Definition
A security technique that learns the normal behaviour patterns of AI agents — what tools they call, which data they access, how frequently they act — and raises alerts when an agent deviates significantly from its baseline, indicating it may have been compromised or hijacked by a prompt injection attack. Traditional user behaviour analytics (UEBA) tools were built to monitor human logins and fail to detect anomalies in the high-frequency, automated actions typical of AI agents. Purpose-built AI agent behaviour analytics address this blind spot by treating each agent as a distinct identity with its own behavioural fingerprint.
Why it matters
Without AI-specific behaviour monitoring, a hijacked agent can operate inside the corporate network for extended periods using legitimate credentials, performing actions that look routine to tools designed to monitor human activity.