Skip to content
  • +55 (11) 3375 0133
  • contato@nova8.com.br
Linkedin-in Facebook-square Instagram Youtube
  • EN-US
  • PT-BR
  • ES-MX
Nova8
  • #Nova8is10!
  • Portfolio

    Checkmarx

    Application security testing solution

    Cequence

    API security platform

    Snyk

    Security for Developers

    IRONSCALES

    Application security testing for companies

    Upwind

    Cloud Security platform

    CORO

    Simplified Cybersecurity

    Invicti

    Web Security Tool for Vulnerability Detection

    See all solutions
  • Services

    VAD

    The only Value-Added Distributor (VAD) in Latin America mentioned in the Gartner Market Guide

    Center of Excellence Nova8 in Cybersecurity

    Accelerate your technical and strategic training with Nova8's innovation hub.

    Nova8 Consulting in Cybersecurity

    Strategy, efficiency and real protection for critical applications and data.

  • Cases
  • Blog & Materials
Contact us
Nova8
  • Home
  • Blog

AI agents and corporate data: how to govern this new risk

  • Nova8 Security Research Team
  • June 30, 2026
  • Blog, Cequence, Materials

Interview with Fernando Salla, AI Security Sales Director at Cequence

During the Cequence COMPANY KICK-OFF (CKO) in Santa Clara, one message gained strength: companies want to leverage the potential of artificial intelligence to grow, scale operations, and increase productivity, but this advancement needs to come with governance, visibility, and control.

The focus was on a specific change: the arrival of AI agents in the corporate environment. These agents access APIs, applications, internal tools, and sensitive data, starting to operate as digital collaborators capable of interacting with multiple systems, interpreting context, and executing actions within business processes.

In conversation with Nova8, Fernando Salla, AI Security Sales Director at Cequence, explains how the updates presented at the COMPANY KICK-OFF (CKO) connect Cequence’s experience in Bot Defense and API Security to a new governance front: AI Gateway and Agent Personas, aimed at controlling AI agents’ access to systems, APIs, applications, and corporate data.

The interview below delves into this movement in three stages: the new development presented at the COMPANY KICK-OFF (CKO), the history of Cequence in bot and API protection, and the future outlook for companies seeking to govern AI agents’ access to corporate systems without losing control over data, applications, and critical processes.

1. New Development: AI agents as new risk surface

Nova8: Fernando, what stood out most at Cequence’s COMPANY KICK-OFF (CKO) in Santa Clara?

Fernando Salla:
The main message was that companies want to use AI to gain productivity and scale, but they need to do so securely. AI agents are already starting to access systems, APIs, and corporate data. This requires governance, visibility, and control from the outset.

Nova8: In what aspects are AI agents similar to automations and bots, and in what ways do they require a distinct governance approach?

Fernando Salla:
AI agents are similar to automations and bots because they also perform actions, make calls, and access information. But they go beyond a traditional bot: they can interpret context, interact with multiple systems, and operate on business objectives. Therefore, they need clear limits on what they can access, what actions they can execute, and how their activities will be monitored and audited.

Nova8: Where is the risk for companies?

Fernando Salla:
The risk lies in allowing agents to operate without proper governance. An agent can access sensitive data, perform actions outside its scope, interact with critical systems, or consume APIs without a clear policy of identity, authorization, and traceability. The issue is not to allow or block AI, but to ensure that each agent accesses only what it should, does only what it is authorized to do, and has its actions monitored and auditable.

Nova8: How does the AI Gateway address this challenge?

Fernando Salla:
The AI Gateway acts as an orchestration and governance layer between AI agents and corporate systems. It helps control how these agents access APIs, applications, and data by applying policies, permissions, limits, and visibility over their actions. This allows the organization to advance with AI agents without giving up control, traceability, and operational governance.

Nova8: Besides agents’ access to corporate systems, there is also the risk of information leakage through prompts and interactions with LLMs. How does governance of access done by the AI Gateway differ from the specific protection of LLMs and prompts?

Fernando Salla:
They are complementary layers but with different functions. The AI Gateway helps govern agents’ access to systems, APIs, applications, and corporate data. Meanwhile, LLMs and prompts security addresses risks such as exposure of sensitive information, misuse of data in interactions with models, and potential leaks through inputs and responses generated by AI. For a secure strategy, companies need to integrate these fronts without confusing their roles.

Nova8: What are Agent Personas?

Fernando Salla:
Agent Personas are profiles that define the role, scope, and limitations of each AI agent. They help determine which APIs and systems the agent can access, what actions it can perform, who can use it, and what restrictions should be applied. This makes governance more practical as it translates identity, authorization, and access policies into operational profiles.

Banner from Nova8 and Cequence about Agentic AI with governance, highlighting a material with 10 considerations for enterprise AI projects in production.

2. Cequence History: from Bot Defense to API Security and AI agents

Nova8: To understand this development, it’s worth returning to the origins of Cequence. How does this story begin?

