The recent Nvidia GTC event showcased a groundbreaking shift in the world of AI security. For the first time ever, security was integrated into a major AI platform release right from the start, rather than being added on as an afterthought months down the line. This move represents a significant step forward in addressing the rapidly evolving threats posed by agentic AI.
In a world where 48% of cybersecurity professionals view agentic AI as the top attack vector heading into 2026, the need for robust security measures is more pressing than ever. However, only 29% of organizations feel fully prepared to deploy these technologies securely. With machine identities outnumbering human employees by 82 to 1 in the average enterprise, and a 44% surge in attacks exploiting public-facing applications documented by IBM’s 2026 X-Force Threat Intelligence Index, the urgency of the situation cannot be overstated.
Nvidia CEO Jensen Huang emphasized the importance of securing agentic systems within corporate networks during his keynote address at GTC. Recognizing the critical nature of this issue, Nvidia collaborated with five leading security vendors to provide comprehensive protection for its AI stack. These vendors include CrowdStrike, Palo Alto Networks, JFrog, Cisco, and WWT, each specializing in different aspects of security governance.
The five-layer governance framework established by Nvidia and its security partners addresses key areas such as agent decisions, local execution, cloud operations, identity management, and supply chain security. By leveraging the strengths of each vendor, organizations can create a robust security posture that covers all layers of the AI ecosystem.
CrowdStrike’s Falcon platform plays a central role in enforcing security measures at multiple points within Nvidia’s OpenShell runtime. Palo Alto Networks focuses on securing the BlueField DPU hardware layer, while JFrog oversees the artifact supply chain from registry to deployment. WWT provides pre-production validation testing, and Cisco extends its Hybrid Mesh Firewall capabilities to Nvidia BlueField DPUs.
One of the key challenges in securing agentic AI systems lies in managing the blast radius of compromised agents. Unlike human attackers, AI agents operate at machine speed without the constraints of fatigue or downtime. CrowdStrike’s chief business officer, Daniel Bernard, highlighted the need for fail-safe mechanisms and rapid response protocols to mitigate the impact of errors in AI decision-making.
As organizations navigate the complexities of securing agentic AI, the collaboration between Nvidia and its security partners offers a blueprint for effective security governance. By adopting a multi-layered approach that addresses the unique challenges posed by AI technologies, enterprises can enhance their cybersecurity posture and protect against emerging threats in the digital landscape. In the complex world of multi-vendor deployments, companies are faced with the challenge of integrating various security solutions to protect their networks and data. One common approach is to use parallel guardrails, with different technologies enforcing security measures at different layers of the infrastructure. Two notable examples of this approach are Cisco AI Defense and Falcon AIDR, which operate as parallel guardrails in multi-vendor environments.
Cisco AI Defense and Falcon AIDR work together to provide comprehensive security coverage in multi-vendor deployments. AIDR enforces security measures inside the OpenShell sandbox, while AI Defense operates at the network perimeter. This dual-layered approach ensures that even if a threat manages to evade one guardrail, it will still be intercepted by the other.
On the other hand, Palo Alto Networks utilizes Prisma AIRS, running on Nvidia BlueField DPUs, to offload inspection to the data processing unit at the network hardware layer. This integration is part of the Nvidia AI Factory validated design, providing a unique approach to security in multi-vendor environments. While Palo Alto intercepts east-west agent traffic on the wire, CrowdStrike monitors agent process behavior inside the runtime, showcasing a different integration model and maturity stage.
JFrog has introduced the Agent Skills Registry, a system of record for MCP servers, models, agent skills, and agentic binary assets within Nvidia’s AI-Q architecture. This registry serves as a pre-deployment enforcement point in the stack, ensuring that every AI skill is scanned, verified, and signed before agents can adopt it. This proactive approach to security is crucial in preventing malicious actions by unvetted skills.
Worldwide Technology has launched a Securing AI Lab within its Advanced Technology Center, built on Nvidia AI factories and the Falcon platform. WWT’s vendor-agnostic ARMOR framework provides a pre-production validation capability, allowing organizations to test the integrated stack in a live AI factory environment before deploying it in production. This validation process helps surface control interactions, failure modes, and policy conflicts before they become incidents.
In the realm of Managed Detection and Response (MDR), CrowdStrike has fine-tuned Nvidia Nemotron models on first-party threat data and operational SOC data from Falcon Complete engagements. Internal benchmarks show significant improvements in investigation speed, triage accuracy, and query generation within Falcon LogScale. Kroll, a global risk advisory and managed security firm, has validated these results in production, confirming the operational efficacy of the CrowdStrike-Nvidia stack.
Several enterprises have already deployed the CrowdStrike-Nvidia stack for their security needs, including EY, Nebius, CoreWeave, and Mondelēz North America. These organizations have seen tangible benefits from utilizing this integrated security solution, allowing their teams to focus on higher-value response and decision-making.
While the five-vendor stack offers a comprehensive governance framework, there are still gaps that need to be addressed. Key areas of concern include agent-to-agent trust, memory integrity, and registry-to-runtime provenance. These challenges highlight the complexity of managing security in multi-vendor environments and the need for ongoing vigilance to ensure comprehensive protection.
Ultimately, running five vendors across multiple enforcement layers introduces operational overhead that must be carefully managed. Organizations must have a clear implementation plan in place to orchestrate policies, normalize telemetry data, and manage change control effectively. A phased rollout approach, starting with pre-deployment security measures and gradually expanding to runtime enforcement, can help organizations navigate the complexities of multi-vendor security deployments. Running all five simultaneously from day one is an integration project, not a configuration task. Budget for it accordingly.
What to do before your next board meeting
Every Chief Information Security Officer (CISO) should be able to confidently state after implementing the framework above: “We have evaluated all autonomous agents against five governance layers. Here is what we have in place, and here are the five questions we are asking vendors.” If you are unable to make that statement currently, the issue is not that you are falling behind schedule. The real problem is the absence of a schedule altogether. Five vendors have just delivered the foundational structure for one.
Before your next board meeting, follow these steps:
1. Conduct the five-layer audit: Review every autonomous agent your organization is utilizing in production or staging. Align each one with the five governance layers mentioned above. Identify which vendor questions you can address and which ones remain unanswered.
2. Determine the number of unanswered questions: If there are three or more unanswered questions, it indicates ungoverned agents in production. This should be a key focus for your board, not just an item on the backlog.
3. Test the open gaps: Challenge your vendors with specific questions such as how they manage agent-to-agent trust across MCP delegation chains, detect memory poisoning in persistent agent stores, and demonstrate a cryptographic binding between the registry scan and the runtime load. None of the vendors at GTC have a comprehensive answer to these questions. This is not an indictment but rather an opportunity to enhance agentic security in the coming year.
4. Establish the oversight model before scaling: As Bernard aptly stated, it is essential to involve both agents and humans in the process. Achieving 96% accuracy at five times the speed means errors can outpace detection by traditional Security Operations Centers (SOCs) designed for human-speed response. Therefore, implementing kill switches and fail-safes before scaling up operations is crucial to prevent potential breaches.
While the architectural scaffolding is vital, it is not sufficient on its own. The impact it has on your security posture relies on whether you view the five-layer framework as a practical tool or merely a checkbox in the vendor presentation.