Zenity, a security and governance platform for AI agents, has announced the launch of runtime protection for OpenAI’s AgentKit, designed to provide enterprise-grade enforcement against data leakage, secret exposure, and unsafe agent behavior in real time.

This launch follows recent research from Zenity Labs, which identified vulnerabilities in OpenAI’s AgentKit guardrails, including susceptibility to prompt injection, response obfuscation, and credential exposure. The new runtime protection aims to address these identified gaps by inspecting agent behavior and intent at the endpoint, enforcing policy-based security to block noncompliant actions.

OpenAI’s AgentKit enables developers to build and deploy autonomous AI agents through components such as Agent Builder, ChatKit, and the Connector Registry. While it accelerates innovation in AI development, it also introduces an expanded attack surface, creating new security and compliance challenges for enterprises adopting AgentKit for internal and customer-facing workflows.

Zenity’s endpoint-level protection inspects every interaction between users and agents built with AgentKit, identifying and blocking risky behavior in real time. The platform employs deterministic, rule-based enforcement, applying predefined security rules to ensure predictable protection, in contrast to probabilistic guardrails.

The runtime detection and response capabilities extended to OpenAI AgentKit include Data Leakage Detection, which identifies and blocks attempts by agents to exfiltrate sensitive information; Secrets Exposure Prevention, designed to detect embedded credentials or keys in responses; and Unsafe Response Blocking, which prevents interactions that violate policy, compliance standards, or brand trust from being delivered to users.

Michael Bargury, CTO and co-founder of Zenity, stated, “AgentKit accelerates how AI agents are built and scaled, but it also expands the attack surface overnight. Our research shows that AgentKit’s guardrails can miss critical risks—from subtle prompt injections to hidden data leakage. Zenity’s runtime protection closes that gap by inspecting every response, understanding intent, and enforcing security policies.”

This offering aims to provide security teams with a method to address guardrail shortcomings in AgentKit as the adoption of agentic AI continues to grow. Zenity specializes in security and governance platforms for AI agents across various environments, including SaaS, cloud platforms, and end-user devices. The company focuses on full-lifecycle coverage, encompassing agent discovery, posture management, real-time detection, prevention, and response for enterprise clients.