Exabeam has quietly expanded its Agent Behavior Analytics platform to monitor activity across ChatGPT, Microsoft Copilot, and Google Gemini, giving security teams a new way to detect when AI-powered assistants go rogue. The move, first detailed in the company’s product updates and reported by Techzine, addresses a growing blind spot: standard security tools weren’t built to watch autonomous software that can read your email, modify files, and call APIs using your own credentials.

The Concrete Changes: More Than Just Buzzwords

In January 2026, Exabeam launched its New-Scale security operations platform with a feature called Agent Behavior Analytics, designed to treat AI agents as a new class of non-human identities. Now, the company has extended that capability to three of the most widely used AI tools in the enterprise: OpenAI’s ChatGPT, Microsoft Copilot, and Google Gemini. According to Exabeam’s own documentation, the platform now includes five specific detection and monitoring functions:

  • AI behavior baselining: builds dynamic profiles for each user and their associated AI agents, tracking request volume, token usage, tool calls, and outbound traffic. Any deviation—like a finance assistant suddenly scraping massive amounts of data—is flagged.
  • Prompt and model abuse detection: looks for prompt injection attempts, model manipulation, and tool exploitation. Exabeam says its detection library for this category has grown fivefold, moving beyond simple signature matching.
  • Identity and privilege monitoring: checks whether an agent has been over-provisioned with access rights, effectively turning it into an over-privileged insider.
  • Agent lifecycle monitoring: follows an agent from creation through its operational life, spotting permission creep or configuration drift that could be exploited.
  • Coverage for OWASP Top 10 for Agentic AI: maps detection logic to the emerging industry framework for agentic security risks, including malicious skills, supply chain compromise, and weak isolation.

These aren’t just marketing checkboxes. For a security analyst, this means that instead of sifting through raw cloud logs trying to piece together what an AI assistant did, the platform correlates agent actions into a timeline and presents them as a single case. Exabeam claims this can significantly reduce alert fatigue, which is already a top complaint in security operations centers (SOCs).

What This Means for Enterprise Users and IT Teams

If your organization uses Microsoft 365 Copilot, ChatGPT with plugins, or Google Gemini in Workspace, this development could affect how your activity is monitored—and how your security team prioritizes risk.

For Security Administrators

The immediate benefit is closing a visibility gap. Copilot, for example, operates within the user’s identity and access context, meaning it inherits all the permissions you have in SharePoint, Teams, and Exchange. Until now, a SOC might have seen a flurry of file access events without realizing they were triggered by an AI assistant. Exabeam’s platform tags that activity as agent-originated and compares it against a learned baseline. If an agent starts accessing files it rarely touches, or tries to send data to an external domain, an alert fires.

This also helps with “shadow AI” discovery. Many employees experiment with AI tools without formal IT approval. Exabeam’s integration can identify when a new AI service is connecting to corporate systems, giving security teams a chance to assess and govern that usage before it becomes a problem.

For teams already using Exabeam’s New-Scale or LogRhythm SIEM, the new capabilities are presented as an add-on within the same interface. That means analysts won’t need to learn a new console; agent activity appears alongside user and endpoint events in their existing workflows.

For End Users and Power Users

The average employee using Copilot in Word or Gemini in Gmail probably won’t notice the monitoring directly. But it does mean that what you ask an AI assistant to do—and what data you feed it—could become part of a security investigation if something goes wrong. More importantly, it underscores the need to follow least-privilege principles. The AI tools you use every day have access to a lot of your corporate data; if a malicious prompt injection tricks your Copilot into forwarding sensitive emails, the blast radius could be large.

Power users who build custom agents or integrate AI tools with third-party services should take note as well. Exabeam’s lifecycle tracking can surface when a custom agent’s permissions have expanded over time, something even developers often lose track of.

For Developers and DevOps

If you’re building AI-powered apps or MCP servers that interact with these platforms, expect more scrutiny from your security team. Tools like Exabeam’s will be looking for unexpected tool calls or outbound connections that could indicate supply chain compromise. The OWASP Agentic Skills Top 10, which Exabeam references, documents real-world attacks where malicious skills were published to agent registries. Ensuring your own agents follow secure coding practices and have minimal privileges will become part of the security baseline.

The Backstory: How AI Agents Became a Security Blind Spot

The need for agent-specific monitoring didn’t come out of nowhere. Throughout 2025 and into early 2026, the security industry saw a sharp rise in incidents involving autonomous AI. In February 2026, Snyk’s “ToxicSkills” audit found that 36% of scanned AI agent skills contained security flaws, and 76 contained active malicious payloads. The ClawHavoc campaign flooded the OpenClaw registry with over 1,100 malicious skills designed to steal credentials and backdoor user sessions. Check Point Research disclosed vulnerabilities in Claude Code that allowed project-level configuration files to trigger remote code execution.

