Thales | Security for What Matters Most
More About This Author >
Thales | Security for What Matters Most
More About This Author >
As enterprises rapidly adopt agentic AI, a new architectural layer is emerging: the AI Agent Gateway. Google’s upcoming solution represents a pivotal shift - serving as the control plane for interactions between users, AI agents, models, and external tools. But with this innovation comes a dramatically expanded attack surface.
To address these challenges, Thales is partnering with Google to deliver end-to-end security visibility, threat detection and protection across every interaction flowing through the AI Agent Gateway. From securing client-to-agent, agent-to-LLM and agent-to-MCP workflows, Thales’s Imperva Application Security platform is going to provide an additional layer of visibility and security to help organizations move faster without compromising standards.
Securing Client-to-Agent Interactions (Making the Agent Play by Your Rules)
The entry point to any AI agent is the user, and this is precisely where attackers begin their journey. To address this evolving threat landscape, Thales recently announced the Controlled Availability of Imperva for Google Cloud (IGC). This new application security solution is designed to operate natively within Google Cloud Platform (GCP), enabling organizations to protect web applications and APIs without forcing traffic outside Google’s infrastructure. This architectural shift finally solves the long-standing tradeoff between performance, cost efficiency, and enterprise-grade security.
By sitting natively within the GCP environment, Imperva for Google Cloud provides deep inspection of all inbound traffic from clients to the agent. It acts as a robust shield against the OWASP Top 10 risks, including injection attacks, broken authentication, and API abuse. For example, security teams can now precisely select which AI clients or frameworks are permitted to interact with an agent, ensure constant accessibility by preventing DDoS attacks, and verify that all user input is sanitized before it ever reaches the model.
This native foundation powers our specialized Agentic AI Controls, which provide the visibility and governance necessary to manage the "silent" traffic generated by autonomous agents and agentic browsers:
- Real-Time Visibility: Gain immediate insights into AI traffic patterns, with the ability to distinguish between human users and various classes of AI agents.
- Verified Trust: Allow trusted actions by verified AI agents and agentic browsers, ensuring your legitimate automation can move at full speed without friction.
- Neutralize Threats: Automatically identify and block malicious, spoofed, or unwanted activity before it can compromise your agentic workflows.
With Imperva for Google Cloud, you no longer have to choose between the speed of innovation and the safety of your infrastructure. You simply set the rules, and we ensure your agents play by them.
More details can be found here: https://www.imperva.com/products/imperva-for-google-cloud/
Thales is committed to enhancing the partnership with Google's agent cloud and will deliver additional capabilities natively integrated into the Agent cloud and agent gateway ecosystem:
Securing Agent-to-Model Communication
Imperva extends its inspection capabilities to traffic between agents and models, enforcing protections aligned with the OWASP Top 10 for LLMs. This includes preventing prompt injection, detecting data leakage, and stopping abuse of model capabilities through crafted inputs.
By analyzing prompts and responses in real time, Imperva ensures safe interaction between agents and models.
Securing Agent-to-Tool (MCP) Interactions
Modern agents invoke tools and services via protocols such as MCP, enabling access to databases, APIs, and external systems.
Imperva inspects agent-to-MCP traffic to detect unauthorized tool execution, anomalous tool calls, and malicious parameter injection. This enables full visibility into tool usage and enforcement of least-privilege controls.
Unified Security Layer
The collaboration between Thales and Google provides a unified security layer across:
- Client ↔ Agent: WAF and Bot Protection
- Agent ↔ Model: LLM-aware inspection
- Agent ↔ MCP/Tools: Tool invocation security
This enables organizations to adopt agentic AI securely in a simple and concise way.
Ready to Secure Your Agentic Future?
The "Agentic Cloud" offers unprecedented efficiency, but it requires a security posture that understands intent, not just signatures. By bringing Imperva natively to Google Agent Cloud, we are giving customers the visibility tools to scale your AI future with confidence.
Next Steps:
- Secure agentic AI and LLM-powered applications with our AI Security Fabric.
- Explore Imperva for Google Cloud to learn how enterprise-grade WAF, API security, and bot protection capabilities can be easily deployed across Google Cloud.
- Review the latest research on top AI cybersecurity threats in our Data Threat Report and Bad Bot Report.