NetworkCloud

Security & Compliance Agents

Microsoft Sentinel AI, Splunk AI, CrowdStrike Charlotte AI, Palo Alto XSIAM

What it is

Agents detecting threats, investigating incidents, running compliance checks, and in some deployments, taking automated remediation actions.

What it accesses

Full network traffic, endpoint telemetry, identity systems, cloud infrastructure, and remediation tooling.

What can go wrong

A security agent with autonomous remediation permissions can take action on a false positive — blocking legitimate users, isolating systems, or deleting what it incorrectly identifies — at machine speed, before any analyst reviews the decision.

How Sunbeam helps

Scanner finds it

Network and cloud scanners detect SIEM AI deployments and agentic security tooling. Egress scanner identifies outbound connections to security AI APIs.

CIM controls it

CIM requires REQUIRE_APPROVAL for all remediation actions. Audit log provides tamper-evident record of every decision.

Related incident

See what happened when this went wrong →

Relevant regulations

NIS2 Directive

DORA Article 16

ISO 27001 A.16

Detection surfaces

Network

Cloud

Find every security & compliance agent in your organisation.

Under 10 minutes. Five surfaces. No prior knowledge required.

Talk to us