Ory launches Agent Security for enterprise AI

Ory on June 9, 2026, introduced Agent Security, a new control plane designed to secure AI agents at the moment they act inside enterprise systems. The launch targets growing risks around autonomous agents, including unauthorized tool use, excessive permissions, and prompt-injection-driven actions. Why it matters: - Ory Agent Security moves identity and access control to the point where AI agents execute commands, invoke tools, and touch enterprise data. - The launch is aimed at a gap in traditional security, which often focuses on credentials, networks, gateways, or protocols instead of the action itself. - The product is meant to help enterprises govern agent-driven workflows with tighter trust, accountability, and policy enforcement. What happened: - Ory announced the availability of Ory Agent Security on June 9, 2026. - The product is described as the first Agent IAM control plane designed to secure AI agents at the point where they take action. - Ory said the platform is available immediately. - The announcement included a product page for more information: the company’s announcement . The details: - The architecture is patent-pending. - Identity, authorization, and governance controls are embedded in the agent harness, the software layer that connects AI agents to tools, APIs, files, and enterprise systems. - The platform evaluates policy before an action is executed, not after the fact. - At the moment an action is requested, the system checks agent identity, delegated user identity, the requested tool, command parameters, and applicable policy. - The platform is built to authenticate AI agents before they access enterprise systems, data, and services. - Fine-grained authorization policies govern what agents are allowed to do. - Ory Agent Security controls and monitors agent access to tools, APIs, and downstream resources. - Security policies can be enforced across the agent lifecycle through an event-driven architecture. - The product captures audit trails of agent actions, decisions, and other security-relevant events. - A flexible plugin framework lets organizations extend governance controls to fit their own risk requirements. Between the lines: - The launch reflects a broader shift in enterprise security from protecting infrastructure boundaries to supervising autonomous actions. - Ory is positioning Agent IAM as a new layer of enterprise security for AI systems that can act without direct human review. - The company is also framing the product as model-agnostic, with controls that work independently of the underlying model, framework, or transport mechanism. - The emphasis on prompt-injection risks and unauthorized tool use signals that Ory sees agent behavior as a growing operational and compliance problem, not just a technical one. - Simon Moffatt, founder and analyst at The Cyber Hut, said agentic AI is exposing identity and governance gaps that traditional access control models were never designed to address. - Moffatt said organizations need visibility into who is acting, what tools agents can access, and how decisions are made. - Moffatt also said Ory’s plugin-based approach provides a flexible foundation for securing and governing agent-driven workflows. What’s next: - Enterprises can start using the platform now. - Ory said pricing, deployment information, and product details are available on the product page. - Wider adoption will likely depend on how quickly organizations move from traditional access control to agent-specific governance. - Ory is betting that Agent IAM will become a foundational part of enterprise AI security as autonomous agents take on more work. The bottom line: - Ory is trying to redefine AI security around the decision to act, not just the place where an agent connects.