On February 12, 2026, cybersecurity and compliance leader Proofpoint announced the acquisition of AI security and governance firm Acuvity. This deal is a significant step in securing the agentic workspace, an increasingly common enterprise environment where human users and agentic AI tools work collaboratively on critical business operations. The advent and growth of AI agents present security challenges that diverge fundamentally from those that existed previously, as agentic AI operates and behaves completely differently from human actors.
From Generative AI to Autonomous Action
A more recent development in the ongoing AI boom is the growing capability and popularity of AI agents. These tools often have broad and lingering permissions that enable them to access and manipulate data across complex, sprawling environments. The shift from organizations using AI as a passive tool to relying on AI as an active participant can provide benefits in efficiency and productivity, but it also introduces new and evolving risks to enterprises.
AI agents interact with email platforms, collaboration tools, and software-as-a-service (SaaS) applications, requiring far-reaching access to carry out their various functions. Allowing agentic AI tools to make decisions and execute tasks has serious implications for enterprise security. An AI agent lacks the critical thinking and discernment skills that human users are expected and trained to have, leading to weaknesses in the technology’s ability to identify and prevent risky actions.
The Expanding Attack Surface
The use of AI agents introduces new identity-like entities inside the enterprise, creating non-human identities that act in new ways. They introduce elevated risk of data leakage, privilege escalation, and workflow manipulation, amplified by the agentic AI’s inability to differentiate between legitimate and suspicious activity. This opens them up to the danger of inadvertent damage via their own mistakes, as well as exploitation by malicious actors.
With the introduction of agentic AI, the lines between activity from human users and activity driven by AI is increasingly blurred. This makes it more complex and difficult for security measures to work as intended. Traditional defenses employed by many organizations tend to fall short in environments making use of agentic AI tools alongside human users.
Why This Acquisition Makes Strategic Sense
Proofpoint has historically focused its efforts on email and human-centric security, offering SaaS and products for identity, email, and data loss protection. The extension into AI behavior monitoring and governance represents an effort toward keeping in step with technological advances and the shifting threat landscape as organizations increasingly adopt agentic AI for critical business operations. This acquisition strengthens the company’s position in identity-aware, data-centric protection for modern enterprises.
The strategic power of the deal lies in Proofpoint’s commitment to evolving the company’s capabilities as trends in technology continuously progress. “Cybersecurity has always been a forward-looking discipline,” says Morey J. Haber, Chief Security Advisor at BeyondTrust. “By anticipating where technology, threat actors, and regulation are heading, we can better protect our customers and help the industry prepare for what’s next.”
Securing AI Before It Secures You
The widespread adoption of AI tools and agents has created an urgent need for comprehensive visibility into AI usage patterns. Shadow IT has evolved to include shadow AI, amplifying existing risks while introducing new ones. Protecting enterprise environments in the age of AI requires a renewed approach to security that prioritizes visibility and policy enforcement for AI-powered workflows.
As regulators focus on AI risk, organizations must consider the implications for governance and compliance. Agentic AI tools demand a new approach and increased investment in oversight and monitoring, behavioral analysis, and AI-aware data governance and risk mitigation efforts.
The Bigger Industry Trend
Proofpoint’s acquisition of Acuvity is part of a broader trend in the cybersecurity industry of security vendors repositioning around increasingly prevalent AI-native threats. The convergence of identity security, data protection, and AI governance is driving a rise in mergers and acquisitions. Leading companies making moves to consolidate functionality and expand their capabilities are exemplifying a larger shift in the industry.
With the continuing rise of AI agents, agentic security may become a core enterprise priority in the near future. AI tools and agents introduce new and growing threats to enterprise environments that traditional security measures fail to address. Organizations looking to benefit from the adoption of AI agents must invest in protections designed to handle agentic AI risks.
The Race to Secure Autonomous Workflows
Adoption of AI tools is accelerating in enterprise environments regardless of security readiness, and AI usage is currently outstripping protections by far. Moving forward, the organizations that come out on top will be those that treat AI governance as a foundational aspect of their security strategies. Proofpoint’s acquisition of Acuvity is an early signal of where enterprise security is headed in 2026 and beyond.
