Authentication tells you who an agent is. It says nothing about what that agent should be allowed to do. Cequence Security's new Agent Personas feature, now generally available in Cequence AI Gateway, is built around that distinction — giving enterprises infrastructure-level control over AI agent permissions that scopes access to specific API endpoints and tool calls rather than inheriting the broad privileges of the human user they act on behalf of.
Enterprises have made massive investments in AI, and the race to put agents into production across customer experiences, employee workflows, and business operations is accelerating fast
The problem is structural. As organisations deploy AI agents through the Model Context Protocol, agents receive the same access rights as the user they authenticate under. Unlike a human employee, they have no instinct about when not to use that access. A coding agent given a developer's credentials can, in principle, merge pull requests, modify production records, and trigger deployments — even if none of those actions are part of its intended job.
Agent Personas solves this by letting security teams define each agent role in plain English. The gateway translates that job description into a scoped virtual MCP endpoint: a customer service agent gets CRM read access, nothing else. A CI/CD automation agent reaches specific pipeline tools and a single notification channel. Updates to a persona apply immediately across every agent using it, without code changes.
The release also introduces Agent Access Keys, a composite credential binding agent identity, user identity, and persona-level permissions into a single auditable credential. The aim is forensic clarity — security teams can trace every tool call to the specific agent, user, persona, and timestamp.
Cequence points to a Gartner finding from February 2026 that frames the stakes: the primary risk of AI agents is not what they say, but what they do. More than 80% of Fortune 500 companies have deployed active AI agents; fewer than half have AI-specific safeguards. Agent Personas is built, in part, to close that gap between deployment pace and governance maturity.
One early deployment involved a US telecommunications provider that used the feature to prevent agents from crossing boundaries across GitLab, Confluence, Jira, and Slack — tools where lateral access between systems had previously been unconstrained.
Cequence AI Gateway now covers more than 140 enterprise application integrations and protects more than 10 billion daily API interactions. The company is co-chair of TM Forum's AI-Native Blueprint Initiative on Agentic Interaction Security and co-authored three CIS Critical Security Controls Companion Guides for securing AI agents alongside the Centre for Internet Security.
Agent Personas is how you govern infrastructure access at the agent level, enforcing exactly what each agent can do down to the specific API endpoint, across any model or platform. It is the control plane enterprises need to confidently and securely enable agentic AI access to applications and data.
