Effective AI security in enterprises necessitates enhanced visibility across users, AI agents, data, and interconnected systems.
Proofpoint has introduced a comprehensive AI security strategy that integrates collaboration security, data protection, AI governance, and runtime controls as businesses increasingly incorporate AI tools and agents into their operations.
During a recent media briefing, Jennifer Cheng, Director of Cybersecurity Strategy for APJ at Proofpoint, emphasized the importance of examining the interplay between people, data, and AI as work transcends traditional email and collaboration platforms.
“Humans are no longer working in isolation. They are engaging with AI tools and autonomous agents,” Cheng noted. “We envision a future where humans, agentic AI, and systems collaborate in what we term the ‘agentic workspace.’
Proofpoint has seen consistent growth since its acquisition by Thoma Bravo in 2021. The company now serves nearly three million customers globally, encompassing major enterprises, government agencies, and public-sector organizations. In the APJ region, the team has expanded to over 300 members, tripling in size since 2019.
Cheng highlighted that Proofpoint continues to manage email data on a massive scale, leveraging visibility across trillions of emails. While the company remains renowned for its email security, she pointed out that email has evolved into more than just a communication tool; it’s become an identity conduit that attackers exploit through phishing, business email compromise, and account takeovers.
Proofpoint’s current focus spans collaboration tools, SMS messaging, phishing simulations, cloud accounts, insider threats, and data protection. The company has seamlessly integrated several acquisitions into its platform to bolster data security and governance, including data loss prevention, according to Cheng.
The briefing also spotlighted Proofpoint Nexus, the company’s detection platform. Nexus harnesses data from across Proofpoint’s systems to enhance detection models and assist organizations in evaluating risks associated with users, data, and AI activities.
Tim Choi, Group Vice President of Product Marketing at Proofpoint, identified three primary security concerns arising from the adoption of enterprise AI: how users access AI tools, how organizations design and implement AI agents, and how these AI tools integrate with enterprise systems and data.
Research by Proofpoint revealed that 68% of employees acknowledge using AI tools that lack employer approval. These tools encompass both web-based services and software installed on individual devices, such as desktop AI applications and AI-enabled browsers.
“The first question many security professionals ask is, what are these tools, and how are my users leveraging them to complete their work?” Choi remarked.
Monitoring prompts, responses, and connections is vital since AI interactions may involve attempts to extract sensitive information, circumvent safeguards, or produce unsafe outputs. Furthermore, AI tools may connect with messaging systems, middleware, repositories, or business data.
When questioned about initial steps organizations should undertake, Choi advocates for establishing governance prior to deploying technical controls. “The organization needs a safe AI usage policy document,” he stated, emphasizing the necessity for business and functional teams to agree on AI utilization before developing risk-based controls.
Choi mentioned that AI agents introduce an additional layer of risk, as their operations extend beyond a single prompt and response. Agents have the capability to call language models, MCP servers, tools, and services throughout multiple steps.
“Each micro-step could introduce new risks, making it essential to understand the interactions occurring within that agent,” he noted.
Proofpoint’s AI security offerings include AI Security for Access, AI Security for Agents, and AI Security for MCP. AI Security for Access is centered around identifying AI tools, regulating usage, and monitoring prompts, replies, links, content, and payloads. AI Security for Agents provides insights into agent behavior, imposing guardrails and runtime controls, while AI Security for MCP functions as a conduit between AI tools and enterprise systems.
Current security tools remain integral to enterprise AI security strategies, Choi explained. Proofpoint is exploring integration possibilities with industry peers through MCP servers, facilitating connections between security tools and expediting information retrieval across interconnected systems.
Data Exposure Continues to be a Concern
Richard Combes, Head of Data Security Sales Engineering for EMEA and APJ at Proofpoint, highlighted the increasing difficulty of data security as volumes rise and AI tools gain access to more enterprise content.
“We anticipate a 300% increase in data volumes over the next five years,” Combes stated. “More data will be processed by a greater number of systems at machine speed.”
The primary risks involve data loss across various channels, excessive internal file access, insider misuse, and GenAI applications exposing sensitive data at scale, Combes explained. Shadow AI poses a significant risk as employees may adopt unauthorized tools beyond company-approved contracts and safeguards.
When asked about initial steps for organizations, Combes suggested that they should promptly map their AI data usage. This involves identifying the AI tools in operation, the data they access, the sources of that data, ownership, and any outputs or logs generated. These actions should align with governance policies, access controls, guardrails, and regular risk assessments, he outlined.
He cited a case in New South Wales where a contractor involved in a flood recovery program reportedly submitted a spreadsheet containing about 3,000 names to ChatGPT to assist in formatting and data extraction. Combes noted that the file included contact details and, in some instances, personal health information.
Combes demonstrated Proofpoint’s AI data governance module, which reveals both approved and shadow AI applications, risky prompts, uploaded files, connected repositories, and users contributing to heightened exposure. The platform can also identify AI tools tied to platforms like SharePoint and facilitate the revocation of those connections.
He illustrated how the platform manages sensitive data shared with AI tools. In one instance, a sanctioned AI tool was permitted to process code, but a plain-text password was redacted prior to submission.
“Our objective is not to prohibit all AI usage but rather to prevent sensitive information from being input into these systems,” Combes clarified.
When asked about areas where organizations still lack visibility, Cheng pointed out that while many are scrutinizing agents and AI, the broader issue revolves around how AI influences existing vulnerabilities. “AI accelerates threats,” she asserted. “It amplifies gaps, intensifies threats, and increases their volume.”
Organizations should evaluate whether their existing tools address current risks while considering behavior, intent, and interactions among humans, agents, AI systems, and communication channels, Cheng recommended.
