CyberArk Debuts AI Security Tools in AWS Marketplace to Rein in Agentic Chaos

As enterprises rush to integrate AI agents into their development workflows, the security risks of unchecked agentic autonomy are mounting. Now, CyberArk—the identity security heavyweight—has planted its flag in the growing fight to control these intelligent assistants.

The company has announced the launch of two critical offerings—CyberArk Secure Cloud Access (SCA) MCP Server and CyberArk Agent Guard—in Amazon’s new AI Agents and Tools category within the AWS Marketplace. The move aims to bring zero-trust principles and credential control directly into the heart of AI-driven cloud environments.

Guarding the Gates of Agentic AI

It’s not hard to see why CyberArk is leaning in. Their recent research found that 68% of organizations lack identity security controls for AI agents, a vulnerability that opens the door to credential sprawl, unmanaged access, and potential breaches—especially in multi-cloud ecosystems that are notoriously fragmented.

"The promise of agentic AI can be undermined by inadequate security controls, which introduce risk and increase the likelihood of a breach,” said Peretz Regev, Chief Product Officer at CyberArk. “With SCA MCP Server and Agent Guard, organizations can implement Zero Standing Privileges to maintain more secure and scalable AI-first operations."

Tools That Play Nice With Developers—and Lock Down Secrets

CyberArk’s SCA MCP Server delivers just what its name implies: managed cloud privilege. But its real power lies in making Zero Standing Privileges (ZSP) frictionless. It embeds secure access into native developer tools—like IDEs and CLIs—so dev teams can request and receive scoped, time-bound access to AI tools like Amazon Q or Claude without hardcoded credentials or over-permissioned roles.

Meanwhile, Agent Guard, which is also available as an open source project, acts as a watchdog for LLM-based agents. It tracks their tool calls in real time, logs inputs and metadata, and ensures sensitive secrets never get baked into the agent’s environment. Think of it as a black box recorder for AI workflows—except one that can also revoke your plane ticket if it senses danger.

Crucially, Agent Guard integrates with secret providers like CyberArk Secrets Manager and AWS Secrets Manager, ensuring secrets are injected securely and monitored continuously. Developers get observability and flexibility. Security teams get peace of mind.

Marketplace Momentum for AI Security

CyberArk’s presence in the new AI Agents and Tools category signals AWS’s growing focus on safe AI deployment. By enabling procurement through existing AWS accounts, enterprise customers can bypass lengthy vendor evaluations and legal red tape—accelerating their time-to-value while maintaining centralized control.

It’s also a nod to how identity and access management (IAM) must evolve in the age of AI. The shift isn’t just from human users to machines—it’s from single-user tools to autonomous, interconnected agents that can spin up cloud resources, modify infrastructure, and call external APIs without direct human involvement.

By focusing on ZSP, scoped permissions, and real-time observability, CyberArk is staking a claim to the identity layer of the agentic AI stack. In Regev’s words: “Offering [these tools] through AWS Marketplace... helps stop excessive standing access, privileges and permissions from becoming scattered through cloud environments.”

In a world where your AI assistant can be your best developer—or your biggest liability—CyberArk wants to make sure it stays the former.