Security teams deploying AI agents now have a way to check whether an agent will actually do its job before it goes live. Exabeam today released Praxen, an open-source implementation of a new pre-deployment security discipline called Agent Behaviour Verification.
The problem Praxen addresses is specific: as AI agents move from pilots to operational roles, enterprises lack a practical way to determine whether an agent is configured, authorised, and governed in line with what it was built to do. Existing tools — vulnerability scanners, red team exercises — test for known weaknesses or monitor behaviour at runtime. None of them answers the more fundamental question: does this agent have the right permissions, the right controls, and the right boundaries for the role it was assigned?
Agent Behaviour Verification (ABV) is Exabeam's answer to that gap. The discipline works from what the company calls a remit — a policy contract that defines what an agent is authorised to do, which resources it may access, and which boundaries it must not cross. Praxen evaluates whether the agent's actual implementation aligns with that remit: checking tools, configurations, memory, integrations, and operating environment against the policy.
Output takes the form of specific findings, remediation recommendations, and a maturity score for the agent's security posture — an engineering artefact rather than a risk report to file.
"As agents become digital workers, security teams need more than runtime visibility. They need confidence that agents have the right permissions, the right controls, and the right boundaries before they enter production. Agent Behaviour Verification helps answer a fundamental question: will this agent do its job, and only its job?" said Steve Wilson, Chief AI Officer at Exabeam and Founder and Co-Chair of the OWASP Gen AI Security Project.
The tool is released under the Apache 2.0 licence and is available at open-agent-ai-security.github.io/praxen. Exabeam frames Praxen as the pre-deployment complement to its existing Agent Behaviour Analytics product, which monitors for anomalous agent behaviour once agents are live.
Sherri Douville, CEO of Medigram, who was involved in early testing, noted the tool produced a code-level remediation path rather than a generic risk summary. "The code-level remediation path it produced didn't give us a risk report to file away. It gave us a precise engineering roadmap we could act on immediately. In enterprise AI deployment, the gap between what an agent is authorized to do and what it is actually capable of doing is where operational risk lives."
Exabeam says releasing Praxen as an open-source project is deliberate: the industry is still defining how AI agents should be governed, and the company wants ABV to become an open best practice rather than a proprietary framework.
To stay across the latest in cloud, AI and enterprise tech analysis from Compare the Cloud, subscribe to our weekly newsletter at https://www.comparethecloud.net/newsletter
