Every CISO in the world has spent years defending against insider threats: the disgruntled employee, the compromised contractor, the credentials sold on the dark web. What nobody fully prepared for was the insider threat they actively deployed, gave system-wide access, and set to work autonomously.
That reckoning arrived this week.
What Just Happened in the AI Agent Security Market
On May 7, Palo Alto Networks confirmed its intent to acquire Portkey, a three-year-old AI gateway startup that processes trillions of tokens per month across more than 1,600 AI models. The deal, reported to be valued between US$120 million and US$140 million, a doubling of Portkey's February 2026 valuation, tells a more important story than the headline number.
Portkey is not a conventional security company. Its core product is an AI gateway: a centralised control plane that sits between enterprise applications and the AI models they call, logging every interaction, enforcing policies, managing latency, and providing visibility into agent-to-agent communications. In simpler terms, it is the traffic management layer for enterprise AI.
Palo Alto paid a premium for this capability because it does not exist natively in most enterprise security stacks. AI agents, unlike human employees or even traditional software, can chain access across multiple systems, make autonomous decisions, and execute actions at a scale and speed that no existing logging or access control system was designed to handle. They are, as Palo Alto's own security researchers framed it last January, acting as "highly privileged insiders."
At almost exactly the same moment, ServiceNow was on stage at its annual Knowledge 2026 conference in Las Vegas, announcing a significant expansion of its AI Control Tower: a governance layer that can discover, observe, and manage AI agents operating across AWS, Google Cloud, and Microsoft Azure environments, including agents that ServiceNow did not deploy. The positioning was deliberate. CEO Bill McDermott described ServiceNow as "the AI agent of agents," a platform through which enterprises govern everything that runs autonomously on their behalf, regardless of origin.
Two major enterprise platforms, moving simultaneously, to own the governance layer for AI agents. That is not a coincidence.
Why This Is the Defining Security Problem of 2026
The numbers that underpin this market move are striking. According to research published in April 2026, 97% of enterprise security leaders expect a material AI-agent-driven security or fraud incident within the next 12 months. Separately, 82% of organisations have AI agents running in their infrastructure that IT teams cannot fully identify or account for.
These are not hypothetical risks. They reflect the speed at which AI agent deployment has outpaced governance. Organisations adopted copilots and AI assistants quickly. They then connected those agents to internal databases, CRM systems, financial applications, and communication platforms. The agents were granted broad permissions because restricting them defeated their purpose. And then, in most cases, monitoring stopped at the point of authentication.
The result is what security researchers now call the "superuser problem." An autonomous agent with valid credentials, access to multiple systems, and no meaningful post-authentication oversight is, operationally, a superuser. It can chain together actions across platforms, move between applications, and take decisions that no single human would be authorised to take alone. If that agent is compromised via prompt injection or tool misuse, an adversary effectively has a silent, always-on insider operating with enterprise-wide access.
The most sophisticated form of this attack, the "confused deputy" exploit, involves tricking a legitimately authorised agent into misusing its own privileges. The agent is not compromised in the conventional sense. It simply follows instructions it was not intended to receive, from a source it was not designed to distrust.
What Does This Mean for Technology Leaders and SaaS Operators?
For CTOs and technology leaders assessing their AI roadmap in 2026, this week's activity delivers a clear signal: the era of ungoverned agent deployment is ending, and the cost of retrofitting governance is rising faster than the cost of building it in.
The Portkey acquisition price, modest in absolute terms, reflects a market that is still early. Within 12 to 18 months, the governance and observability layer for enterprise AI agents will be a standard procurement requirement, the way endpoint detection and SIEM tooling became non-negotiable a decade ago. Companies acquiring that capability now, whether through build, buy, or partnership, are positioning for the moment when enterprise procurement teams start asking: how do you govern your agents?
For SaaS operators, the question is more immediate. If your product deploys AI agents into customer environments, you are now operating in a regulated space, whether formal regulations have caught up or not. Enterprise customers are starting to ask about agent identity, permission scoping, audit trails, and incident response. The SaaS vendors that can answer those questions fluently will close deals faster than those who cannot. This is not a compliance exercise; it is a competitive positioning decision.
At ARC, we work with technology companies navigating exactly this kind of market shift, helping leadership teams communicate change clearly to investors, customers, and the market. The companies that articulate their AI governance posture with precision will be better placed as buyer scrutiny increases.
What Should Investors Be Watching?
From a capital markets perspective, this week's activity signals a repricing event in the making. The AI security category has been somewhat overshadowed by the broader AI infrastructure investment narrative, with data centres, GPU compute, and foundational model companies absorbing the majority of capital attention. The Portkey deal, alongside ServiceNow's positioning, suggests the market is rotating toward the control and governance layer.
This mirrors a well-established pattern in enterprise technology adoption. Infrastructure comes first, application development follows, and governance and security close the cycle. We are now in the governance phase of enterprise agentic AI.
Investors should be looking at companies that own identifiable positions in the AI governance stack: API gateways, agent observability platforms, identity management providers that have extended their scope to cover non-human identities, and enterprise workflow platforms that have built or acquired governance capabilities. The category is not yet well-defined in most analyst frameworks, which is precisely why the opportunity is underpriced.
The Bottom Line
The implicit assumption behind most enterprise AI deployment has been that agents are tools, and tools do not need to be governed the way people do. This week made clear that assumption no longer holds.
AI agents with system-wide access, autonomous decision-making, and no effective post-authentication oversight are not tools. They are participants in enterprise operations, with all the risk that implies. Palo Alto Networks paid to own the traffic layer. ServiceNow is positioning to own the governance layer. The rest of the market is now catching up.
The organisations that get ahead of this, that treat AI agent governance as a first-order operational requirement rather than a security afterthought, will have a structural advantage when the incidents the industry is bracing for begin to surface. The question is not whether AI agents will be governed. It is whether your organisation will govern them before or after something goes wrong.
Frequently Asked Questions
What is an AI agent insider threat? An AI agent insider threat occurs when an autonomous AI system, operating with legitimate enterprise credentials and broad system access, is exploited or behaves in unintended ways that expose sensitive data or systems. Unlike human insider threats, AI agents can act at machine speed across multiple connected systems simultaneously, making containment far more complex. A 2026 survey found 87% of enterprise leaders consider AI agents operating with legitimate credentials a greater insider risk than human employees.
Why did Palo Alto Networks acquire Portkey? Palo Alto Networks acquired Portkey to integrate its AI gateway technology into Prisma AIRS, giving enterprises a centralised control plane for managing and securing AI agent traffic. As enterprises deploy more autonomous agents across internal systems, the gap in existing security tools, which were designed for human users, not machine-speed autonomous actors, has widened significantly. Portkey processes trillions of tokens per month and provides the observability and policy enforcement layer that most enterprise security stacks currently lack.
What should SaaS companies do to address AI agent governance? SaaS companies deploying AI agents into customer environments should establish clear agent identity frameworks, including scoped permissions, audit logging, and documented incident response procedures for agentic systems. As enterprise buyers increase scrutiny of AI governance, vendors that can demonstrate structured oversight of agent behaviour will have a meaningful procurement advantage. Building governance in at the architecture stage is substantially cheaper and more credible than retrofitting it under customer or regulatory pressure.