Exabeam expands ABA to detect AI agent threats across ChatGPT, Copilot, and Gemini

Exabeam has announced the expansion of Exabeam Agent Behavior Analytics (ABA). Without direct visibility into how employees use AI assistants, what they query, what data they share, how frequently they interact, and from where, organizations cannot establish a baseline for normal AI behavior, investigate potential misuse, or detect emerging agentic insider threats.

New support to detect agent behavior in OpenAI ChatGPT and Microsoft Copilot, alongside existing visibility into Google Gemini, transforms these agentic services into rich sources of behavior telemetry that feed directly into Exabeam threat detection, investigation, and response (TDIR) workflows.

“AI agents are evolving from simple chatbots into autonomous digital workers,” said Steve Wilson, Chief AI and Product Officer at Exabeam. “They authenticate, access systems, and execute real business processes. When compromised, their activity will often look legitimate. Guardrails designed to catch prompt injection or hallucinations do not address that risk. Securing digital workers requires deep visibility into baseline behavior and the ability to detect subtle deviations before they become material incidents.”

“AI is rapidly reshaping how organizations operate, compete and grow, creating a new, digital workforce that helps them move faster and at scale,” said Pete Harteveld, CEO at Exabeam. “As this transformation accelerates leaders are compelled to understand how these systems operate inside the enterprise. Our expansion of Agent Behavior Analytics helps organizations stay protected from emerging risks while adopting AI with confidence and maintaining the oversight and accountability required to proliferate these capabilities across an enterprise.”

To address these, Exabeam has delivered five new capabilities that work together to provide coverage of the agentic attack surface:

• AI behavior baselining. Exabeam builds dynamic behavior profiles for users and their AI agents, tracking patterns across request volumes, token usage, tool invocations, web sessions, and outbound activity. When behavior deviates from established norms, such as sudden spikes in API calls or token consumption. Exabeam flags the anomaly, helping security teams detect misuse before it escalates.
• Prompt and model abuse detection. Exabeam detects prompt injection, model manipulation, and tool exploitation before attacks escalate. A new detection library, five times larger than the previous version, covers the full threat spectrum: prompt manipulation, and shadow AI activity. All surfaced at the point of entry, not after the damage is done.
• Identity and privilege monitoring. While baselining tracks how agents behave, identity and privilege monitoring governs what they’re allowed to do. Exabeam detects anomalies across AI platform roles, users, and permissions — including first-time role assignments, unexpected privilege escalations, and unusual permission changes, ensuring AI identities are governed with the same rigor as traditional enterprise identities.
• Agent lifecycle monitoring. Exabeam provides full visibility into the creation, modification, and usage of AI agents, surfacing first-agent-creation and invocation events as discrete, auditable signals. Security teams can now track the complete lifecycle of every agent operating in their environment, closing the governance gap that has made agent activity invisible to most organizations.
• Coverage for OWASP Top 10 for agentic AI. Exabeam monitors agent behavior against the OWASP Top 10 for agentic AI, bringing measurable coverage to a threat category that previously lacked a defined framework. This alignment establishes a benchmark for governing and defending AI agents in the enterprise.

“As we move deeper into the agentic era, the rapid adoption of AI agents — including a growing ecosystem of enterprise-grade AI tools across our organization — is transforming the risk landscape,” said Nithin Reddy, Global VP of Cybersecurity at Dayforce.

“Security teams now operate in a world where both humans and autonomous agents interact with systems and data at a massive scale. Traditional detection models weren’t built for this reality. What we need is clear behavior visibility and a simple way to quantify risk. Exabeam gives us that clarity — helping us focus on the risks that actually matter instead of chasing thousands of benign signals and enabling us to put the right guardrails in place while continuing to accelerate AI innovation across the business,” Reddy continued.

These new capabilities are accompanied by a broad set of enhancements across the Exabeam New-Scale and LogRhythm Platforms, designed to improve the day-to-day experience for administrators and security analysts while continuing to deliver deep visibility and automated response that helps teams streamline workflows, reduce alert fatigue, and accelerate threat detection.