Eve Security is a company that provides an agentic AI observability and policy enforcement platform, using Agent-in-the-Loop (AITL) technology to monitor, secure, and govern the behavior of AI agents interacting with critical business systems. Pulse 2.0 interviewed Eve Security co-founder and CEO Nadav Cornberg about the company making two significant announcements: ZigiWave’s choice to deploy Eve to its Fortune 500 customers and a patent filing for a technology that is already integrated into Eve’s platform (Interregotation-as-a-Service) that observes and takes action on rogue AI agentics with an emphasis on why they’ve gone rogue.
Pulse 2.0 (Amit): ZigiWave is deploying Eve to its Fortune 500 customers — what specific use cases are those customers adopting first (e.g., SOC automation, IAM, endpoint, app security), and why?
Eve Security (Nadav): ZigiWave is using Eve Security for policy enforcement in its Zigi MCP server, which operates its
ZigiWave’s ZigiOps – a no-code integration and automation platform that enables enterprises to connect disparate systems quickly and securely. With the recent addition of the Model Context Protocol (MCP), ZigiOps expands its ability to support modern, agent-driven integrations.
Pulse 2.0 (Amit): What does Eve’s platform actually “observe” when it comes to AI agents — prompts, tool calls, data access, identity context, network activity, code changes, or something else?
Eve Security (Nadav): Eve observes any call made by the agent and can connect to understand the reasoning and actions.
Pulse 2.0 (Amit): How do you define a “rogue” AI agent in your system, and what are the most common paths that lead an agent to go rogue in real enterprise environments?
Eve Security (Nadav): Rogue can be an agent that was manipulated by a prompt injection or is hallucinating, which causes it to perform an action that is not typical. Any action that is not typical that can harm the organization, that agent will be considered rogue.
Pulse 2.0 (Amit): Your patent filing mentions “Interregotation-as-a-Service” — what is it in plain English, and what problem does it solve that existing security tools don’t?
Eve Security (Nadav): Imagine you are a bank manager and one of your employees asks for the keys to the vault, you will probably ask “why” do you need to do that. Our interrogation does the same with AI agents.
Pulse 2.0 (Amit): When Eve detects a rogue AI agent, what actions can it take automatically (containment, credential revocation, workflow interruption, rollback, quarantine), and how do you prevent false positives from disrupting operations?
Eve Security (Nadav): When we detect an anomaly with an AI agent, if the task is of high risk to the organization, we can block it and alert the SOC team. Depending on the interrogation results, Eve might automatically approve new behaviors when it’s deemed to be an accepted new behavior. When we conclude that it is rogue, we can alert the SOC team or integrate with the SOAR to take action.
Pulse 2.0 (Amit): How do you determine why an agent went rogue — is it based on intent inference, policy violations, environment changes, compromised credentials, model drift, adversarial prompting, or misconfigured permissions?
Eve Security (Nadav): During our interrogation, we get the reasoning behind an action, this allows us to understand the reason why that agent came to this action and then decide on the next steps. Next steps could be altering the behavior or recommending in the SOC team to engage with that vendor to improve their product, among other actions.
Pulse 2.0 (Amit): What’s required to deploy Eve inside a large enterprise — integrations, time-to-value, where it sits in the stack, and how it works with existing SIEM/SOAR/EDR/IdP tooling?
Eve Security (Nadav): For our AIDR solution, we typically integrate with the SIEM and some security sensors such as an EDR or NGFW. The deployment takes around a week, but it can be a matter of hours. For our inline solution, we typically sit on top of existing gateways or our gateway can be used. Since we provide a gateway hosted in our cloud, the customer can see value from both solutions in a matter of days. In time, the customer typically deploys our gateway in their native cloud. Our policy engine integrates with IdP / DLP and other systems to provide the most accurate policy engine to evaluate AI agent calls.
Pulse 2.0 (Amit): What early results can you share from the ZigiWave deployment (detection rates, time-to-containment, reduction in incident response workload), and what milestones should we watch for over the next 6–12 months?
Eve Security (Nadav): I can’t share the results of this deployment quite yet, butI can tell you that customers typically experience the full picture of what agentic activity is running in the organization and what are the risks. Customers are also deploying our gateway to enforce a policy inline between those agents and critical systems.
