoke gateways is path-complete — it governs every communication path, including those that bypass centralized inspection. Coverage across Kubernetes, VMs, and Lambda is compute-model agnostic. A single policy propagating across all four clouds is universally propagated. And default-deny enforcement holds whether or not detection has fired — detection-independent by design. Five testable properties. All five delivered.
From Discovery to Enforcement in One Week
The AgentGuard journey follows three stages. Start in observation mode — see what exists. Follow AgentGuard's guided recommendations — which workloads are highest risk, which providers are unauthorized, where enforcement should begin. Promote approved providers to permit and deny everything else. Most customers move from discovery to enforced policy within the same week.
From the Detection Era: Discover AI workloads after the breach. Build custom policies per workload over weeks. The default posture is open. Shadow AI grows unchecked.
To the Containment Era: Discover every AI workload in less than a day. Deploy a Validated Containment Architecture from day one. The default posture is contained. Shadow AI stops growing the moment default-deny is on.
The Math Behind the Urgency
The Vulnerability Deficit Equation — published in our Containment Era series — proves that the required remediation rate is 6.5× higher than the achievable rate. CISA KEV data shows the median time-to-exploit has moved to negative seven days — attackers weaponize before vendors disclose. You cannot scan, patch, or detect your way out of a structural deficit. The only remaining lever is to govern every workload communication path — and that starts with knowing what workloads exist. AgentGuard is how you get there.
Built for Compliance from Day One
The EU AI Act classifies most multi-step agents as high-risk and mandates governance infrastructure. OWASP has published the MCP Top Ten. SOC 2, HIPAA, PCI-DSS, DORA, and FedRAMP all require documented least-privilege and audit logs at the network layer. Through Aviatrix CoPilot, every AI egress decision is logged with full attribution — which workload, which destination, which policy, when. Continuous, audit-ready evidence. Not point-in-time attestations.
Getting Started
AgentGuard early access is open. Discovery deploys in fifteen minutes. Enforcement is available today via Zero Trust for AI Workloads. The first three Validated Containment Architectures ship May 27.
Request early access to AgentGuard. See what your network already knows.
One question: If a developer pointed a backend service at OpenAI today without telling anyone, how long before you would know? If the answer is "we wouldn't," AgentGuard is where you start. Discovery is the first step toward containment — and containment is the only architecture that holds when trusted code is weaponized.
Frequently Asked Questions
Aviatrix AgentGuard is the industry's first Containment Platform purpose-built for AI agents. It discovers every AI workload running in your cloud environment, including shadow AI, and then enforces network-layer containment policies so each agent can only reach approved destinations. It also provides advanced guardrails for detecting prompt injection and data loss. All three capabilities run on the Aviatrix Cloud Native Security Fabric with no new agents, control planes, or application changes required.
AI agents are autonomous, non-deterministic, and make outbound calls through dependencies no single team fully controls. When compromised, they look and behave like legitimate workloads, which makes them nearly invisible to detection tools trained on user behavior. Shadow AI compounds the problem: developers often connect backend services directly to LLM providers without informing security teams. According to IBM, shadow AI adds an average of $670,000 in additional breach costs per incident, and 97% of organizations with an AI-related breach lacked proper access controls.
When you connect a cloud account, Aviatrix AgentGuard scans your entire estate (VMs, Kubernetes clusters, and serverless functions) using cloud native APIs and logs. It identifies every workload calling an AI provider, flags whether those connections are sanctioned or unknown, and produces a risk-scored inventory organized by workload identity through SmartGroups. Aviatrix-managed AI WebGroups cover every major LLM, embedding service, vector database, and agent platform automatically. The full inventory is available within fifteen minutes of onboarding, with no gateway or code changes needed.
Most customers move from discovery to enforced policy within one week. The process starts in observation mode, where AgentGuard surfaces which workloads exist and which are highest risk. From there, guided recommendations help teams promote approved providers to a permit list and deny everything else. Organizations deploying on specific agentic frameworks can accelerate further with Validated Containment Architectures, which ship with lab-tested SmartGroup models, baseline policy packs, and deployment guides.
Yes. The EU AI Act classifies most multi-step agents as high-risk and mandates governance infrastructure, while SOC 2, HIPAA, PCI-DSS, DORA, and FedRAMP all require documented least-privilege controls and audit logs at the network layer. Through Aviatrix CoPilot, every AI egress decision is logged with full attribution, covering which workload, which destination, which policy, and when. This provides continuous, audit-ready evidence rather than point-in-time attestations.
