Salt Security secures AI agent actions across enterprise APIs

Salt Security introduced a new solution designed to secure the actions AI agents take within the enterprise. As large organizations adopt agentic AI, agents are increasingly making real-time API calls through protocols like MCP and A2A, creating a new layer of risk.

Salt converges API and AI security, providing organizations with visibility into every agent-driven action, governance to enforce proper posture, and real-time protection against AI agent abuse.

This release gives security teams immediate visibility, automatic governance, and real-time protection for agentic AI, without extra setup. MCP Protect maps MCP server interactions and surfaces hidden endpoints, while built-in guardrails, enabled by default, enforce safe agent behavior automatically.

“Most organizations’ first AI security gap isn’t prompt and model jailbreak attacks, it’s the invisible API connections powering agents,” said Michael Nicosia, COO of Salt Security. “Salt closes that gap by continuously discovering every API, governing it against policy, and protecting it in real time, including the fast-growing universe of agent-driven traffic.”

What’s new in Salt Security

• MCP Protect: Discovers and monitors all MCP servers and their interactions with AI agents, giving organizations visibility into previously hidden connections. Salt automatically assesses the risk of these interactions, maps sensitive data in motion, and protects against malicious or unsafe MCP server usage.
• Agentic AI Governance: A new category of security controls that enforce safe AI agent behavior, automatically detecting and addressing the riskiest exposures in MCP and A2A environments.

Leading with innovation

• Gartner recommends “double down on API security by adding specialist security solutions to supplement standard gateway protections. Rate-limiting and access management, in particular, are vital for APIs AI applications will consume when addressing the risk of data and services being abused by agentic use.”
• Gartner also projects that by 2028, “80% of organizations will see AI agents consume the majority of their APIs, rather than human developers.”.
• New Salt research shows that only 37% of organizations using agentic AI have a dedicated API security solution, 48% run 6-20 agent types, widening the API attack surface.
• Out-of-the-box controls begin monitoring at first login to automatically detect high-risk exposures.

“From a security standpoint, it’s not just about what AI agents say, it’s what they actually do,” said Nick Rago, VP Product Strategy of Salt Security. “AI agents act through APIs, MCP, and A2A, but most organizations don’t have visibility into those actions. Salt gives you that visibility from day one, puts the right guardrails in place, and protects against abuse and AI logic attacks in real time so your teams can move fast with confidence.”