These incidents highlighted a fundamental problem: AI agents are not just chatbots. They execute multi-step workflows, call APIs, read and write files, and even run shell commands. They operate in the same trust boundary as the user who invoked them but can be tricked by hidden instructions—prompt injection—in ways a human wouldn’t be. And because traditional SIEM tools monitor users and endpoints, not “non-human identities,” agent activity was effectively invisible.

Exabeam had been working on closing this gap with its January 2026 launch of New-Scale. The company framed AI agents as “digital employees” that need the same behavioral monitoring as human users. That launch included generic agent baselining, but now the addition of specific support for ChatGPT, Copilot, and Gemini reflects which platforms enterprises are actually using. According to industry reports cited by Exabeam, these three tools dominate daily office workflows, making them a massive, unprotected attack surface.

Microsoft itself acknowledges the risk. Its documentation notes that Copilot inherits user permissions and emphasizes multi-layered defenses against prompt injection. Google similarly documents Gemini’s protections against malicious content. OpenAI has flagged prompt injection as a frontier security challenge. But these platform-level defenses are often reactive and limited to what the vendor can see within its own ecosystem. Exabeam’s play is to provide an independent, cross-platform layer of behavioral analytics that can correlate events across all three services.

Your Action Plan: Steps to Secure AI Agents Now

For organizations that haven’t yet addressed agentic AI security, Exabeam’s move is a wake-up call. Here are practical steps you can take, whether or not you’re an Exabeam customer.

1. Inventory Your AI Agents

You can’t protect what you don’t know exists. Start by identifying all AI assistants, copilots, and agentic skills in use across your organization. Check for Microsoft 365 Copilot adoption, Gemini in Google Workspace, and ChatGPT Enterprise or Team usage. Look for custom-built agents that may be running on employee workstations or cloud VMs. Tools like Exabeam’s can help with discovery, but a manual audit of SaaS subscriptions and cloud logs is often the first step.

2. Review and Limit Permissions

Every AI agent should operate with the minimum necessary privileges. For Copilot, that means limiting which users have access to sensitive SharePoint sites or mailboxes. For ChatGPT, it means restricting plugin and tool access to only what’s needed. For custom agents, apply least-privilege IAM roles and avoid granting shell access unless absolutely required.

3. Deploy Behavioral Monitoring Where Possible

If you have a SIEM or UEBA platform, look into whether it can ingest AI agent logs. Exabeam customers running New-Scale or LogRhythm will get the new features automatically with appropriate licensing. If you use another SIEM, check with your vendor about timelines for AI agent monitoring support. If none is available, consider augmenting with cloud access security broker (CASB) tools that can detect unusual API calls from AI-related services.

4. Build an Incident Response Plan for Agent Compromise

Traditional IR playbooks don’t cover scenarios where a digital assistant is the threat vector. Update your plan to include steps for isolating an agent, revoking its credentials, and investigating which data it may have accessed or exfiltrated. Time is critical because agents can act at machine speed.

5. Govern the Agent Lifecycle

Establish a process for approving new AI tools, just as you would for any other enterprise software. Require security review before deployment, and regularly audit existing agents for permission changes or configuration drift. Exabeam’s lifecycle monitoring can automate part of this, but human oversight is still essential.

6. Educate Users About Prompt Injection Risks

Training employees not to paste sensitive data into AI prompts is important, but it’s not enough. They should also understand that AI assistants can be tricked. Teach them to be cautious with emails or documents that contain hidden instructions, and to verify any unusual actions an agent takes.

Looking Ahead: The Future of Agentic Security

Exabeam’s expansion signals that AI agent security is moving from a niche concern to a mainstream security requirement. Several developments are likely to follow.

First, expect other security vendors to follow suit. SIEM and UEBA providers will race to add agent monitoring, and platform-specific monitoring tools will emerge. This will create a new subcategory of security analytics that focuses on non-human identities.

Second, the OWASP Agentic Skills Top 10 will become a standard framework. Exabeam’s decision to map its controls to that taxonomy gives it a head start, but the whole industry will likely coalesce around a common language for discussing agent risks. This will be crucial for audits and board reporting.

Third, AI platform providers—Microsoft, Google, OpenAI—will face pressure to build more robust native controls, but enterprises will still demand independent visibility. A single platform’s defenses can’t catch cross-platform attacks or subtle behavioral anomalies that span multiple services. The independent monitoring layer Exabeam offers is likely to become a long-term fixture.

Fourth, regulation is coming. The EU AI Act, enforceable from August 2026, and the NIST AI RMF in the US are pushing organizations to manage AI risk more formally. Agent monitoring will become a compliance requirement, not just a best practice.

For Windows users and IT pros, the bottom line is this: the AI assistants that are increasingly embedded in your daily workflow are powerful, but they’re also vulnerable. Exabeam’s latest move gives enterprises a way to see those vulnerabilities in real time and stop them before they turn into breaches. If you haven’t started thinking about how to secure ChatGPT, Copilot, and Gemini in your environment, now is the time.