Exabeam has recently announced the expansion of Exabeam Agent Behavior Analytics (ABA), extending behavior detection and response to OpenAI ChatGPT and Microsoft Copilot.
Capabilities close the visibility gap in AI usage
The expansion applies behavior profiling and analytics to the digital workforce, as organizations don’t have direct visibility into how employees are using AI assistants, including what they query, what data they share, how frequently they interact, and from where.
Enterprises are struggling to baseline normal AI behavior, investigate potential misuse, and detect emerging agentic insider threats.
Exabeam brings visibility across ChatGPT, Copilot, and Gemini
By providing new support for detecting agent behavior in OpenAI’s ChatGPT and Microsoft Copilot, and leveraging existing visibility into Google Gemini, agentic services can be transformed into sources of behavior telemetry that feed directly into Exabeam threat detection, investigation, and response (TDIR) workflows.
The expansion of Exabeam ABA includes the delivery of five new capabilities:
- AI Behavior Baselining: Exabeam builds dynamic behavior profiles for users and their AI agents to track patterns across request volumes, token usage, tool invocations, web sessions, and outbound activity. When behavior deviates from established norms, Exabeam will flag the anomaly to help security teams detect misuse before it escalates.
- Prompt and Model Abuse Detection: Exabeam detects prompt injection, model manipulation, and tool exploitation before threat escalation. A new detection library covers the full threat spectrum: prompt manipulation and shadow AI activity. All surfaced at the point of entry, not after damage is done.
- Identity and Privilege Monitoring: Exabeam detects anomalies across AI platform roles, users, and permissions, including first-time role assignments, unexpected privilege escalations, and unusual permission changes, ensuring AI identities are governed as traditional enterprise identities are.
- Agent Lifecycle Monitoring: Exabeam provides full visibility into the creation, modification, and usage of AI agents, surfacing first-agent-creation and invocation events as discrete, auditable signals. Security teams will be able to track the complete lifecycle of every agent operating in their environment, closing the governance gap that has made agent activity invisible to most organizations.
- Coverage for OWASP Top 10 for Agentic AI: Exabeam monitors agent behavior against the OWASP Top 10 for Agentic AI. This brings measurable coverage to a threat category that previously lacked a defined framework, establishing a benchmark for governing and defending AI agents in the enterprise.
“AI agents are evolving from simple chatbots into autonomous digital workers,” said Steve Wilson, chief AI and product officer at Exabeam.
“They authenticate, access systems, and execute real business processes. When compromised, their activity will often look legitimate. Guardrails designed to catch prompt injection or hallucinations do not address that risk. Securing digital workers requires deep visibility into baseline behavior and the ability to detect subtle deviations before they become material incidents.”
Exabeam also enhances platform for security analysts
The new Exabeam capabilities are accompanied by enhancements across the Exabeam New-Scale and LogRhythm Platforms that improve the day-to-day experience for administrators and security analysts.
The enhancements will continue to deliver visibility and automated responses that help teams streamline workflows, reduce alert fatigue, and accelerate threat detection.
“AI is rapidly reshaping how organizations operate, compete and grow, creating a new, digital workforce that helps them move faster and at scale,” said Pete Harteveld, CEO at Exabeam.
“As this transformation accelerates, leaders are compelled to understand how these systems operate inside the enterprise. Our expansion of Agent Behavior Analytics helps organizations stay protected from emerging risks while adopting AI with confidence and maintaining the oversight and accountability required to proliferate these capabilities across an enterprise.”





