Cybersecurity firm Exabeam has announced a new security discipline called Agent Behavior Verification (ABV) and released an open-source reference implementation called Praxen, aimed at helping organizations ensure AI agents are properly configured and governed before they are deployed in production environments.
The announcement, made on June 23, 2026, from Broomfield, Colorado, addresses a growing challenge enterprises face as AI agents move beyond simple assistants to become autonomous operational actors capable of accessing systems, invoking tools, executing workflows, and making decisions with minimal human oversight.
The Problem ABV Solves
While existing security approaches such as vulnerability scanning and red teaming can monitor and test AI agent activity during runtime, Exabeam argues that organizations have lacked a practical method to assess whether an agent is prepared to operate safely before it enters production. Agent Behavior Verification is designed to fill that gap.
Rather than focusing solely on known vulnerabilities or individual code artifacts, ABV evaluates AI agents as complete systems. The framework defines an agent’s authorized role and checks whether its implementation, permissions, and controls actually align with its stated purpose — a concept Exabeam describes as ensuring an agent will “do its job, and only its job.”
Praxen: An Open-Source Implementation
To help organizations put ABV into practice, Exabeam is releasing Praxen as an open-source tool available under the Apache 2.0 license. Built as an agentic coding agent skill, Praxen uses what Exabeam calls an ABV “remit” — essentially a policy contract that defines what an agent is authorized to do, what resources it may access, and what operational boundaries it must respect.
Praxen evaluates whether an agent’s actual implementation, tools, configurations, memory, integrations, and operating environment match its specified remit. It then generates reports that include specific findings, actionable recommendations, and an overall maturity score reflecting the agent’s security posture before deployment.
“Organizations are rapidly moving from AI experimentation to operational deployment,” said Steve Wilson, Chief AI Officer at Exabeam and Founder and Co-Chair of the OWASP Gen AI Security Project. “As agents become digital workers, security teams need more than runtime visibility. They need confidence that agents have the right permissions, the right controls, and the right boundaries before they enter production.”
Wilson further noted that Praxen evaluates something distinct from traditional security tools: “Whether an agent’s capabilities, permissions, tools, and controls align with the role it was authorized to perform. This addresses one of the most critical risks introduced by highly autonomous agents.”
Real-World Application
Sherri Douville, CEO of Medigram, highlighted the practical value of Praxen’s approach. “The code-level remediation path it produced didn’t give us a risk report to file away. It gave us a precise engineering roadmap we could act on immediately,” she said. “In enterprise AI deployment, the gap between what an agent is authorized to do and what it is actually capable of doing is where operational risk lives.”
Part of a Broader Agent Security Strategy
Exabeam positions Agent Behavior Verification as the pre-deployment foundation of its wider agent security strategy. It is designed to complement the company’s existing Agent Behavior Analytics (ABA) capabilities, which focus on detecting anomalous or risky agent behavior once agents are already running in production. Together, the two components are intended to provide security coverage across the full agent lifecycle — from pre-deployment verification through ongoing runtime monitoring.
Open Source for Industry-Wide Adoption
By releasing Praxen under an open-source license, Exabeam is explicitly inviting the broader developer, researcher, and security community to examine the ABV framework, contribute enhancements, and apply its principles in their own environments. The company says the move is intended to help establish ABV as an open industry best practice at a time when standards for governing and verifying autonomous AI systems are still being defined.
Praxen is available now at https://open-agent-ai-security.github.io/praxen/ under the Apache 2.0 license.
Exabeam describes itself as the leader in Behavior Intelligence for the agentic enterprise, focusing on helping organizations manage the security implications of deploying AI-driven digital workers at scale.