1stProtect Launches AgentProtect: Runtime Control for Autonomous AI Agents
1stProtect announces the general availability of AgentProtect, the first enforcement layer that governs what autonomous AI agents are actually allowed to do — not what they say they will do — enforced at the action level in under 100 milliseconds.
SAN FRANCISCO, June 24, 2026 — 1stProtect, the Silicon Valley runtime security company founded by veterans of CrowdStrike, Symantec, and Cisco, today announced the general availability of AgentProtect, the industry's first runtime enforcement layer purpose-built for autonomous AI agents. AgentProtect is now generally available to production customers across finance, MSSP, and AI-native environments.
The launch marks a significant expansion of 1stProtect's platform beyond traditional endpoint security into the agentic computing era, where AI agents — not human operators — initiate file reads, shell commands, tool calls, and data transfers at machine speed.
The Problem AgentProtect Solves
Enterprises are deploying coding agents, SRE agents, computer-use agents, and MCP-connected copilots with broad access to production systems. These agents are trusted software — they are not malware — which means traditional security tools have no mechanism to stop them. A single poisoned prompt can redirect a legitimate agent to exfiltrate credentials, move sensitive files, or execute unauthorized shell commands, and the damage happens before any alert fires.
Existing approaches fall into two categories, and both fail for the same reason: they analyze intent rather than governing action.
- Prompt filtering reads the instruction and tries to predict whether it's dangerous. Injections evolve faster than classifiers, and the harm doesn't happen in the prompt — it happens in the action that follows.
- EDR and CASB tools see a legitimate process running with valid credentials and wave it through. They alert after the fact, far too slowly to stop a machine-speed exfiltration.
"The security industry spent thirty years learning to detect attackers. AI agents broke that model entirely — they aren't attackers, they're trusted processes you authorized. The only answer is to govern what they're actually allowed to do," said Kervin Pillay, Chief Executive Officer of 1stProtect. "AgentProtect is the enforcement layer that didn't exist. It watches every action an agent takes and stops the ones outside its boundary, in real time, before the data moves."
How AgentProtect Works
AgentProtect runs as a policy and enforcement layer on top of 1stProtect's single user-space SIGMA engine — the same engine already deployed across the platform. There is no new agent to install, no cloud round-trip for decisions, and no kernel module that could destabilize production systems.
Operators define a per-agent or per-agent-class boundary: which files the agent may read or write, which shell commands it may run, which network destinations it may reach, which tools it may call. AgentProtect watches every action through the SIGMA engine and terminates any action that crosses the boundary in under 100 milliseconds — without interrupting the agent's legitimate work.
Every action is simultaneously captured as an immutable forensic record by the on-host MCP AI Investigator, which performs analysis locally with zero cloud latency. The complete audit trail is available even in fully offline or air-gapped environments.
"AgentProtect uses the same architectural insight we applied to endpoint security: push the decision to the point of action, not the cloud. An agent trying to exfiltrate data doesn't care whether your SIEM has connectivity. Our enforcement layer doesn't either," said Rafel Ivgi, Chief Technology Officer of 1stProtect, who previously held senior positions at SentinelOne, CrowdStrike, Symantec, and Forcepoint. "We enforce at the syscall level, in user space, with less than one percent CPU overhead. Enterprise security teams asked us for this capability before the ink was dry on our RSAC announcement."
Coverage
AgentProtect directs the 22 Protect modules in the SIGMA engine at agent behavior. Key enforcement categories include:
- Data exfiltration — network, USB, and clipboard egress (DataProtect · ExfilProtect · DeviceProtect)
- Unauthorized shell execution — commands outside the agent's defined remit (ShellProtect)
- Prompt injection and call-chain hijacking — actions triggered by injected or poisoned instructions (CallChainProtect · InjectProtect)
- Credential and identity abuse — agent attempts to read credentials, sessions, or Active Directory (CredentialProtect · IdentityProtect · ADProtect)
- Browser and computer-use agents — unauthorized browsing, URL access, or UI automation (AppProtect · BrowserProtect · URLProtect)
- Destructive and wiper actions — ransomware-pattern or irreversible host modifications (RansomProtect · WiperProtect)
Deployment
AgentProtect ships in Audit Mode by default. Security teams can observe exactly what their agents do — and exactly what AgentProtect would have blocked — without terminating any action. Once the environment is baselined and legitimate agent behavior is whitelisted, teams switch to Enforcement Mode with a single configuration change. Deployment is zero-touch via Helm DaemonSet for Kubernetes environments and standard MDM tooling (Jamf, Intune, Kandji) for endpoints.
Availability
AgentProtect is generally available today. Prospective customers can request an Agent Exposure Assessment at 1stprotect.ai or contact the sales team directly.
Contact
Investor and Customer Contact: info@1stprotect.ai
Media Contacts: Scott Deveau / Nate Johnson, August Strategic Communications — 1stProtect@augustco.com