Fernando Salla:
Cequence began with a very strong foundation in Bot Defense. The initial demand was to protect applications against malicious automated traffic, bot attacks, business logic abuse, and digital fraud.

Since the beginning, a key point was differentiating legitimate users, legitimate bots, and fraudulent bots. Not every bot is bad; there are valid crawlers, integrations, and automations. The challenge is understanding behavior, intent, and risk.

This behavioral understanding became an important foundation for the platform’s evolution and helps contextualize the new discussion about AI agents. The difference now is that it’s not just about differentiating legitimate or malicious automated traffic, but governing authorized digital entities that can access systems, consume data, and execute actions within the corporate environment.

Nova8: How did this foundation evolve into API Security?

Fernando Salla:
APIs have become central to digital business. Cequence evolved to help companies discover, protect, and govern APIs, including exposed, unknown, or obsolete APIs. The focus is on understanding who accesses, how they access, and whether that behavior represents a risk.

Nova8: What is the connection between API Security and AI agents?

Fernando Salla:
AI agents access APIs to perform tasks and consume data, creating a direct connection with the corporate API protection strategy. It’s important to separate the layers: API Security protects APIs against attacks, abuse, and undue exposure, regardless of AI use. Meanwhile, the AI Gateway governs how authorized agents access these APIs, what permissions they have, what actions they can execute, and how this behavior will be monitored.

Nova8: And now, what changes in the conversation with clients?

Fernando Salla:
The conversation shifts from simply protecting APIs against external attacks to including the governance of authorized agents accessing data, applications, and corporate systems. This requires a broader view of identity, authorization, behavior, context, usage limits, and traceability. At the same time, it’s important to differentiate this front from other security layers, such as API Security and LLM Security.

Nova8: In your view, why does this topic need to be translated for different audiences within organizations?

Fernando Salla:
Because AI agents are not a discussion restricted to the security team. They impact architecture, data, applications, productivity, governance, and operational risk.

For a CISO, the central point is understanding data exposure, control, and protection. For a CTO, the discussion involves integration, architecture, and safe use of AI without hindering operations. For business areas, the topic appears as productivity, automation, and efficiency but needs to be accompanied by clear boundaries.

This is where a consultative approach makes a difference. Before discussing technology, it’s important to understand where AI agents are already being used, which processes they support, which systems and APIs they access, which data they consume, which decisions or actions they can execute, and which risks need to be mitigated. Only then does it make sense to discuss which control layers are appropriate, including AI Gateway, API Security, and security of LLMs and prompts.

3. Future Outlook: AI with Governance, Adaptation, and Control

Nova8: Looking ahead, what will be the major challenge for companies with AI agents?

Fernando Salla:
The major challenge will be balancing productivity and governance. Companies will increasingly use AI agents to automate processes, support teams, speed up decisions, and improve digital experiences.

However, the more these agents connect to applications, APIs, and data, the greater the need for control. Who defines what an agent can access? How to limit their actions? How to audit their behavior? How to prevent them from operating out of scope? How to ensure that AI agents access only the necessary systems and data, execute only authorized actions, and have their activities monitored, governed, and auditable?

These questions will enter the security, technology, and business agendas.

Nova8: What is the future promise of Cequence in this context?

Fernando Salla:
The promise is to help companies govern the use of AI agents without hindering innovation. Cequence adapts to the client’s business, their workflows, APIs, data, and rules, providing a control layer to ensure that agents only access what they should and execute only what they are authorized to. The protection needs to follow how each organization operates.

Nova8: Why is this adaptation to the business important?

Fernando Salla:
Because each sector uses AI differently. A bank, a telecom, and a retailer have distinct risks, data, and processes. The solution needs to respect this context rather than forcing the client to change their operational model to fit into the tool.

Nova8: Which sectors are likely to feel this need first?

Fernando Salla:
Sectors with high digital intensity and a strong dependence on APIs are likely to feel this need first. Banks, telecommunications, retail, and large digital platforms are good examples.

However, practical scenarios should be built from each client’s reality: which processes are involved, which systems are accessed, which data is consumed, which actions can be executed, and which risks need to be mitigated.

Nova8: How can partner channels transform this topic into an educational conversation with their clients?

Fernando Salla:
The best approach is to start from the client’s reality. Ask where the company is already using AI, which areas are creating agents, which processes these agents support, which systems and APIs they access, which data they consume, which actions they can execute, and whether there is a clear policy to control, monitor, and audit this access.

From there, the conversation evolves naturally. The channel doesn’t need to sell fear. It can help the client see a new risk that arises along with a real opportunity for productivity.

It’s a conversation about maturity: how to allow AI agents to access APIs, applications, and corporate data with identity, authorization, governance, monitoring, and traceability.

Nova8: To conclude, what message would you leave for companies wanting to advance with AI agents?

Fernando Salla:
AI will continue to advance within companies. The question is whether this advancement will be accompanied by governance.

