Aviatrix launched what it calls the first containment platform built specifically for AI agents on April 29, 2026, extending its Cloud Native Security Fabric with two new products: Zero Trust for AI Workloads, now generally available, and AgentGuard, now in early access.
The platform targets a gap in enterprise agent security that existing tools largely ignore. Traditional security focuses on detecting intrusions and remediating damage after the fact. Aviatrix CEO Doug Merritt argues that model is insufficient for AI agents because the attack surface is fundamentally different.
“My argument for the containment era is the most important metric is blast radius,” Merritt told SiliconANGLE. “If you have a broad blast radius, then the breach becomes very troublesome to catastrophic.”
Why Agents Break Traditional Security Models
AI agents don’t need to be “broken into” in the traditional sense. A compromised agent can be manipulated through prompt injection (malicious instructions hidden in content the agent reads) or model poisoning (corrupted data or tools in the agent’s dependency chain). If that agent holds broad access to applications, credentials, or external services, a single compromise can cascade across systems.
The core problem, according to Merritt: for the vast majority of enterprises, there is no architectural constraint on where a compromised workload can go. An agent sits in an unusual position, behaving “partly like a user and partly like an application,” as he described it to SiliconANGLE. That hybrid identity makes identity-based controls alone insufficient.
What the Two Products Do
Zero Trust for AI Workloads (GA) lets IT teams secure agents, LLM proxies, and agentic frameworks without modifying application code or infrastructure. It enforces allowlist policies for external AI service access, blocks shadow AI at the network layer, and applies enforcement across workloads and regions.
AgentGuard (early access) goes further. It discovers every agent running across VMs, Kubernetes clusters, and serverless functions, including unauthorized ones. It maps the LLMs, tools, and data each agent connects to and builds a continuously updating risk profile. From that profile, it monitors activity and automatically blocks behavior outside the agent’s baseline. Common exfiltration patterns, such as posting data to public code repositories or file-sharing services, are blocked by default.
AgentGuard is available immediately for companies deploying on AWS Bedrock AgentCore or Azure AI Foundry, according to SiliconANGLE. Advanced capabilities for conversation-level detection and prompt injection blocking are expected in Q3 2026.
The Channel Play
Merritt told CRN that the platform opens a new services revenue stream for channel partners: blast radius assessments and agent governance consulting.
“There is a significant services revenue stream about to be unleashed for channel partners that understand the dynamics that AI is bringing, and what that means for vulnerability detection or remediation, and why containment is likely to be a higher growth area over the next 1-2-3 years,” Merritt told CRN.
Containment as the Next Infrastructure Layer
The timing aligns with a broader industry shift toward treating agent security as infrastructure rather than an add-on. The Cloud Security Alliance reported this week that 65% of organizations experienced cybersecurity incidents caused by uncontrolled AI agents in the past 12 months. Microsoft patched a privilege escalation vulnerability in Entra ID’s Agent ID Administrator role earlier this month. Cequence shipped granular privilege scoping for agent tool calls. The pattern is consistent: agent deployments are scaling faster than the governance frameworks around them.
Aviatrix’s bet is that containment, limiting what a compromised agent can reach rather than trying to prevent every compromise, will become the default architecture. As Merritt framed it: creating “this beautiful honeycomb of things that communicate,” where each cell is isolated so that a breach in one doesn’t cascade to the rest.