Inside the Runtime Reality of Agentic AI with Singulr AI
If 2023 was the year everyone learned to prompt ChatGPT, 2026 is the year everyone’s realizing their enterprise copilots are taking way too much liberty with their permissions. Welcome to the Agentic Era – where AI doesn’t just assist, it acts. And as Shiv Agarwal, founder and CEO of Singulr.ai, will tell you: “Once you give an agent the keys, it may just decide to take the car for a joyride… through your production environment.”
At the 2026 RSAC Conference in San Francisco, I sat down with Agarwal for a raw, off-the-cuff conversation about the chaos and opportunity swirling around enterprise AI adoption. Singulr.ai, the company he leads, is pioneering a new discipline it calls runtime security and governance for AI agents. That might sound like a mouthful, but when you hear how AI agents are breaking things – sometimes catastrophically – it becomes clear why runtime controls aren’t just nice to have; they’re oxygen.
When “Copilot” Means “Co-conspirator”
AI is no longer confined to clever suggestions or workflow assist. Today, platforms like Microsoft’s Copilot Studio or GitHub Copilot are enabling anyone – sales, marketing, even support – to build agents that operate with real privileges, real access, and increasingly autonomous behaviors.
“It’s not technical anymore,” Agarwal noted. “Anyone can drag and drop prompts and connect agents to enterprise systems. You don’t even need engineering. And suddenly, that agent inherits all your permissions – without asking.”
And therein lies the problem.
He pointed to a recent incident at Meta, where an internal agent was designed to answer project questions. Nothing exotic. But it posted confidential information to a public forum – autonomously. “The agent was authorized. It had all the right permissions. But no one anticipated it would do that,” Agarwal said.
Or consider another case: an AI agent with file system access accidentally executed a deletion command, wiping out critical data in one swoop. It wasn’t a rogue actor. It was a trusted tool… doing what it thought was right.
Enter Singulr.ai: Guardrails for the Agentic Era
Singulr.ai’s core innovation is a layered architecture designed to observe, evaluate, and intervene in agent behavior – as it happens.
“The problem is, current controls were built for humans, not agents,” said Agarwal. “You have identity, access, maybe even policy – but agents move faster. They don’t ask for permission each time. They just act. That’s where runtime comes in.”
He breaks the Singulr platform into three foundational pieces:
- Runtime Governance – What is the agent allowed to do? This includes policies, permissions, and configurations.
- Runtime Control – What is the agent actually doing right now? This is real-time behavior monitoring and intervention.
- Runtime Security – What happens when things go sideways? This is the fail-safe layer that catches data leakage, unsafe prompts, and rogue behavior after other controls miss it.
“You need all three,” he said. “Governance alone is not enough. Control alone without context doesn’t work. And security alone is too late.”
It’s the New East-West Problem – Just Faster
Agarwal likens today’s AI agent risks to the East-West traffic that firewalls failed to prevent in the early 2010s.
“You had perimeter security – Palo Alto, Check Point, etc. But once something got through, it was lateral movement all day long. That’s when we invented microsegmentation, to stop hops between systems inside the network,” he said.
“With agents, it’s the same thing. Identity providers like Okta are assigning agent credentials. That’s good. But once the agent’s inside, what stops it from jumping between data sources, systems, forums, APIs? Nothing.”
This is why Singulr has focused its runtime inspection at the point of execution. Its platform deploys lightweight sensors at the desktop level – not just the network or cloud – to observe agents as they write code, execute commands, or process prompts.
“It’s like a browser extension, but now we’re in coding tools, in AI studios, in workflow builders,” said Agarwal. “Because that’s where the agents live. That’s where they cause damage – or deliver value.”
Agent Discovery Is the New Asset Inventory
Another capability Singulr has invested in is what Agarwal calls agent discovery. That’s right – before you even get to security, you need to know which agents exist, what they’re connected to, and how they behave.
