The Centre for Internet Security (CIS), Astrix Security, and Cequence Security announced a strategic partnership to develop new cybersecurity guidance tailored to the unique risks of artificial intelligence (AI) and agentic systems.
This collaborative initiative builds on the globally-recognised CIS Critical Security Controls® (CIS Controls®), extending its principles into AI environments where autonomous decision‑making, tool and API access, and automated threats introduce new challenges. The intent of the partnership includes initially developing two CIS Controls companion guides: one for AI Agent Environments, which will focus on securing the agent system lifecycle; the other for Model Context Protocol (MCP) environments.
MCP environments introduce unique risks, including credential exposure, ungoverned local execution, unapproved third‑party connections, and uncontrolled data flows between models and tools. Together, these guides will provide targeted safeguards for organisations operating in environments where MCP agents, tools, and registries interact dynamically with enterprise systems.
“AI presents both tremendous opportunities and significant risks,” said Curtis Dukes, Executive Vice President and General Manager of Security Best Practices at CIS. “By partnering with Astrix and Cequence, we are ensuring that organisations have the tools they need to adopt AI responsibly and securely.”
Astrix’s contribution centres on securing AI agents, MCP servers, and the Non‑Human Identities (NHIs), such as API keys, service accounts, and OAuth tokens, that link them to critical systems.
“AI agents and the non‑human identities that power them bring great potential but also new risks,” said Jonathan Sander, Field CTO of Astrix Security. “Our focus is helping enterprises discover, secure, and deploy AI agents responsibly, with the confidence to scale. Through this partnership, we’re providing clear, practical guidance to keep AI ecosystems safe so organisations can innovate with confidence.”
Cequence brings years of enterprise application and API security experience to agentic AI enablement and security.
“As organisations embrace agentic AI, trust hinges on visibility, governance, and control over what those agents can see and do to your applications and data,” said Ameya Talwalkar, CEO of Cequence Security. “Security is strongest through collaboration, and this partnership gives organisations clear guidance to adopt AI safely and securely.”
How the partnership supports organisations
- Extends trusted cybersecurity frameworks into AI environments, addressing risks from autonomous systems and integrations.
- Delivers clear, prioritised safeguards that guide enterprises toward secure and responsible AI adoption.
- Combines expertise across standards, API security, and application defence to provide comprehensive protection.
The new guidance is scheduled for release in early 2026, accompanied by workshops, webinars, and supporting resources delivered jointly by CIS, Astrix, and Cequence. Together, the organisations aim to help enterprises translate recommendations into practice while building a stronger foundation of trust, transparency, and resilience across the AI ecosystem. By working from a shared framework, enterprises, vendors, and security leaders can align on a common language for securing AI environments.
Discussion about this post