The Center for Internet Security, Inc. (CIS), Astrix Security, and Cequence Security announced a strategic alliance aimed at crafting cybersecurity guidelines tailored to address the risks unique to artificial intelligence (AI) and agentic systems. This effort enhances the established CIS Critical Security Controls by expanding its principles into AI settings, where autonomous decision-making and automated threats present substantial challenges.
The partnership primarily focuses on initiating two CIS Controls companion guides: one dedicated to AI Agent Environments, emphasizing the security of the agent system lifecycle, and another targeting Model Context Protocol (MCP) environments.
Addressing AI-Specific Risks
MCP environments present distinct risks, including credential exposure, unregulated local execution
MCP environments present distinct risks, including credential exposure, unregulated local execution, unapproved third-party connections, and unchecked data flows between models and tools.
These guides are designed to equip organizations with targeted safeguards for environments engaged in the dynamic interaction of MCP agents, tools, and registries with enterprise systems.
“AI presents both tremendous opportunities and significant risks,” stated Curtis Dukes, Executive Vice President and General Manager of Security Best Practices at CIS. “By partnering with Astrix and Cequence, we are ensuring that organizations have the tools they need to adopt AI responsibly and securely.”
Strengthening AI Ecosystems
Astrix's role centers on enhancing the security of AI agents, MCP servers, and Non-Human Identities (NHIs)—elements like API keys, service accounts, and OAuth tokens—that connect them to vital systems. "AI agents and the non-human identities that power them bring great potential but also new risks," said Jonathan Sander, Field CTO of Astrix Security.
"Our focus is helping enterprises discover, secure, and deploy AI agents responsibly, with the confidence to scale. Through this partnership, we’re providing clear, practical guidance to keep AI ecosystems safe so organizations can innovate with confidence."
API Security Expertise
Cequence contributes its extensive experience in enterprise application and API security
Cequence contributes its extensive experience in enterprise application and API security to the improvement of agentic AI security.
“As organizations embrace agentic AI, trust hinges on visibility, governance, and control over what those agents can see and do to your applications and data,” remarked Ameya Talwalkar, CEO of Cequence Security. “Security is strongest through collaboration, and this partnership gives organizations clear guidance to adopt AI safely and securely.”
Enhancing Cybersecurity Frameworks
The alliance aims to extend trusted cybersecurity frameworks into AI environments, addressing risks from autonomous systems and integrations. It pledges to deliver clear and prioritized safeguards, guiding enterprises towards secure and responsible AI adoption. Scheduled for release in early 2026, the new guidance will be supported by workshops, webinars, and additional resources provided jointly by CIS, Astrix, and Cequence.
Through this collaboration, the organizations intend to assist enterprises in applying recommendations practically, establishing a solid foundation of trust, transparency, and resilience across the AI ecosystem. By adhering to a unified framework, enterprises, vendors, and security leaders can synchronize on a common language for securing AI environments.
Learn why leading casinos are upgrading to smarter, faster, and more compliant systems
