Operant launches Endpoint Protector to inline-block risky AI prompts at endpoints

AI security is moving down to the laptop. That’s the basic shift behind Operant AI’s new Endpoint Protector, launched on May 4 as part of its broader AI Defense Platform. The idea is simple enough — don’t wait for risky prompts, secret leaks, or rogue tool calls to show up in cloud logs after the fact. Inspect them right where employees actually use AI: in IDEs, desktop clients, coding agents, MCP clients, and plugins. (markets.businessinsider.com) ### What exactly launched? Operant launched Endpoint Protector as a generally available endpoint product for enterprise IT and security teams. It is meant to discover, monitor, and block risky AI activity across employee devices, including prompts, MCP-connected workflows, skills, tools, and plugins. That puts it closer to an endpoint control plane than a classic cloud AI firewall. (operant.ai) ### Why does the endpoint matter so much? Because that is where “shadow AI” actually lives. Employees are using sanctioned tools, unsanctioned tools, coding assistants, and local desktop clients that touch source code, HR records, finance systems, and internal workflows before any centralized security layer sees the traffic. If the risky action happens on the device, cloud-only controls can be too late. (helpnetsecurity.com)ecures-ai-agents-and-mcp-tools/)) ### What is it trying to block? Three things keep coming up: prompt injection, secret leakage, and rogue tool use. Prompt injection is when outside content manipulates the model into doing something it should not. Secret leakage is exactly what it sounds like — keys, tokens, or sensitive data getting pasted or exposed. Rogue tool calls are the agent version of overreach —(helpnetsecurity.com)ects those interactions “at the source,” before they leave the endpoint. (operant.ai) ### Why is MCP all over this story? MCP — Model Context Protocol — is becoming the connective tissue for AI tools calling external resources and services. That is useful, but it also widens the attack surface. OWASP’s MCP guidance frames the risk as a mix of prompt injection, supply-chain exposure, and confused-deputy problems across hosts, clients, servers, and connected tools. So when Operant says it wants visibility into MCP client(operant.ai)hat is where the trust boundary keeps breaking. (cheatsheetseries.owasp.org) ### Is this just one company chasing a trend? No — it lines up with a broader market turn toward agent management and runtime governance. ZDNET’s latest piece on agent management platforms makes the point pretty clearly: the number of agents is growing, sprawl is becoming a real enterprise problem, and companies now need lifecycle, policy, and observability controls for fleets of agents, not j(cheatsheetseries.owasp.org)whole category. (tech.yahoo.com) ### So is this endpoint security or agent security? Turns out it is both. Traditional endpoint security watches files, processes, and network behavior. Agent security has to watch prompts, context, tool permissions, and execution paths. Endpoint Protector is basically where those two worlds meet — a runtime checkpoint sitting in front of the AI workflow instead of behind it. That is the more important angle here. (operant.ai) ### What’s the catch? Inline control only helps if companies can deploy it without breaking the tools employees already use. The harder problem is not spotting risky behavior in a demo. It is enforcing policy across a messy mix of sanctioned copilots, local clients, MCP servers, plugins, and homegrown agents without slowing everyone down or flooding teams with false positives. That part still has to be proven in real deployments. (op([operant.ai)# Bottom line? The news is not just that Operant shipped another AI security product. It is that security controls are moving into the live path of AI work — right onto employee endpoints — because that is where agentic behavior, MCP connectivity, and data exposure now start. (markets.businessinsider.com)