How WSO2 is securing AI agents

Every vendor wants to claim their software uses AI, gen AI, or is in some way AI-enabled to make it easier to use. The latter claim always raises questions, as one would expect it to be a key user experience (UX) focus. For WSO2, bringing AI to its products, which has been a major focus over the last year, is about making things faster and enabling customers to automate more complex tasks.

To understand what that means for WSO2 customers, Enterprise Times talked with Vidura Gamini Abhaya, Vice President of Solution Architecture, WSO2. The first topic was the current roadmap and what the focus on AI would deliver.

According to Gamini Abhaya, there are four key product lines and, at a high level, two different angles for how AI will impact them. The product lines are API, Identity and Access Management (IAM), Integration and the Internal Developer Platform. Each line has its own open source and SaaS solution.

Gamini Abhaya described the focus of AI on those products as, “How do we use AI in our products to bring in, or improve, developer experience. There is also a focus on improving operational experiences with the product, especially when it comes to the internal dev platform. So that’s more along the lines of giving you more information, improving the efficiency and aspects like that.

“On the other side, if you are an organisation that is looking for or interested in building AI apps or AI-related apps, how can we make that a lot easier for you?”

What does this look like in terms of agent security?

WSO2 has made a number of product-related AI announcements this year. It started at WSO2Con in Barcelona when it announced it was making AI a first-class concept across all its product lines. Gamini Abhaya points to the use of AI to expose an API as a Model Context Protocol (MCP) server.

This serves two purposes. First, it makes it much easier for an organisation to discover and develop its APIs. Gamini Abhaya points out that this can be done with a single click, and no need for developers to write additional code.

Secondly, it makes that API much easier for an AI agent to utilise. Importantly, making it easier for AI to consume also means focusing on guardrails. Governance is something Gamini Abhaya says WSO2 is very focused on. That is a message that will resonate not just with customers, but also partners, especially as WSO2 looks to create a white label platform for Global SIs (GSIs).

Both of these are part of the WSO2 API Manager and Bijira announcements that it made in March. Bijira also builds on the Choreo API Management tooling, but is not a replacement.

Using AI to reduce data leakage

Governance is not the only area where WSO2 is looking to improve security and controls around AI. In March, it announced new features for its IAM products. Those were followed by more capabilities throughout the year.

Part of WSO2’s governance story around AI is how it can reduce the risk of data leakage. Gamini Abhaya said, “If you’re consuming an API that is external, you have certain plugins, or what we call AI guardrails. It will look at your prompts, the data that is going through to the other side and sanitise the queries.

“It could also rewrite the queries in a way that is more optimised for information security, PII information not being submitted, all of those things you can control as well.”

This use of AI to reduce data leakage makes sense. Organisations already have tools that are aimed at preventing data leakage, especially around PII. However, gen AI use and examination of the data has shown that these rules are often insufficient. Using AI to spot the extraction of data at the prompt level should help reduce the risk.

Gamini Abhaya continued saying, “The other part is identity. When you develop this agentic application, we feel that agents are now a first-class citizen in the identity and access management space. Just like you have users, you have applications, you have roles, and what they can do is based on permissions.

“Agents are also now one key entity that you have to manage. You will want to have some control, or definition, about how you give access to certain systems, information sources to agents.”

To address this, WSO2 launched, just before Oxygenate in London, updates to make AI agents first-class identities. This came as updates to Asgardeo and the open source WSO2 Identity Server.

Using API frameworks as a model for AI agent control

Treating AI agents as a first-class identity is one step, the other is how to control what it can access. OAuth2 is an authentication framework that is already widely used. From an AI perspective, it is already being used to deliver authentication with MCP servers.

Importantly, it would allow a two-way conversation between the agent and the user. The agent could say, “Hey, you want me to do this, but I need access to these systems.” The user could grant access, but limit it to read, and not write access. It’s a much more controlled approach than just allowing the agent to inherit all the user’s rights and permissions.

Gamini Abhaya says there is another option when you look at APIs. He said, “APIs are where you have authorisation frameworks through which you share information with applications. I don’t see a big difference between that and the agent side of things from an authorisation perspective.”

What makes that attractive is that users rarely know much about the hundreds of access rights and permissions that they have. Deciding what to grant to an agent becomes a non-trivial task, especially if it keeps coming back asking for more.

With the API model, Gamini Abhaya points out that there’s no identity for an API. It will require some work to bring that framework approach into a controlled space. He did suggest that we could use the API model as a base level for building agents and then give them additional permissions on a job-by-job basis. That would speed up creation and management of agents.

Enter Adaptive Authorisation

In effect, Gamini Abhaya says this creates adaptive authorisation, something that is already supported inside WSO2’s IAM solutions. It’s a scenario-based solution where you can add layers of authorisation or gates to harden security.

He commented, “The moment you recognise an agent as a first-class citizen within the IAM ecosystem, you have a way in which you can identify it. That enables us to use adaptive authentication to recognise different types of behaviour.”

In effect, this is similar to user behaviour analytics (UBA) for AI agents. With humans, you flag logins from different cities, countries, time zones, devices and other markers. They build a picture of what a human is doing and block unexpected behaviour until identity is proven.

With adaptive authorisation, Gamini Abhaya said, “This mechanism of adaptive authentication is in our products. You can build a business rule or a security rule to force another level of authentication to make sure that you are who you claim to be, and you can do what you’re trying to do.”

He went on to point out that one difference between humans and identities is the speed at which they carry out tasks. That could be an identifying characteristic to know who is doing the work, and then trigger additional security rules and authentication.

Enterprise Times: What does this mean?

WSO2 is getting out ahead of others when it comes to managing the complexity of securing AI in the enterprise. By embedding tools inside its products, it can use AI to automate tasks and detect data leakage. Importantly, AI can help developers identify APIs and make them available to other developers, especially as an MCP server. This gives AI agents full access to APIs without risking security.

But the bigger challenge for organisations is how to secure those AI agents. There are multiple models for how they will be used and, unsurprisingly, multiple suggestions on how to secure them. What Gamini Abhaya is looking at is how to best integrate the agents and security into the WSO2 tools without disruption.

That latter point, without disruption, is critical. The more complicated you make security, the faster users will find ways to bypass it. Treating AI agents as first-class identities means you can apply the same rules as you do for users. Importantly, you can then build additional controls on top to adjust for the risk that AI agents can bring.

This was a hugely interesting interview with Gamini Abhaya, and it will be interesting to see exactly what is announced when WSO2Con is rescheduled in early 2026.

The post How WSO2 is securing AI agents appeared first on Enterprise Times.