New industry collaboration aims to define clear, practical safeguards for securing autonomous AI environments.
In a decisive move to strengthen the security foundation of emerging AI ecosystems, the Center for Internet Security (CIS), Astrix Security, and Cequence Security have formed a strategic partnership to develop actionable guidance for organizations adopting AI and agentic systems. The rise of autonomous decision-making, tool-mediated actions, and dynamic Model Context Protocol (MCP) environments has introduced risks that traditional security frameworks were never designed to address. This collaboration aims to close that gap.
The initiative extends the globally trusted CIS Critical Security Controls into AI-driven architectures. Two companion guides will form the core of the effort: one focused on securing AI agent environments throughout their lifecycle, and another targeting the rapidly evolving MCP landscape, where AI agents, tools, and registries interact with enterprise systems in unpredictable ways.
“Agentic AI will only succeed when enterprises have full visibility and control over what these systems can access and execute.” — Ameya Talwalkar
Curtis Dukes, Executive Vice President at CIS, underscored the importance of delivering guardrails that help organizations adopt AI responsibly. Jonathan Sander, Field CTO at Astrix Security, highlighted the growing exposure around Non-Human Identities (NHIs)—API keys, service accounts, and tokens—which now form the backbone of agent operations and remain one of the most overlooked security blind spots. Ameya Talwalkar, CEO of Cequence Security, emphasized that enterprise trust in agentic AI hinges on governance, visibility, and control across application and API layers.
Together, the three organizations bring complementary strengths: CIS’s standards expertise, Astrix’s leadership in AI agent and NHI governance, and Cequence’s proven capabilities in API and application security. The result is a unified effort to help enterprises navigate the risks of autonomous AI with clarity and confidence.
The guidance, scheduled for release in early 2026, will be supported by workshops, webinars, and implementation resources to help security teams operationalize the recommendations. As businesses accelerate AI adoption, this partnership signals a crucial shift toward building AI ecosystems rooted in accountability, transparency, and measurable security outcomes.
