Tufin introduces AI agents to take on network security work

Tufin is launching a new collection of AI agents designed to take on network security tasks for teams that are already stretched thin. This helps free up scarce expertise to focus on higher-level risks, critical decisions, and defending the enterprise.

Enterprise infrastructure is becoming more dynamic, decentralized, and harder to secure. Tufin’s Network Connectivity Graph, combined with its proven automation playbooks, provides the trusted data and control layer needed to support agent-driven network security at scale.

Legacy security processes are obsolete

AI is embedded across applications, infrastructure, and operations, and enterprise networks are evolving faster than ever. Agent-initiated changes happen at machine speed, often with limited human oversight, and across increasingly complex environments.

This raises a fundamental question for security teams. Who can communicate with whom, including agents, and should they be allowed to?

Threat actors are also using AI to infiltrate and attack these environments. Techniques such as AI-driven exposure discovery, agent-based lateral movement mapping, and autonomous drift exploitation are expanding the attack surface at a rapid pace. Security teams are facing a new and unfamiliar operational reality.

Traditional security workflows were built for a slower and more predictable world. Manual change requests and review cycles that take days cannot keep up when agents continuously initiate, validate, and execute changes across hybrid environments.

Security posture can no longer be assessed periodically or after the fact. It needs to be evaluated continuously.

Four purpose-built agents for network security execution

Tufin is introducing four purpose-built AI agents designed to handle day-to-day network security tasks under human-defined policies and oversight. These agents are powered by the Dynamic Network Connectivity Graph.

• Compliance agent — Continuously validates network segmentation and access against compliance requirements, flags violations immediately, and initiates remediation.
• Network security posture agent — Prioritizes vulnerabilities based on real connectivity exposure, attack paths, and critical assets — guiding updates to compensating controls.
• Application deployment agent — Defines application connectivity requirements, validates them against policy, and helps deploy compliant network access.
• Policy recertification agent — Maps rules to owners, requests approval, and helps eliminate unnecessary access.

Tufin is also showcasing a broader set of TufinAI capabilities. These include Segmentation Intelligence, which is an upcoming feature that ensures security posture aligns with intent, a Model Context Protocol server, the TufinMate self-service chatbot, executive dashboards for fast reporting and insights, and natural language assistants for interacting with network data and workflows.

Together, these capabilities help security teams move away from manual investigations and fragmented visibility toward faster decisions and more controlled, governed action.

“As AI accelerates change across enterprise infrastructure, networks are changing at a pace that makes manual security virtually impossible,” said Raymond Brancato, CEO of Tufin. “Security teams need a precise, trusted understanding of enterprise connectivity, with continuous insights into exposure, proof of segmentation, and validation that the network remains aligned with policy and security intent. There is only one solution that makes organizations confident in their network security posture in an agent-rich world – and that’s Tufin.”

The gap between attackers and defenders is widening quickly. Research from Boston Consulting Group shows that while 60 percent of companies may have experienced AI-enabled attacks in the past year, only 7% are using AI for defense.

Attackers continue to accelerate their use of AI, and enterprise environments are becoming more agent-driven. The gap between the speed of change and the speed of defense will continue to grow.

Tufin provides a trusted foundation for managing connectivity risk. Its Dynamic Network Connectivity Graph and automation playbooks enable organizations to understand exposure, govern autonomous change, and safely apply AI across complex multi-vendor networks.