Traditional cybersecurity was built around a predictable model: protect the perimeter, secure the endpoint, monitor the user. That model is crumbling fast. AI introduces a new class of risks that legacy security tools were simply never designed to handle.

Consider the threats now landing on CISOs’ desks. Shadow AI — employees freely using unsanctioned AI tools and feeding sensitive company data into public models — is rampant. Users paste intellectual property, customer data, financial projections, and proprietary code into ChatGPT, Gemini, and dozens of lesser-known models daily, often with zero awareness of where that data goes or how it’s retained. Then there’s prompt injection, a uniquely AI-era attack vector where malicious instructions embedded in content can hijack an AI agent’s behavior, causing it to exfiltrate data or take unintended actions. Add model manipulation, where attackers target the AI applications organizations build themselves, and you have a threat landscape that most security programs are woefully underprepared for.

The emergence of agentic AI compounds the challenge. These autonomous systems don’t just respond to prompts, they proactively access data, connect to external services via tools like Model Context Protocol (MCP) servers, and execute decisions on behalf of the business. When an AI agent goes rogue, makes a misconfigured call, or is manipulated by an adversary, the blast radius is enormous.

Enter Acuvity: Built for the AI Era from the Ground Up

Acuvity was purpose-built to solve exactly these problems — and it shows in the architecture. While most legacy security vendors have been retrofitting AI governance onto decade-old platforms, Acuvity designed its platform from scratch around the realities of modern AI deployment.

Acuvity delivers comprehensive visibility and enforcement across the full spectrum of enterprise AI usage — from employee endpoints and web browsers all the way through to emerging AI infrastructure like MCP servers and locally installed AI tools such as OpenClaw and Ollama. Its detection models don’t just flag anomalies; they understand context and intent, distinguishing between legitimate AI use and risky behavior in real time. It enables organizations to govern how users and automated systems interact with external AI services, while simultaneously protecting the custom AI models and applications enterprises are increasingly building themselves. In short, Acuvity sees what other tools can’t: the AI layer.

Why Proofpoint Had to Make This Move

Proofpoint has built its reputation as the definitive platform for human-centric security — protecting the people who are most often the target of cyberattacks. For years, that meant email security, insider threat protection, and data loss prevention. It was a winning formula. But the definition of “human-centric” just got dramatically more complex.

As generative AI rapidly reshapes how work gets done, organizations are deploying AI copilots, autonomous agents, and model-connected applications across every function — from software development and customer support to finance and legal. Securing that world requires understanding not just what humans are doing, but what the AI agents acting on their behalf are doing. Proofpoint recognized that the next frontier of its mission — protecting people and data — demanded a native AI security capability, not a bolt-on.

The acquisition of Acuvity fills a critical gap and positions Proofpoint as, by its own claim, the first unified platform to comprehensively secure every dimension of the agentic workspace. The deal is more than a technology acquisition — Acuvity’s full engineering team is joining Proofpoint, signaling a deep, long-term commitment to building AI security into the platform’s DNA. The combined portfolio now spans collaboration security, data security and governance, and AI security — a trinity of protection designed for how work actually gets done in 2026.