- Home >
- Blog >
- Company News
What’s New in New-Scale July 2026: AI Agents Need More Than Guardrails
- Jul 01, 2026
- Kevin Binder
- 6 minutes to read
Table of Contents
Exabeam expands Behavior Intelligence to address risks introduced by agentic AI. This release introduces open-source projects for agent verification and telemetry, expanded AI observability with Anthropic Claude support, more than 50 new Agent Behavior Analytics (ABA) detections(bringing total to 90), Exabeam Nova Content Creator, and OWASP Agentic Top 10 coverage scoring in Outcomes Navigator, enabling teams to continuously verify, observe, analyze, and improve AI agent security.
These updates are important. The bigger story is how they work together. They give security teams a continuous model to verify, observe, analyze, and improve AI agent security.
AI Has Become an Enterprise Operating Layer
AI now sits inside enterprise workflows, development pipelines, and security operations. Organizations deploy agents that can reason, call APIs, interact with data, and execute actions in systems. Employees use copilots to accelerate work. Developers adopt AI assistants and command-line tools. Business teams explore custom AI applications.
That shift changes the security model. Risk is no longer limited to prompts and outputs. It is defined by actions.
Agents retrieve data, install packages, clone repositories, trigger workflows, and interact across identities and environments. They often operate in multi-step sequences in tools and services. Security teams must determine whether those actions are expected, authorized, and aligned with defined roles.
AI agents need more than guardrails. They require Behavior Intelligence.
Why Guardrails Are Not Enough
Agentic AI blurs the boundary between input and instruction. External content, including documents, repositories, and tickets, can influence behavior in unexpected ways. A document, web page, email, or message can look like information but function as instruction. In agentic systems, that instruction can trigger action.
Guardrails address part of this risk:
- Input and output filtering reduce exposure
- Policy controls define acceptable use
- DLP tools detect sensitive data movement
These controls don’t address action-level risk.
Security teams need visibility into:
- Which tools an agent invoked
- What data it accessed
- What actions it performed
- Whether behavior matched its intended role
As agents execute multi-step workflows throughout systems, risk compounds at each stage. Actions may be manipulated, excessive, unauthorized, or abnormal in context.
Security teams must shift from filtering content to continuously validating behavior. When inputs can’t be fully trusted, validation must focus on what the agent does.
Why Securing AI Agents Requires a Behavior-First Approach
Exabeam applies a behavior-first model to secure the agentic enterprise.
Modern AI environments are:
- Multi-model
- Distributed among cloud, SaaS, and internal systems
- Continuously evolving
They are dynamic and often ahead of centralized governance. Some deployments are approved. Others are experimental. Some emerge before teams have full visibility. Static controls alone can’t manage this complexity.
Behavior Intelligence focuses on:
- Actions and behavioral patterns
- Context for humans, agents, and machines
- Dynamic risk scoring and anomaly detection
This approach helps teams determine whether activity is expected, abnormal, or risky, and prioritize investigation accordingly. It extends security beyond inputs and outputs and turns agent activity into behavioral risk intelligence.
Behavior Intelligence Lifecycle for Agents
Exabeam structures this release around a continuous lifecycle: verify, observe, analyze, improve.
- Verify defines what agents are allowed to do
- Observe captures runtime activity
- Analyze detects misuse, drift, and risk
- Improve strengthens detection coverage over time
This lifecycle connects detection, investigation, and measurement into one operating model within New-Scale Fusion. Security must be continuous as agents reason, adapt, and act in multiple systems.

Verify: Define and Validate Agent Behavior With Praxen
Praxen is an open-source Agent Behavior Verification project from the Open Agentic and AI Security Community.
What it does
Defines a worker remit, a behavioral contract that specifies an agent’s role, tools, permissions, and boundaries.
What makes it different
Validates prompts, tool access, integrations, and permissions before runtime. This shifts security earlier in the lifecycle.
Customer outcome
Identifies:
- Excessive permissions
- Unsafe tool access
- Misaligned agent roles
This reduces risk before the agent executes in production.
Observe: Standardize Agent Telemetry with Observra
Observra standardizes agent activity into a structured model aligned to the Exabeam Common Information Model (CIM).
What it does
Captures telemetry including:
- Prompts and responses
- Tool calls and API invocations
- Actions and approvals
- Data access and outcomes
What makes it different
Normalizes telemetry across heterogeneous AI environments (commercial, custom-built, and open-source agents) into CIM-aligned data.
This ensures agent activity is: searchable, correlatable, and ready for behavioral analytics.
Customer outcome
Provides a consistent behavioral record for investigation timelines, detection engineering, and audit readiness.
This release also extends AI observability to Anthropic Claude, alongside ChatGPT, Gemini, and Microsoft Copilot. Observra and expanded Claude support help teams answer a key question: What happened? In a bring-your-own-AI environment, a common telemetry foundation is critical.
Exabeam Agent Sensor captures unified telemetry from AI command line interface tools running on enterprise endpoints.
What it does
Captures telemetry including:
- AI CLI session lifecycles
- User prompts
- Tool invocations
- Token usage
- Agent costs
Supported AI tools include Claude Code, Codex CLI, and Gemini CLI running on user machines.
What makes it different
Collects AI execution data directly from enterprise endpoints, where developers and technical users increasingly rely on AI CLI tools to complete daily work.
This ensures endpoint-based agent activity is visible, normalized to the Exabeam Common Information Model, and ready for threat detection and behavioral investigation.
Customer outcome
Gives security teams a unified behavioral record of AI activity on enterprise endpoints, helping analysts connect agent activity to the user, device, and broader investigation timeline.
Exabeam Agent Sensor helps teams answer a key question: What happened on the endpoint? As AI CLI tools become part of enterprise workflows, endpoint-level telemetry gives security teams the visibility needed to detect risky behavior, investigate agent-driven activity, and bring non-human insiders into the SOC workflow.
