Permiso Security launched AI agent runtime security capabilities on May 14, extending its unified identity platform to cover what the company calls the fastest-growing and least-governed identity class in the enterprise. Autodesk, a Fortune 500 design and engineering software company, signed on as the launch customer, deploying the technology across its products, global workforce, and cloud infrastructure.
What Permiso Built
The platform covers six capabilities, according to the company’s announcement: agent and session discovery across cloud, SaaS, identity providers, and code environments (including Lambda functions, containers, and VMs); runtime identity attribution tying every run and tool call to a specific human, non-human, or AI identity; observability into tools, data, and infrastructure touched by agents; runtime detection of over-privileged access, anomalous tool usage, and policy violations; behavioral sandboxing of agent skills; and identity-first controls including least privilege recommendations, approval gates, and kill switches.
The product ships as an agentless, API-based architecture requiring no infrastructure changes.
Why Autodesk Signed On
“Autodesk is investing significantly in AI across our workforce, infrastructure and products,” Sebastian Goodwin, Autodesk’s chief trust officer, told SiliconANGLE. “Permiso Security was already our security platform for identities, so the natural next step was to partner with them for agentic AI identities.”
The move reflects a pattern seen across large enterprises: as organizations scale autonomous agent deployments, their existing security tooling loses visibility once an agent authenticates. Permiso argues that traditional identity providers treat the problem as posture (where agents sit, how they authenticate, what permissions they hold) while the harder problem is runtime, where agents make context-dependent decisions in milliseconds.
Runtime vs. Posture
Jason Martin, Permiso co-founder and co-CEO, framed the distinction bluntly in a statement to SiliconANGLE: “The market is full of vendors claiming they can prevent AI agent security incidents. You are putting a deterministic capability on a non-deterministic brain. Agents will do things they were not supposed to do.”
The capabilities draw on threat research from Permiso’s P0 Labs team, which has documented LLMjacking attacks, cross-prompt injection vulnerabilities in enterprise AI copilots, and malicious agent skills on public marketplaces.
The Enterprise Agent Security Stack Takes Shape
Autodesk’s deployment lands in a week where agent governance tooling is accelerating across the industry. Singapore’s IMDA issued an advisory on May 14 warning organizations against deploying single all-powerful agents with unrestricted access. Microsoft disclosed its MDASH system using 100+ specialized agents to discover Windows vulnerabilities. The pattern is consistent: as agent deployments scale, the security stack is catching up.
For security teams running agents in production, the core question Permiso is answering is straightforward: how many agents are running, what identities are they using, what tools are they calling, and what data are they touching? Most organizations, according to Permiso, cannot answer any of those questions today.