AI agents can generate productivity, speed, and scale. But they need to operate with identity, authorization, clear limits, visibility, and control. The future will not be about choosing between innovation and security. The future will be creating the right architecture so that each agent accesses only what it should, executes only what it is authorized to, and has its actions monitored and auditable.

Cequence is looking to this future based on its experience in Bot Defense, API Security, and automated behavior analysis. The goal is to help companies govern AI agents securely, tailored to their business, and connected to the protection of APIs, applications, systems, and corporate data.

The new developments presented at Cequence’s CKO (COMPANY KICK-OFF) in Santa Clara emphasize an important shift in the security agenda: AI agents move from being merely a promise of productivity to requiring operational governance.

For companies, the challenge is not simply to allow or block AI, but to understand which agents access APIs, applications, systems, and data, which actions they can perform, and how this behavior will be controlled, monitored, and audited. For channels, there is an opportunity to bring a consultative conversation to clients, connecting AI Gateway, API Security, and other layers of protection to the real context of each business. Nova8 supports this movement by connecting Cequence’s technology to context, training, meetings, demonstrations, and demand generation.

AI agents are already starting to access corporate APIs, applications, systems, and data. The next step is to ensure that this advancement happens with governance, visibility, and control.

Nova8 supports companies and channels in building this journey by connecting Cequence’s technology to the real context of each business, with a consultative approach, training, and technical support.

Discuss with Nova8 how to govern AI agents’ access to corporate APIs, applications, and data with more security.

Talk to a Nova8 specialist
  • nova8

Navigate by theme

  • Materials
  • Blog
  • Cequence
  • Nova8 Ecosystem
  • Checkmarx
  • Coro
  • Cybersecurity Distribution
  • Market Strategy
  • value-added distributor
  • Cases

Navigate by solution

  • Snyk
  • Upwind
  • Cequence
  • Coro
  • Ironscales
  • Checkmarx

Segurança começa pelo Colaborador

Stay Ahead of Cyber Threats

Explore our insightful materials such as e-books, whitepapers, articles, and blog content to learn all about cybersecurity trends.

See more
AI Experience o que o encontro da Nova8, Cequence e CISO’s Club mostrou sobre governança de IA e segurança de APIs
  • April 9, 2026
  • Cequence

AI Experience: what the meeting between Nova8 Cybersecurity, Cequence, and CISO’s Club revealed about AI governance and API security

The AI Experience demonstrated how AI already enables businesses but requires governance, guardrails, and API security. See the key insights from the event.
Read more
Nova8 RSA
  • March 30, 2026
  • value-added distributor

RSAC 2026: what really mattered at the world’s largest cybersecurity event

See the key insights from RSAC 2026, highlighting the role of AI, market positioning, and strategic learnings observed by Nova8 Cybersecurity.
Read more
Nova8_Cequence
  • March 16, 2026
  • Nova8 Ecosystem

AI Gateway, Agentic AI, and Corporate APIs: Why Cequence Has Become Strategic for Secure AI Adoption

Learn how Cequence's AI Gateway helps companies connect AI agents to APIs and applications with authentication, control, and monitoring.
Read more
Linkedin-in Facebook-square Instagram Youtube

Al. Rio Negro, 585 - Torre Jaçarí - 13º andar
Conjunto 134 - Alphaville, Barueri - SP, 06454-000

  • +55 (11) 3375 0133
  • contato@nova8.com.br

Company

  • #Nova8is10!
  • Events
  • VAD
  • Center of Excellence
  • Consulting
  • Work at Nova8
  • Privacy Policy
  • Code of Ethics

Portfolio

  • Checkmarx
  • Upwind
  • Cequence
  • CORO
  • Snyk
  • IRONSCALES
  • Invicti
  • Bright
  • Riskified
  • MazeBolt
  • Mend
  • Request a quote

Content

  • Clients and Cases

Copyright © Nova 8 Cybersecurity - 2025 - Todos os direitos reservados

Desenvolvido por Tech4Biz

Search
Nova8
  • EN-US
  • PT-BR
  • ES-MX
  • #Nova8is10!
  • Portfolio
    • CORO
    • Upwind
    • Cequence
    • CORO
    • IRONSCALES
    • Checkmarx
  • Services
    • Center of Excellence in Cybersecurity for Resellers and Technical Teams
    • Cybersecurity Consulting with a Focus on AppSec
    • Services – Value-Added Cybersecurity Distributor
  • Cases
  • Blog & Materials
  • Contact Us
  • #Nova8is10!
  • Portfolio
    • CORO
    • Upwind
    • Cequence
    • CORO
    • IRONSCALES
    • Checkmarx
  • Services
    • Center of Excellence in Cybersecurity for Resellers and Technical Teams
    • Cybersecurity Consulting with a Focus on AppSec
    • Services – Value-Added Cybersecurity Distributor
  • Cases
  • Blog & Materials
  • Contact Us
  • +55 (11) 3375 0133
  • contato@nova8.com.br
Linkedin-in Facebook-square Instagram Youtube
Search
Saiba mais
Search