IMAGE: Proofpoint
At its annual Proofpoint Protect 2025 conference in September, Sumit Dhawan, CEO of Proofpoint, announced four new innovations intended to secure the agentic workspace, where people and AI agents work collaboratively.
Dhawan stated that protecting this environment marks an evolution in human-centric security, expanding protection to include both people and AI agents. The company’s goal is to provide customers with tools for safeguarding data and addressing emerging threats associated with AI.
The agentic workspace concept stems from increased use of AI agents and assistants, which have broadened productivity opportunities but also increased potential attack surfaces.
“The agentic workspace is here and one of the most profound shifts in terms of how work gets done. Protecting the agentic workspace is the next evolution of human-centric security, extending beyond people to safeguard AI agents and the points where they collaborate and share data. Our mission is to ensure our customers can confidently embrace AI, knowing we will protect them and their data against emerging threats,” said Dhawan.
Just as digital transformation created the digital workspace, AI transformation is ushering in the agentic workspace. As AI agents and assistants work alongside people to enable breakthrough productivity, they also expand the attack surface at unprecedented speed.
Proofpoint’s new collaboration and data security capabilities address the foundational risks of the agentic workspace by solving four critical challenges: protecting AI assistants from targeted attacks; ensuring the right controls to stop data loss by people and agents; governing the actions of GenAI and AI agents; and using AI agents themselves to automate collaboration and data security for security professionals.
AI assistants and agents are also increasingly embedded in workflows, automating tasks, analysing information, and collaborating with people and each other. These agents are built to behave like people: they click, share and act.
IMAGE: Proofpoint
AI agents can also be tricked, misled or compromised. “We view human-centric risks and AI-centric risks as similar risks, just treated differently by Proofpoint,” Dhwan added.
People and agents face risks from social and prompt engineering attacks to the unauthorised disclosure of sensitive data or credentials, and require similar, but expanded protection.
Proofpoint’s solutions aim to secure the layer where people, agents and data connect.
Detecting and preventing AI exploits over email: Enabling people and agents to trust agentic workspace collaboration
Malicious prompts embedded in email pose risks to AI assistants such as Microsoft Copilot and Google Gemini. These messages can manipulate AI, bypass defences and exfiltrate sensitive data. Proofpoint’s newly announced technologies, incorporated into the Proofpoint Prime Threat Protection solution, block these exploits before reaching users, thereby supporting trusted interaction between people and AI agents.
In Q4 2025, for instance, the company is extending its Nexus detection models to defend against AI exploits delivered via email. The enhanced detection capabilities uncover hidden prompts designed to manipulate AI tools and weaponise email. Its large language models interpret intent and identify concealed instructions that could trigger malicious commands, blocking these messages before they even reach inboxes connected to AI assistants.
Other Proofpoint’s newly announced technologies, delivered through the Proofpoint Prime Threat Protection solution, block these exploits before they reach inboxes, ensuring people and AI agents can trust every interaction.
Proofpoint Data Security Complete and Proofpoint AI Data Governance: Providing unified data security protection along with AI data governance
In the era of AI, data security risks have increased. With Proofpoint Data Security Complete, organisations can locate, classify control access to, and monitor sensitive data across endpoints, email, web and cloud services. This product utilises autonomous custom classifiers for dynamic, accurate classification with limited manual effort. It provides a consolidated data risk map and supports one-click remediation, integrating DSPM, DLP, insider threat management and data lineage tracking.
Proofpoint AI Data Governance enables discovery of sanctioned and unsanctioned AI usage, applies policies to prevent data exfiltration and privacy issues, and governs access through automated workflows.
Proofpoint Secure Agent Gateway: Stopping customer-deployed AI agents from losing data
Sensitive information in agentic workspaces is accessed not only by people but also by organisational AI agents. Proofpoint introduces Proofpoint Secure Agent Gateway, built on model context protocol (MCP), which regulates agent data access, monitors activities, enforces policy controls, and blocks or redacts sensitive data before it is shared. This gateway works with Proofpoint Data Security Complete to create a unified approach to data security for both people and AI agents.
A crucial component of the gateway is Proofpoint’s Data Risk Map that identifies where sensitive data resides, how it moves and who accesses it. This comprehensive visibility enables teams to take informed action, shifting data security practices from reactive measures to proactive governance, and providing complete insight into data flows for effective incident response. The cross-channel data lineage feature allows organisations to trace sensitive data from its origin through every instance of manipulation, duplication, and transfer, extending to all egress channels.
For incident response and risk assessments, this level of traceability ensures that security teams can precisely determine the file’s origin, track its movement and identify all user interactions. This information supports the implementation of controls based on file provenance and supplemental contextual intelligence.
By integrating robust visibility with contextual awareness, Proofpoint leverages data lineage as an essential tool for mitigating insider risks, preventing unauthorised data exfiltration, and streamlining compliance efforts.
Proofpoint Satori Agents and Proofpoint Satori Agent-to-Agent Access: A force multiplier for security teams
Proofpoint Satori Agents operate within Proofpoint solutions and perform tasks such as handling data loss prevention alerts, automating phishing simulations, and resolving user-reported email threats for enterprises using the Proofpoint platform. Proofpoint Satori Agents, which the company calls a “force multiplier” for security teams, that manage Proofpoint solutions can streamline and scale security operations, eliminate time-consuming repetitive tasks, reduce alert fatigue and turn data insight into automatic action.
With Proofpoint Satori Agent-to-Agent Access, other agents, such as CrowdStrike Charlotte and Microsoft Copilot, can invoke Proofpoint Satori Agents to collaborate across platforms, accelerating security operations, automating repetitive tasks and driving improved security outcomes. Proofpoint Satori Agent-to-Agent Access leverages MCP; employees without coding expertise can use a prompt-based low-code/no-code approach to easily integrate Proofpoint with other security solutions.
These new capabilities are scheduled for rollout throughout Proofpoint’s platform in the upcoming months. AI exploit detection for email will launch in Q4 2025, Data Security Complete is now available with feature updates continuing over two quarters, and Secure Agent Gateway and Satori Agents will enter phased availability beginning in 2026.
