Introducing a New Cloud Security Category: Agentic Cloud Security Platforms (ACSP)
The evolution from posture to runtime that defines the control layer CNAPP never built. What happens to cloud security when applications can act on their own?
New Category Definition From SACR
Every era of cloud security has been defined by the question it was built to answer.
When enterprises first moved to the cloud, the question was simple and urgent: what do we even have? CSPM was born, and for the first time, the cloud became legible. Compliance frameworks attached themselves to that visibility, and posture management became the anchor purchase of cloud security.
But knowing what exists is not the same as knowing what it is doing. As containers and rapid deployment reshaped the cloud, a resource could look perfectly configured while its workload was actively compromised. CWPP emerged to answer the second question: what is actually running, and is it dangerous? Then attackers taught the market a third lesson. The most reliable path through a cloud environment was rarely a missing patch. It was permissions. CIEM rose to answer the hardest question yet: who, or what, has the ability to take action?
By the early 2020s, buyers were drowning in the tools these three questions had produced. CNAPP was the market’s answer to that exhaustion: posture, workload, identity, IaC checks, vulnerability context, and compliance evidence converged into one platform with one data model and one prioritization layer. That consolidation was necessary, and it worked. It remains the foundation of every serious cloud security program today.
But the question defining the next era is different from every question that came before. Not what exists. Not what is running. Not who has access. The question is: can you make the correct security decision while the action is still in motion?
Today, SACR is publishing our deepest piece of cloud security research to date: Agentic Cloud Security Platforms: The Shift to Runtime Security, coauthored by Sean Sosnowski, and Lawrence Pingree. In it, we define ACSP, the runtime control layer that connects CNAPP evidence to governed execution decisions: whether a workload, API call, identity action, model interaction, or agentic tool invocation should proceed, be constrained, be remediated, or be escalated.
We partnered with Palo Alto Networks, which has licensed our research to make the full report free for everyone.
Names are included only to anchor the market landscape. They are not presented as a complete universe, a capability ranking, or a statement that each provider currently delivers the full ACSP model.
Key Takeaways From The Report
CNAPP remains the foundation for cloud security visibility; ACSP defines the runtime control layer that connects evidence to governed action while workloads, identities, APIs, data flows, and AI agents are still in motion.
Modern cloud security has matured around visibility, yet the operating gap is control. CNAPP unified posture management, workload protection, entitlement analysis, IaC checks, vulnerability context, and compliance evidence into one operating model. That convergence remains necessary. Its limit is architectural: many platforms still rely on periodic telemetry, API-derived state, delayed correlation, and human remediation queues while cloud workloads, identities, APIs, and AI-mediated actions change in seconds.
Agentic Cloud Security Platforms (ACSP) define the next control layer for this environment. An ACSP connects CNAPP evidence to live execution decisions: whether a workload, API call, identity action, model interaction, or agentic tool invocation should proceed, be constrained, be remediated, or be escalated. The category is anchored in runtime discovery, runtime exposure management, identity-aware decisioning, application and API control, AI workload security, pre-deployment guardrails, developer feedback loops, and audit-grade proof of actions and outcomes. For CISOs, the decision is whether current cloud security investments can preserve CNAPP’s visibility while proving active risk, governing live actions, and producing measurable reductions in exposure, investigation time, and recurring remediation work.
Five Core Themes On Cloud Security:
CNAPP solved fragmentation, not control. The distinction is architectural, not cosmetic. The real achievement of CNAPP was rationalizing posture and workload visibility. The center of gravity remained scans, snapshots, graph analysis, and remediation queues. Those mechanisms were built for governance and triage, not for adjudicating live execution. This tension was embedded in CNAPP from day one, and it is now the central fault line in the market. Our view is that the vendors who acknowledge this honestly will define the next phase, and the vendors who keep selling visibility as control will spend the next three years defending shrinking ground.
Cloud security has moved through four generations, and most platforms are still architected for the first three. The first generation was posture, inventory, and compliance. Generation two added runtime and workload depth. Generation three elevated identity and entitlements as attack paths. Generation four is AI and agentic execution, in which agents take action with delegated permissions.
We define five minimum conditions a platform must meet to qualify as ACSP. They must observe live execution paths across workloads, APIs, identities, data flows, and AI interactions; distinguish theoretical exposure from active, reachable, exploitable risk; apply identity-aware policy to human, machine, and agentic actions; execute governed intervention; and preserve audit-grade records of every decision. Miss one, and you have a better CNAPP, not an ACSP.
Runtime exposure management replaces ranked risk lists. CNAPP became very good at producing prioritized exposure queues without proving whether anything on them was live. ACSP inverts the question: is this component loaded into memory, reachable through the application path, exercisable given current identity and network context, and connected to data that matters? If not, it gets deprioritized.
Decisions require a four plane context graph, bound together by identity. Code and delivery provenance, cloud configuration and permissions, runtime behavior, and data context, with identity as the connective tissue, because every meaningful action is taken by a human, machine, service, or agent with some level of authority.
The report also includes our market landscape across AI coding security, platforms, and AI runtime vendors, included to anchor the market, not as a ranking. The full report covers the complete framework, the incident analysis, and the CISO evaluation criteria.
Authors
Sean Sosnowski serves as the Research Director for Security Operations and Cloud Security at SACR, where he leads research on SOC strategy and operations, detection engineering, and the evolving role of automation and agentic AI in security workflows. Drawing on a decade of intelligence experience in the U.S. Marine Corps he has authored several analytic reports on emerging technologies and threats regarding sensitive national security and military operations.
Lawrence Pingree is head of research at SACR, leading Data and AI Security research at SACR, where he covers data protection, AI security, and agentic security models. He brings almost 17 years of analyst experience from Gartner, 30 years in cybersecurity and has authored over 300 research notes across cloud security, endpoint defence, SD-WAN, and AI security
 | A guest post by
|