AI Security - Reco Launches New Tool for Agent Sprawl
Basically, Reco created a tool to help companies keep track of AI agents that can act without human help.
Reco has launched a new AI Agent Security tool to tackle risks from autonomous agents accessing sensitive data across systems. This addresses a growing security challenge for enterprises. With this tool, security teams can gain better control and visibility over AI-driven actions.
What Happened
On March 18, 2026, Reco unveiled its new capability, Reco AI Agent Security, designed to address the growing challenge of agent sprawl in enterprises. As businesses increasingly adopt AI-driven tools, numerous autonomous agents are now traversing multiple systems. These agents can access sensitive data and execute actions without direct human oversight, leading to potential security vulnerabilities. Reco's new tool aims to give security teams complete visibility and control over all AI agents operating within their SaaS ecosystems, including popular platforms like Copilot, ChatGPT, and Salesforce Agentforce.
The CEO of Reco, Ofer Klein, emphasized that traditional SaaS security posture management (SSPM) tools were not built to manage the unique behaviors of AI agents. He stated, "Security teams have spent years getting visibility into their SaaS applications, but AI agents operate differently." This new capability is intended to fill the gap left by existing security tools that focus primarily on connections rather than behaviors.
Who's Being Targeted
The primary targets of this new security capability are enterprises that utilize AI-driven tools across various platforms. As organizations integrate more autonomous agents into their workflows, they face increased risks associated with these agents accessing sensitive information and performing actions autonomously. Reco's AI Agent Security tool is particularly relevant for businesses that rely on automation tools like n8n and Zapier, which can inadvertently expose data through misconfigured settings or excessive permissions.
By providing enhanced visibility into agent behaviors, Reco aims to protect organizations from potential data breaches and compliance issues that could arise from unchecked agent activities. The tool is designed to help security teams proactively manage these risks, ensuring that AI agents operate within defined security parameters.
Signs of Infection
Identifying the signs of compromised AI agents can be challenging, especially since they often operate under service accounts or shared credentials. Reco's approach focuses on monitoring API call patterns and behaviors that indicate autonomous actions. For instance, an AI agent accessing a large volume of records in a short time frame may signal unusual activity that warrants investigation.
Klein highlighted that many incidents have involved agents with excessive permissions, such as those accessing customer personally identifiable information (PII) in Salesforce or financial data in NetSuite. By tracking these behaviors, Reco can help organizations detect potential risks before they escalate into significant security incidents.
How to Protect Yourself
To mitigate the risks associated with AI agents, organizations should consider implementing Reco's AI Agent Security tool as part of their existing SaaS security framework. This tool provides a multi-layered detection model that goes beyond traditional OAuth-based discovery, focusing on how systems behave rather than just how they connect.
Security teams should also conduct regular audits of their AI agents and automation tools to ensure they have appropriate permissions and are not engaging in risky behaviors. By maintaining a proactive stance on AI agent management, organizations can significantly reduce their exposure to potential threats and safeguard their sensitive data from unauthorized access.
CSO Online