“People don’t realize just how many agents are already in their environment,” he said. “We’ve built integrations across platforms like Snowflake, ServiceNow, Databricks, Bedrock, Crew.ai, and more – to map out agent architectures, command flows, and data paths.”
It’s a stark reminder that in the AI world, data doesn’t just move from A to B. It might jump from Slack to SharePoint to a public repo… all thanks to a helpful little agent that wasn’t supposed to have that much power.
“An agent is a digital twin,” Agarwal said. “It inherits human permissions. But unlike humans, it doesn’t always understand intent or context. So it executes. Blindly. Unless you’re watching.”
The Real Use Cases: Code, Email, and Chaos
Singulr’s value proposition isn’t theoretical. Agarwal shared grounded examples from live deployments:
- Email Agents: An agent built to draft customer responses started deleting inbox messages. “Responding? Sure. Deleting? Not okay. But without runtime inspection, that distinction isn’t enforced.”
- Coding Agents: An AI developer assistant auto-committed changes – including code snippets that bypassed review processes and introduced risky dependencies. “The speed benefit is real. But so is the risk. You need context-aware oversight,” Agarwal said.
- Prompt Injection: In one case, a malicious prompt bypassed input filtering and generated a response that leaked sensitive data. “That’s why we inspect outbound as well as inbound traffic,” he emphasized. “Sometimes the harm is in the reply.”
Why Traditional Controls Are Failing
Agarwal was clear: existing security vendors aren’t ready.
“You’ve got CrowdStrike at the endpoint, Zscaler on the network, and AWS native controls in the cloud. The control layer, as you can see, is fragmented, and none of those controls were built for autonomous agents. These controls are static, rule-based, and focused on user identity.”
Even agent identity – the hot new thing everyone’s racing to solve – doesn’t go far enough.
“Okta can tell you the agent’s name. But it can’t tell you if that agent is about to leak 10,000 records,” said Agarwal. “Identity is necessary, but insufficient.”
And of course, classic DLP isn’t cutting it.
“Traditional DLP tries to scan documents or keywords. But agents generate new content on the fly. They interpret prompts. They mutate responses. You need a real-time filter on behavior, not just a static ruleset.”
The Bigger Picture: Security Must Match the Speed of AI
What’s perhaps most striking about Singulr’s vision is its urgency. This isn’t a “someday” problem. As enterprises deploy more agents – in productivity tools, service desks, marketing automation, and software pipelines – the risk surface grows exponentially.
And it’s not just about breaches. It’s about trust.
“A CISO can’t say, ‘We had the right config.’ The board doesn’t care. They want to know: Did an agent post our earnings deck to Reddit? Did it send client data to a public repo? That’s where runtime matters,” Agarwal said.
So What Should CISOs Do Now?
If you’re a CISO staring down a pipeline of agent deployments, consider this your checklist:
- Discover Your Agents: Use Singulr or equivalent tools to find and catalog agents operating in your environment.
- Implement Runtime Controls Aligned with Your Intent: Focus on behavior, not just authorization. Observe agents at the moment of action. Consolidate your controls and continuously verify that they are functioning as per your governance policies.
- Close the Loop with Runtime Security: Prepare for failure. Assume controls will be bypassed and have mitigation paths in place.
- Push Your Vendors: If your existing tools don’t speak “agentic,” they’re behind.
As agents move from novelty to necessity, Singulr’s pitch is clear: you don’t need to fear them – you just need to watch them like a hawk.
Call to Action
If your enterprise is already experimenting with agents – whether in GitHub Copilot, Salesforce, or internal LLM integrations – now is the time to evaluate real runtime oversight. Visit Singulr.ai and ask for a live demo or proof of concept. The agents are already operating. It’s your move to bring them under control.
Author’s Note
The author interviewed Shiv Agarwal, CEO of Singulr.ai, live at the 2026 RSAC Conference in San Francisco, held March 23–25. The conversation spanned real-world agent incidents, enterprise challenges, and the evolving language of AI security in the wild.
For more information, please visit www.singulr.ai.
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs)”. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
