• Delivers privilege controls, visibility and compliance for the new class of AI agent identities.
• Extends CyberArk’s identity security capabilities to secure AI-driven automation at enterprise scale.

CyberArk (NASDAQ: CYBR), the global leader in identity security, is announcing the general availability¹ of the CyberArk Secure AI Agents Solution, expanding the CyberArk Identity Security Platform with industry-first privilege controls to secure the rapidly growing class of AI agent identities.

As organizations rapidly adopt AI agents to automate tasks and drive efficiency, these autonomous entities are emerging as a powerful — and privileged — new identity class. AI agents introduce novel risks, including agent hallucinations, misuse, and potential takeover by malicious actors. These risks are heightened when agents require elevated privileges.

The CyberArk Secure AI Agents Solution addresses these challenges by applying the right level of privilege controls, helping to ensure that AI agents have only the access they need, when they need it, and nothing more. This approach reduces risk, helps prevent unauthorized access, and enables organizations to scale AI-driven initiatives with confidence.

“As organizations embrace AI agents, both builders and defenders must understand how identity-centric risks evolve when agents require elevated privileges,” said Matt Cohen, CEO, CyberArk. “Without strong discovery, robust privilege controls, and comprehensive lifecycle management, organizations risk losing visibility and opening the door to catastrophic agentic attacks. CyberArk uniquely secures the full spectrum of identities — humans, machines and AI agents — by applying the right level of privilege controls, enabling innovation while maintaining security and compliance.”

Securing AI Agents Requires a Privilege-Focused Approach

According to new CyberArk CISO research, AI agent adoption is expected to reach 76% within three years, yet fewer than 10% of organizations have adequate security and privilege controls in place. The report, Securing Agentic AI: Identity as the Emerging Foundation for Defense, reveals that:

• Nearly 40% of enterprise financial institutions and software companies already have agentic AI in production.
• Fewer than one in ten organizations have deployed agentic security controls such as risk registries and dynamic authorization at scale.
• Two-thirds of CISOs in financial services and software rank agentic AI among their top three cybersecurity risks, with more than one-third citing it as their top concern.
• Most expect AI agent security to drive increased cybersecurity spending in the coming year.

AI agents act with autonomy, reasoning, and access to sensitive systems, often requiring privileged permissions to execute their functions. Without proper oversight, these privileges can be misused or hijacked, leading to potentially severe business and regulatory consequences.

Privilege Controls Across Every Identity

The CyberArk Identity Security Platform delivers comprehensive privilege controls across the full spectrum of identities: human, machine, and AI. With the introduction of the Secure AI Agents Solution, these proven capabilities are extended to autonomous AI agents, applying the same principles of just-in-time access, least privilege, and continuous session monitoring that have defined CyberArk’s leadership in identity security.

This unified, privilege-first approach ensures that every identity is governed, secured, and monitored with the same rigor — enabling innovation without compromising security or compliance.

The CyberArk Secure AI Agents Solution will deliver:

• Comprehensive Agent Discovery: Automatically detect AI agents across SaaS, cloud, and developer environments, with enriched profiles including ownership, roles, and access rights.
• Secure Agent Access: Enforce strong authentication and least-privilege access, with zero standing privileges and agent activity auditing.
• Real-Time Threat Detection: Continuously monitor for anomalies and unauthorized access, triggering automated alerts and rapid response.
• Lifecycle Management and Compliance: Govern AI agent from creation through decommission, supporting evolving regulatory requirements and audit readiness.

More Information:

• The CyberArk Secure AI Agents Solution.
• Blog: The CyberArk Secure AI Agents Solution – A Closer Look.
• Register here for CyberArk’s Nov 4 virtual event (live or on-demand): Securing the New Frontier of Agentic AI.
• Research Report: Securing Agentic AI: Identity as the Emerging Foundation for Defense: A survey of 104 CISOs across North America and Europe.

¹General availability of the CyberArk Secure AI Agents Solution will be December 2025, with subsequent releases planned for 2026.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in identity security, trusted by organizations around the world to secure human and machine identities in the modern enterprise. CyberArk’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organizations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere. Learn more at cyberark.com.

Copyright © 2025 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders. This release is for informational purposes only, and represents CyberArk’s current view of its innovation direction. It is not a commitment or an obligation to deliver any product or functionality. The development, release, timing, if any, of any future innovation or product remains at our sole discretion and may be subject to applicable fees.

Cautionary Language Concerning Forward-Looking Statements

This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include, but are not limited to: risks related to the Company’s acquisitions of Venafi Holdings, Inc. (“Venafi”) and Zilla Security Inc. (“Zilla”), including potential impacts on operating results; challenges in retaining and hiring key personnel and maintaining business; risks related to the successful integration of Venafi’s or Zilla’s operations and the ability to realize anticipated benefits of the combined operations; disruption of the current plans and operations of the Company and/or Zilla as a result of the announcement of the transaction, including risks of cyberattacks; changes to the drivers of the Company’s growth and the Company’s ability to adapt its solutions to the information security market changes and demands, including artificial intelligence (“AI”); the Company’s ability to acquire new customers and maintain and expand the Company’s revenues from existing customers; intense competition within the information security market; real or perceived security vulnerabilities, gaps, or cybersecurity breaches of the Company, or the Company’s customers’ or partners’ systems, solutions or services; risks related to the Company’s compliance with privacy, data protection and AI laws and regulations; the Company’s ability to successfully operate its business as a subscription company and fluctuation in its quarterly results of operations; the Company’s reliance on third-party cloud providers for its operations and software-as-a-service (“SaaS”) solutions; the Company’s ability to hire, train, retain and motivate qualified personnel; the Company’s ability to effectively execute its sales and marketing strategies; the Company’s ability to find, complete, fully integrate or achieve the expected benefits of additional strategic acquisitions; the Company’s ability to maintain successful relationships with channel partners, or if the Company’s channel partners fail to perform; risks related to sales made to government entities; prolonged economic uncertainties or downturns; the Company’s history of incurring net losses, the Company’s ability to generate sufficient revenue to achieve and sustain profitability and the Company’s ability to generate cash flow from operating activities; regulatory and geopolitical risks associated with the Company’s global sales and operations; risks related to intellectual property claims; fluctuations in currency exchange rates; the ability of the Company’s products to help customers achieve and maintain compliance with government regulations or industry standards; the Company’s ability to protect its proprietary technology and intellectual property rights; risks related to using third-party software, such as open-source software; risks related to stock price volatility or activist shareholders; any failure to retain the Company’s “foreign private issuer” status or the risk that the Company may be classified, for U.S. federal income tax purposes, as a “passive foreign investment company”; changes in tax laws; the Company’s expectation to not pay dividends on the Company’s ordinary shares for the foreseeable future; risks related to the Company’s incorporation and location in Israel, including wars and other hostilities in the Middle East; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise, except as required by applicable law.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251104815025/en/

Introducing the CyberArk Secure AI Agents Solution, purpose-built to protect AI agents with privilege controls, helping to ensure that AI agents have only the access they need, when they need it, and nothing more.