Reco launches agent security for enterprise AI risk

Reco has launched Reco Agent Security, extending its platform to address security risks linked to AI agents.

The offering is designed for agents operating across business applications, workflows, identities and integrations, where they can access data, trigger actions and interact with other systems.

Reco is positioning the launch around a problem it argues is not addressed by point security tools focused only on models or identity controls. The company says AI agent risks extend across the wider software estate because agents inherit permissions, use service accounts, connect to multiple applications and can take action without direct human intervention.

The product is built on the Reco Graph, which Reco describes as its underlying system for mapping and monitoring interactions across enterprise environments. According to the company, the graph allows security teams to identify agents, understand what they can reach, assess risk in operational context and take remedial action before data is exposed or workflows are disrupted.

Operational focus

The launch reflects a broader shift in corporate security as businesses adopt AI agents and copilots inside internal systems. In these environments, agents may read sensitive records, call application programming interfaces, update files, move data between systems and initiate workflows, creating a layer of operational risk beyond the models themselves.

Reco says its approach is intended to help security teams answer not only what an agent has done, but also what it is able to do. That distinction matters in enterprise settings, where access paths, delegated permissions and application integrations can combine to create routes into sensitive systems that are not obvious when viewed separately.

Among the functions included in Reco Agent Security is agent discovery and inventory. The system identifies agents, AI workflows, copilots, service accounts and other non-human identities across the environments in which they operate, giving security teams a live view of ownership, connected applications, permission scope and recent activity.

It also maps identity and ownership to show who deployed an agent, which users or teams are associated with it, which identities it relies on and who is accountable for its actions. Reco says this can help organisations spot unmanaged or orphaned agents before they create exposure.

Another element is permissions and scope analysis. The product examines OAuth grants, roles, API keys, delegated access and other permissions used by agents, flagging excessive access, stale tokens, unapproved connections and permission sets that go beyond an agent's intended role.

Monitoring activity

The product also establishes baselines for agent activity and watches for deviations. That includes API calls, data access patterns, timing, transaction volumes and external endpoints, with alerts for abnormal data movement, out-of-hours activity, new external links and unexpected agent-to-agent interactions.

A further function maps what Reco calls an agent's blast radius by tracing its reach across applications, APIs, data stores, tools, workflows and connected services. The company says this is intended to identify combinations of access that may look acceptable in isolation but together create a path to sensitive information or critical systems.

The system then scores and prioritises risks using a mix of identity, permissions, connectivity and activity data. Reco says this is meant to help security teams focus on agents that pose material business risk instead of reviewing broad lists of AI usage without context.

The remediation element recommends specific actions such as reducing permission scope, revoking stale access, disabling unauthorised agents, routing issues to owners and linking with existing ticketing and security workflows.

"Agents do not act alone. They operate across apps, identities, workflows and integrations that determine what they can reach and what they can do," said Ofer Klein, Chief Executive Officer and Co-Founder of Reco.

"Reco Agent Security provides organizations the context, coverage and control they need to protect their production environments from agent risk without slowing down AI adoption," Klein said.

The product is available immediately as part of the Reco platform. Reco says it works with Fortune 500 customers, offers more than 230 application integrations and 1,000 detection controls, and has raised USD $85 million from investors including Insight Partners, Zeev Ventures, boldstart ventures, Angular Ventures and Redseed.