Multiple options for agent observability
Agent telemetry does not come from one place. Enterprises use commercial AI platforms, endpoint-based AI CLI tools, and custom-built agents. Exabeam supports all three.
For custom agents, Observra provides a developer library to generate structured telemetry.
For endpoint-based AI CLI tools, Exabeam Agent Sensor captures activity from tools like Claude Code, Codex CLI, and Gemini CLI running on user machines.
For commercial AI platforms, Exabeam prebuilt collectors capture activity from supported services including Gemini, Claude, Microsoft Copilot, and OpenAI or ChatGPT.
This gives security teams a flexible telemetry foundation for Agent Behavior Analytics, investigation timelines, detection engineering, and audit readiness.
Analyze: Detect Agent Risk With Expanded Agent Behavior Analytics
Agent risk is behavioral It often appears as drift, misuse, or abnormal activity, not a known indicator of compromise.
What it does
Adds:
- More than 50 new ABA detections brings the total to 90
- 75 total AI detection rules
- 66 dynamic behavioral profile rules
What makes it different
Combines behavioral baselines, static indicators, and enrichment context to detect AI-native threats.
Customer outcome
Detects risks such as:
- Agent lifecycle events
- First-time or abnormal agent creation
- Unexpected modification, deletion, or sharing
- Prompt injection and instruction tampering
- Attempts to expose system prompts
- Encoded payload injection
- Instructions designed to bypass guardrails
- Autonomous tool and package activity
- First-time or abnormal package installation
- Unexpected framework usage
- Data exfiltration and DLP violations
- Large data transfers from AI/ML domains
- Abnormal data volumes
- Correlated third-party DLP alerts
- Resource abuse and anomalous activity
- Abnormal token consumption
- High request or tool call volume
- Guardrail violations
- First or repeated high-risk misuse
- Policy violations by user or department
- Supply chain and access risk
- First-time token-based access to MCP server endpoints or GitHub repositories
- Unauthorized folder or repository changes
- Suspicious port usage and connection patterns
Exabeam translates telemetry into behavioral risk intelligence for users, agents, and machines. The goal is to determine whether activity is expected, abnormal, or warrants investigation.
Improve: Accelerate Detection Engineering with Exabeam Nova Content Creator
Agent environments evolve quickly. Detection engineering must adapt at the same pace.
What it does
Enables natural language-driven detection creation and tuning.
What makes it different
- Creates correlation rules and behavioral models from natural language
- Tunes detections without manual JSON editing
- Converts Sigma and YARA rules into detection content
Customer outcome
Reduces manual effort, accelerates development, and improves coverage without requiring deep platform expertise. It helps teams move from detection idea to working content with less friction.
Improve: Measure Readiness with OWASP Agentic Top 10 Coverage
Outcomes Navigator now includes coverage scoring aligned to the OWASP Agentic Top 10.
What it does
Maps detection coverage to AI-specific threat categories.
What makes it different
Provides a measurable framework for agentic risk that complements MITRE ATT&CK®.
Customer outcome
- Identifies coverage gaps
- Prioritizes detection investments
- Tracks readiness improvement over time
Exabeam Nova Advisor Agent provides recommendations to guide next steps, giving security leaders and detection engineering teams a way to answer an increasingly common question: Are we protected against AI agent threats?
Extend Security Operations to AI Agents
AI agents operate in systems, identities, data, and workflows. Their risk that doesn’t fit traditional detection models.
Organizations must extend existing security operations, not replace them. Most teams already have SIEMs, data pipelines, identity systems, cloud platforms, endpoint tools, detection content, and governance processes. They need to extend those investments to support AI agents without adding disconnected tools.
This release supports four priorities in New-Scale Fusion:
- Extends behavioral analytics to humans, machines, and agents
- Advances human-agent teaming
- Enables continuous optimization through measurable coverage
- Supports multi-model, bring-your-own-AI environments
This approach allows organizations to secure AI agents without fragmenting their security architecture. It reflects a growing gap: AI adoption is accelerating faster than governance in many organizations. Security teams need visibility and control along with a clear, workable path forward.
What This Release Delivers
- Behavior Intelligence for AI agents throughout the lifecycle
- Open foundation for agent telemetry
- Expanded ABA detections targeting real agent misuse and drift
- Faster detection engineering with Exabeam Nova Content Creator
- Measurable coverage with OWASP Agentic Top 10 scoring
This release gives security teams a continuous model for securing agentic AI: Verify what agents are allowed to do, observe what they do, analyze behavior for misuse and drift, and improve detection coverage over time.
Explore What’s New in the July 2026 Release
These updates extend Behavior Intelligence to help you verify, observe, analyze, and improve AI agent security.
The agentic enterprise requires a new security model. Secure behavior, not just inputs. Read the release notes to explore all capabilities and register for the webinar to see them in action.
Kevin Binder
Senior Product Marketing Manager | Exabeam | Kevin Binder is a cybersecurity marketing professional based in Morgan Hill, CA. Kevin has over 20 years of experience in information security marketing with companies including Amazon Web Services, Citrix Systems, and Nortel Networks. In his previous roles, Kevin was responsible for go-to-market strategy for emerging technologies such as cloud-based security services, mobile device management, and user-behavior analytics. He received a B.S. degree in Managerial Economics from UC Davis. In his free time, Kevin enjoys spending time with family and friends, sporting events, and golf.
More posts by Kevin BinderLearn More About Exabeam
Learn about the Exabeam platform and expand your knowledge of information security with our collection of white papers, podcasts, webinars, and more.
-
Blog LogRhythm SIEM July 2026 Release: Accelerating Investigations and Expanding Visibility
- Show More