With people and AI agents collaborating side by side in the modern workplace, organizations need new solutions to embrace the promise of AI while mitigating unprecedented risks.

Just as digital transformation created the digital workspace, AI transformation is ushering in the agentic workspace. As AI agents and assistants work alongside people to enable breakthrough productivity, they also expand the attack surface at unprecedented speed.

AI assistants and agents are also increasingly embedded in workflows, automating tasks, analyzing information, and collaborating with people and each other. These agents are built to behave like people: they click, share, and act. That means they can also be tricked, misled, or compromised.

JP Yu, Vice President, Southeast Asia and Korea, Proofpoint, said: “Cybersecurity is fundamentally a human risk, not just a technology issue. Proofpoint’s 2025 Voice of the CISO report shows that three in five CISOs in APAC view people as their greatest risk, while our Human Factor report also reveals that 25% of advanced persistent threat (APT) campaigns rely on social engineering — exploiting human behavior.”

People and agents face similar risks, from social and prompt engineering attacks to the unauthorized disclosure of sensitive data or credentials and require similar — but expanded —protection. The phenomenal growth in advanced threats over the last 12 months is proof.

 “The agentic workspace is here and one of the most profound shifts in terms of how work gets done,” said Sumit Dhawan, CEO of Proofpoint. “Protecting the agentic workspace is the next evolution of human-centric security, extending beyond people to safeguard AI agents and the points where they collaborate and share data. Our mission is to ensure our customers can confidently embrace AI, knowing we will protect them and their data against emerging threats.”

Where people, agents and data connect

The agentic workspace enables adversaries to hijack trust as the major attack method. That includes the trust you have with your co-workers, suppliers, customers, and partners. It also includes the trust your employees have with the tools they use every day, such as email, collaboration apps, cloud apps, and now AI copilots and assistants.

As a result of the new agentic workspace, organizations need to approach protecting their organizations from threats in a different way.

At the Proofpoint Protect 2025 event in Nashville, Tennessee held on 23-24 September 2025, Proofpoint announced four major innovations designed to secure the agentic workspace.

According to the cybersecurity company, today’s collaboration and data security capabilities must address the foundational risks of the agentic workspace by solving four critical challenges — and be designed to make the agentic workspace safe by securing the layer where people, agents and data connect:

  • Protecting AI assistants from targeted attacks by detecting and preventing AI exploits over email. This enables people and agents to trust agentic workspace collaboration, as attackers are increasingly embedding malicious prompts in email to manipulate AI assistants like Microsoft Copilot and Google Gemini.
    These weaponized messages use prompt injections to provide malicious information to the end user, confuse AI-based defenses, and even exfiltrate sensitive data.
    Proofpoint’s newly announced technologies, delivered through the Proofpoint Prime Threat Protection solution, are designed to block these exploits before they reach inboxes, ensuring people and AI agents can trust every interaction.
  • Ensuring the right controls to stop data loss by people and agents by providing unified data security protection along with AI data governance.
    Data has become the fastest-growing source of security risk in the age of AI. With solutions such as Proofpoint Data Security Complete, organizations can locate their sensitive data, classify it correctly, control who has access to it, and monitor how people interact with it across all channels, from endpoints and email to the web and cloud.
    Proofpoint Data Security Complete provides discovery and classification through Autonomous Custom Classifiers for more accurate, dynamic, and resilient data classification, with minimal human input.
  • Governing the actions of GenAI and AI agents to stop customer-deployed AI agents from losing data. In the agentic workspace, sensitive information is no longer handled only by people. AI agents built and deployed by organizations also access valuable data and conversations that require the same level of protection as their human counterparts.
    To secure them, Proofpoint is introducing Proofpoint Secure Agent Gateway, built using Model Context Protocol (MCP), which controls how AI agents access data, monitors agent activity, enforces policies for data usage, and blocks or redacts sensitive data before it is shared with humans or other agents.

Beyond tools and training

“The rise of the agentic workspace is reshaping cybersecurity at its core,” said Ryan Kalember, chief strategy officer, Proofpoint. “By uniting collaboration and data security, we are redefining how organizations secure work in the age of AI.”

He believes that Proofpoint is the first to deliver a solution that enables organizations to find where their data is, understand what it is, and protect what both people and agents do with it, giving them the confidence to innovate, collaborate, and scale safely with AI woven into their most critical workflows.

Tools being just tools, and October being Cybersecurity Awareness Month, JP Yu took the opportunity to emphasize: “Cybersecurity Awareness Month is a timely opportunity for organizations to raise awareness, educate employees, and address human risks before they become breaches.”

According to the Voice of the CISO report, 58% of CISOs surveyed feel unprepared for potential cyber incidents, despite 67% reporting a strong security culture.

“While building a strong security culture is essential, training alone is not a silver bullet,” Yu added. “The challenge today goes beyond awareness — it is about driving real behavior change. True resilience requires moving past compliance to identify high-risk individuals, deliver continuous learning, and embed lasting behavioral change to stay secure in the digital world.”