Santa Clara, Calif., April 29, 2026 (GLOBE NEWSWIRE) — Aviatrix® as we speak launched the business’s first Containment Platform purpose-built for AI brokers, extending the Aviatrix Cloud Native Safety Material to implement Communication Governance throughout each AI workload — VMs, Kubernetes clusters, and serverless features — with out brokers or code modifications. The launch consists of Zero Belief for AI Workloads, now typically obtainable and Aviatrix AgentGuard, now in early entry.
The product launch coincides with a separate Aviatrix announcement that declares the Containment Period, which represents a basic shift in how enterprises should defend cloud infrastructure, anchored by 4 new sources obtainable as we speak. The Containment Period shifts the main focus from “Did we detect it?” to “What is our blast radius and how do we contain it?”
Why AI Requires Containment Structure
Each AI agent in an enterprise deployment is a machine id making autonomous selections about what techniques and sources to entry subsequent. Based on business analysis, solely 5 to twenty % of enterprises have controls in place to restrict the place a workload can talk. For the remaining 80 to 95 %, there isn’t any architectural constraint on what a compromised workload can attain, and an AI agent that’s compromised, or that hallucinates, has the blast radius of your complete community.
The Cascade, a 2026 provide chain assault marketing campaign attributed to TeamPCP that affected 36 % of enterprise cloud environments on the time of compromise, demonstrated what occurs when an assault is indistinguishable from reliable exercise, and the community structure doesn’t constrain the place compromised code can attain. Like SolarWinds, Log4j, and 3CX earlier than it, the Cascade differed in execution however shared the identical post-compromise dynamic: no workload-level enforcement, limitless lateral motion, and no restrict on what compromised brokers might attain or ship.
More Read
“Agentic AI systems are designed to reach across services, data stores, and boundaries. That reach is the feature. Ungoverned, it is also the risk,” stated Chris McHenry, Chief Product Officer at Aviatrix. “Aviatrix’s Cloud Native Security Fabric enforces a single and non-negotiable principle across every cloud and every workload: each workload can only communicate with what it is explicitly permitted to reach, without agents or code changes. By containing reach by design, it prevents AI-driven failures or compromises from cascading into enterprise-wide events.”
Zero Belief for AI Workloads
Zero Belief for AI Workloads, now typically obtainable, extends Aviatrix’s Cloud Native Safety Material to safe AI brokers, giant language mannequin proxies, and agentic frameworks with out requiring utility or infrastructure modifications. The potential supplies three enforcement mechanisms for enterprises:
Permit and deny entry to exterior AI providers by means of WebGroups, governing which providers any given workload can name. Block shadow AI with default-deny allowlists, making certain that solely permitted AI providers might be reached from sanctioned workloads. Apply network-layer enforcement instantly throughout each workload and area, with common coverage propagation.
Aviatrix can also be publishing validated containment reference architectures for the three largest AI platforms in enterprise manufacturing: AWS Bedrock Brokers, Zero Belief for Azure AI Foundry Brokers, and Zero Belief for Enterprise MCP, the primary enterprise-grade containment structure for Mannequin Context Protocol developed with Obot and Microsoft. The reference architectures can be found within the Assets part under.
“Every enterprise running AI agents is running MCP servers — often more than they realize. Without governance at the gateway and the network, a compromised agent’s blast radius extends to everything those servers can reach,” said Shannon Williams, President, Obot AI. “Obot governs which MCP servers an agent can call. Aviatrix governs where those servers can reach. That two-layer control is what enterprise agentic AI actually requires.”
Aviatrix AgentGuard
According to IBM’s 2025 Cost of a Data Breach Report, shadow AI adds an average of $670,000 in additional breach costs per incident, and 97 percent of organizations that experienced an AI-related breach lacked proper access controls. Aviatrix AgentGuard, now in early access, is the industry’s first Containment Platform purpose-built for AI agents. It discovers every agent running across VMs, Kubernetes clusters, and serverless functions — authorized and shadow — maps the LLMs, tools, and data each agent connects to, and builds a continuous risk profile. AgentGuard then extends the Aviatrix Cloud Native Security Fabric to enforce Communication Governance at the agent workload, governing what each agent can reach and what can reach it. The most common exfiltration vectors — data posting to public code and file-sharing services — are blocked by default. For organizations deploying on AWS Bedrock AgentCore or Azure AI Foundry, Aviatrix AgentGuard delivers validated secure architectures from day one. Advanced AI Observability and Guardrails — detecting and blocking prompt injection and data loss at the conversation level — will be available in Q3 2026.
The Containment Era: Establishing a New Security Standard
More Read
“Detection tells you what happened. Containment determines how bad it gets,” said Doug Merritt, Chief Executive Officer of Aviatrix. “Today’s products are how we deliver containment for the workloads that matter most in 2026. AI agents that can reach anywhere are liabilities. AI agents governed by architecture are assets. When prevention fails and detection is too slow, containment decides whether the incident becomes a breach.”
Aviatrix Cloud Native Security Fabric is shipping infrastructure already running in production at Fortune Global 500 enterprises. One such enterprise was running a compromised component when the Cascade supply chain attack campaign hit. Same payload, same vulnerability as at other affected organizations. At organizations without workload-level containment, the attack completed in under three hours. At the Aviatrix customer, zero credentials were exfiltrated.
Availability and Resources:
About Aviatrix
Aviatrix® is pioneering the Cloud Native Security Fabric — the architecture the Containment Era requires. The Cloud Native Security Fabric governs every workload communication path across every cloud, every VPC, every Kubernetes cluster, and every serverless function, from a single policy plane. One rule. Universal propagation. Enforced at the workload, not at a chokepoint. Trusted by more than 500 of the world’s leading enterprises. For more information, visit aviatrix.ai.
