Mitiga unveils Agentic Runtime Security for cloud, SaaS, identity, and AI protection

Mitiga has announced Agentic Runtime Security, a new approach to runtime detection and response across cloud, SaaS, identity, AI, and third-party services that anticipates, detects, interrupts, and stops active attacks before they impact the business.

For two decades, security operations centered on the endpoint. EDR carried the load, most detections were built there, and most analyst muscle memory lived there. But the primary asset is no longer the server – it’s third-party services, cloud, SaaS, third-party identity providers, and AI. That world is more complicated than endpoints, not less, and the one place no endpoint agent can reach is exactly where modern attacks now land.

“We do for SecOps in this new world everything they’re used to getting from an EDR on the endpoint – but for all the modern infrastructure services and resources,” said Ofer Maor, CTO of Mitiga.

“Runtime security as most people define it means an agent inside a workload. But the modern attack surface lives outside the workload, where there is no operating system to instrument, and the only signal is the audit trail the platform emits. We engineered Mitiga to make log-based runtime defense possible – to detect on behavior in real time, across cloud, SaaS, identity, and AI, and to contain attacks before anything bad happens.”

Multiple forces are reshaping what the SOC has to defend

Agentic Runtime Security responds to a structural shift in the modern SOC. As enterprises move off the endpoint and onto modern infrastructure, four forces are converging:

A compensating control for AI-discovered vulnerabilities. AI finds and exploits vulnerabilities faster than the world can patch them, and exploitation often begins before a fix ships. When an exposure can’t be closed in time, defenders need to detect and disrupt what comes through the open window.

SaaS, shadow SaaS, and embedded AI visibility. The average enterprise runs hundreds of SaaS applications, sanctioned, unsanctioned, and entirely unknown. And shadow AI is rarely just a standalone tool. It now includes AI that’s embedded inside trusted SaaS platforms like CRMs, HR systems, financial management, and collaboration tools. Posture tools were not built to surface active SaaS and AI misuse, and you cannot defend what you cannot see.

Agentic and non-human identity threats. Chatbots, copilots, and autonomous agents now act with their own credentials and permissions. The fastest growing identity on the enterprise network is no longer a person, and it operates entirely outside the endpoint’s line of sight.

Attacks that move at machine speed. Modern attacks move across cloud, SaaS, identity, AI, and third-party services in minutes. Defending against them means anticipating, detecting, interrupting, and stopping active attacks across the entire modern infrastructure, in runtime.

Runtime, redefined for the place attacks happen

Agentic Runtime Security reflects a structural difference between the modern stack and the endpoint. On an endpoint, defenders can always fall back to the device, pull a disk image, capture a memory dump. In a cloud and services world, there is no endpoint to fall back to. Defense is 100% percent dependent on the logs, not just the security logs, but everything the platforms emit. That dependency is why a forensic-grade data layer is a structural necessity for Mitiga, not a feature.

Mitiga’s platform turns that necessity into an advantage by providing panoramic visibility across cloud, SaaS, identity, and AI environments. It uses behavioral detection to identify compromised credentials, lateral movement, and data exfiltration as they occur. Automated AI-driven triage reduces noise and builds a prioritized attack narrative, while rapid containment actions can revoke sessions, quarantine identities, and block API calls during an attack. The result is Zero-Impact Breach Prevention delivered in runtime.

AI-native by design

Agentic Runtime Security is not AI bolted onto a legacy stack. Every part of the Mitiga platform runs on the same agentic, AI-native foundation, organized around three pillars:

Defend with AI – an automated SOC agent that delivers AI triage, agentic investigation and hunting, and automated containment and remediation, integrated via API and MCP.

Defend from AI – runtime detection engineered for AI-centric and AI-scaled attacks, with automated detection engineering built for AI-speed adversaries.

Defend the AI – protection for AI resources and SaaS applications, detecting and stopping attacks across workforce AI (such as ChatGPT, Copilot, and Agentforce), AI infrastructure (such as Bedrock and Claude), and the identities that operate them.

Underpinning all three is the foundation: Mitiga is Built with AI. This provides the ability to create, test, and continuously improve detections and broad runtime capabilities at AI-native speed and scale.

Three proof points: seeing what endpoint tools can’t

The launch is anchored by three findings that show why the modern attack surface demands a different vantage point – the cloud, not the endpoint.

1. SaaS discovery from the cloud, not the endpoint. In recent customer deployments, Mitiga surfaced more unauthorized SaaS applications than agent-based endpoint security solutions already in place. Endpoint and network-traffic tooling can only see what crosses the devices it sits on. Mitiga discovers shadow SaaS from the cloud and identity control plane, where the activity actually originates, catching sanctioned-looking, identity-driven app adoption that never generates a telltale endpoint signal.

2. AI-era shadow SaaS is a new and dangerous threat class. Unsanctioned SaaS no longer means an employee quietly sharing a file. Consider a meeting transcription tool like Otter.ai. It is not file-sharing, it is a conversation recorder that joins meetings, transcribes them, and retains the contents. One unsanctioned adoption creates exposure for every participant in every meeting it touches, expanding the blast radius from a single user to entire rooms of people who never installed anything. These tools widen data exfiltration risk and open the door to both human and non-human identity threats, and they are precisely the category endpoint tools are structurally blind to.

3. Real-time threat coverage for embedded AI agents and chatbots. The fastest growing identity on the modern network isn’t a person. Embedded chatbots, AI copilots, and autonomous agents now act inside cloud and SaaS environments with their own credentials, tokens, and permissions, often with broad access and little oversight. Mitiga extends behavioral, indicator-of-attack (IOA) based detection to these non-human and machine identities, watching how agents and chatbots actually behave in runtime, the calls they make, the data they reach, the actions they take, and flagging the anomalous activity that signals compromise or abuse as it happens. As enterprises wire AI into core workflows, this is the identity layer endpoint tools were never built to see.

“Together, the three tell one story. Mitiga sees what endpoint tools can’t see – and the things those tools are missing are the most dangerous category in the enterprise right now,” said Charlie Thomas, CEO at Mitiga. “Shadow AI-era SaaS and the explosion of non-human identities are expanding faster than any governance program can keep up with, and they live entirely outside the endpoint’s line of sight. You don’t close that gap by watching the device harder. You close it by defending the cloud, SaaS, identity, and AI surfaces at runtime.”

Built for the agentic SOC

Agentic Runtime Security is designed for where the SOC is heading away from the legacy SIEM and SOC model and toward an agentic, AI-native operating model.

Mitiga serves as the cloud, SaaS, identity, and AI authority layer that feeds agentic SOC orchestrators the domain-grade, pre-contextualized evidence they need to reason, reaching the control plane no endpoint agent can touch, backed by a long-horizon distributed data lake leveraging both existing and collected, enriched data across the entire modern infrastructure. The result is AI-powered detection and response fast enough to shift the discipline from reacting after impact to disrupting attacks before it.