We are proud, excited and grateful that Aim Security was chosen as a Gartner Cool Vendor in the Agentic AI TRiSM (Trust, Risk and Security Management) category.
We believe that this recognition that comes closely on the heels of Cato Networks’ acquisition of Aim, positions Aim at the point of the best of both worlds: developing cutting-edge, innovative technology grounded in AI security domain expertise, with the resources and infrastructure to scale and accelerate product delivery.
Securing AI Agents has become a central concern for security teams due to the exponential enterprise adoption of agentic AI - even outpacing the tempo at which organizations have embraced generative AI.
That’s why we believe that the Cool Vendor recognition is especially meaningful for Aim: Agentic AI security isn’t just more complex than generative AI security. It’s a new frontier for cybersecurity, and one where Aim is leading the charge in responding to an entirely new set of security, governance and risk management challenges.
Why Agentic AI TRiSM?
AI TRiSM includes five key technology functions:
- AI runtime inspection and enforcement and AI governance focused on real-time AI interactions, models and applications, with governance functions operating offline.
- Information governance and infrastructure and stack, supporting both AI and non-AI environments.
- Traditional technology protection, which is to say non-AI-specific protection functions.
Governance: Responding to Agentic AI Sprawl
The proliferation of agents—and the expanded set of resources they can interact with through Model Context Protocol (MCP) connections—generates a set of governance requirements that Aim believes can be addressed through:
- Discovery: Agentic landscape inventory - including MCP agents, local clients and MCP servers
- AI-SPM: Agent ownership mapping, agent action cataloging and configuration risk assessment
- AI Security Testing: Model scanning and red teaming for custom agentic apps and LLMs before applications are moved to production
- Compliance: Reporting on internal and external controls, including regulations like the EU AI Act and policies based on NIST AI RMF
These capabilities need to be specifically developed for agentic environments - especially to accommodate the diversity of agents, including code assistant local agents (Cursor, Windsurf etc), managed and semi-managed agents (a growing list from Microsoft Copilot to AWS Bedrock), and home grown agents.
Likewise, centralizing visibility into MCP agents, endpoints, and servers has become important to managing the agentic attack surface and governing posture.
Runtime Inspection & Enforcement: Protecting Agentic AI's Achilles' Heel
The second AI TRiSM category of Runtime Inspection and Enforcement for Agents is significantly more intricate since it requires not just AI domain expertise, but also devising a new approach for detection of, and protection against agentic attacks. This is an area where Aim has been recognized as delivering highly innovative capabilities.
Aim has developed a novel approach. Firstly,when agents act autonomously in unpredictable ways, predefined classifiers and deterministic guardrails that may be effective for GenAI applications, fall short in detecting and blocking zero-day agentic AI attacks.
Secondly, when an LLM issues an instruction to an agent based on inference and reasoning for tool invocation or code execution, the LLM has no inherent capability to determine whether data it acted on is trusted or untrusted. In practice, this means that relying on classifiers alone entails always playing catch up in response to new attack techniques.
We believe Aim’s capabilities span those outlined in the Gartner TRiSM framework, to include:
- Observability: Log and audit how the agent acts, and what actions it performs as part of the workflow.
- Agentic Incident Attack Detection: Detect in real time attacks using prompt or tool injection (via MCP), data exfiltration patterns, and scope violation exploits.
- Inline Controls: Real-time security guardrails for prompt injections and jailbreaks.
- Data Leakage Prevention: Semantic and free text analysis with inline redaction for PII and PII for prompt policies.
What’s Cool? Breaking new ground in Agentic Security
Guided by the groundbreaking research published by Aim Labs of agentic AI vulnerabilities, Aim has been able to respond more adeptly than other players in the market to new security challenges, and more quickly translate the research insights into product capabilities.
Aim Labs published research has led to the definition of new classes of vulnerabilities: EchoLeak for scope violation, and CurXecute for toxic agent flows. These vulnerabilities illustrate how attackers can easily exploit how LLMs process untrusted data for agent instructions, and the autonomy of agents to execute code, exfiltrate data, or manipulate agentic actions.
Based on the insights from this research, in tandem with investment in observability and agent activity tracing, Aim can detect and respond to scope violations and related unauthorized actions, and implement inline controls to block agentic activity in real time.
Aim’s detection and response for agentic adversarial attempts and content policy violations exploits represents a significant technical leap, rather than an iteration on deterministic static prompt injection classifiers that will never keep pace with attackers' ability to craft new attacks.
What’s Next?
As part of Cato Networks, Aim now has the foundation to scale and accelerate our mission of helping the world’s leading organizations secure their AI transformation—with the expertise and innovation of a cool vendor.
Coming at the same time, we believe that the Cool Vendor designation and the acquisition sets Aim apart as a partner that combines innovative, cutting edge technology with a product that can address the complex needs and requirements of the world’s largest organizations.
Gartner, Cool Vendors in Agentic AI TRiSM, Avivah Litan, Arun Chandrasekaran, Dennis Xu, 2 September 2025
Disclaimer: GARTNER is a registered trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
