Exabeam has introduced Agent Behavior Verification (ABV), a new security discipline designed to help organizations evaluate whether AI agents are properly configured, authorized and governed before they are deployed into production environments.

The company said the announcement addresses a growing challenge as AI agents evolve from assisting users to performing operational tasks with greater autonomy. These agents increasingly access enterprise systems, invoke tools, execute workflows and make decisions independently, creating new security considerations before deployment.

According to Exabeam, existing security approaches such as vulnerability scanning and red teaming focus on governing, monitoring and testing agent activity during runtime. ABV is intended to address a different stage of the lifecycle by helping organizations determine whether an AI agent is prepared to operate safely before entering production.

Rather than concentrating on individual vulnerabilities or code artifacts, ABV evaluates AI agents as complete systems. The framework enables organizations to define an agent's authorized role and assess whether its implementation, permissions and security controls align with its intended purpose.

To support adoption of the discipline, Exabeam also announced the release of Praxen, an open source reference implementation of ABV.

"Organizations are rapidly moving from AI experimentation to operational deployment," said Steve Wilson, Chief AI Officer at Exabeam and Founder and Co-Chair of the OWASP Gen AI Security Project. "As agents become digital workers, security teams need more than runtime visibility. They need confidence that agents have the right permissions, the right controls and the right boundaries before they enter production. Agent Behavior Verification helps answer a fundamental question: will this agent do its job, and only its job?"

Praxen uses what Exabeam describes as an ABV remit, a policy contract defining what an AI agent is authorized to do, what resources it may access and the operational boundaries it must follow. The platform helps developers and operators verify whether an agent's implementation, tools, configurations, memory, integrations and operating environment align with its defined role.

The company said Praxen identifies gaps between intended and implemented behavior, providing recommendations to developers before deployment. Its reports include findings, suggested improvements and an overall maturity score for the agent's security posture.

"Traditional security tools help identify vulnerabilities in software," Wilson said. "Praxen evaluates something different: whether an agent's capabilities, permissions, tools and controls align with the role it was authorized to perform. This addresses one of the most critical risks introduced by highly autonomous agents and establishes a stronger foundation for ongoing governance throughout the agent lifecycle."

Exabeam said ABV serves as the pre-deployment component of its broader AI agent security strategy and complements ABA, which is designed to identify anomalous or risky agent behavior in production environments.

Built as an agentic coding agent skill and released under the Apache 2.0 license, Praxen is intended to be transparent, extensible and accessible to developers, researchers and security practitioners.

"Most security tools tell you what's vulnerable. Praxen asked a different question entirely: Does this agent's actual behavior match the governance or work remit it was built to enforce?" said Sherri Douville, CEO of Medigram. "The code-level remediation path it produced didn't give us a risk report to file away. It gave us a precise engineering roadmap we could act on immediately. In enterprise AI deployment, the gap between what an agent is authorized to do and what it is actually capable of doing is where operational risk lives."

Exabeam said it is releasing Praxen as an open source project to encourage broader adoption of Agent Behavior Verification as an open best practice. The company said open sourcing the framework allows developers, researchers and security practitioners to review the technology, contribute enhancements and apply ABV principles within their own environments.