Xiid & Cytex link AI governance with zero trust access

Xiid and Cytex have formed a strategic partnership linking an AI security and governance product with a network access product designed to reduce exposed attack paths in critical infrastructure.

The arrangement combines Cytex's AICenturion platform with Xiid's Terniion zero trust application control platform. It aims to support continuous monitoring and faster response when organisations detect suspicious activity, while helping address compliance pressures and increased scrutiny of cyber incidents, particularly in regulated industries.

Security teams have faced a steady rise in account takeovers, credential abuse and phishing campaigns. At the same time, more organisations have adopted AI tools in daily work. Many deployments sit outside formal governance processes, creating gaps in visibility, data protection and policy enforcement.

AI governance

Cytex positions AICenturion as a security and governance layer for AI use. It is designed to discover AI services, track usage, protect sensitive data and enforce internal policies. Cytex also offers an embedded AI engine called LEO, described as a tool for risk discovery and remediation.

In many organisations, governance discussions have centred on approved models, approved data sources and acceptable-use rules. Security teams must also consider how AI tools interact with identity systems and access controls. Shadow use of consumer AI services remains a concern because it can lead to data leakage and unauthorised processing of confidential information.

Connectivity layer

Xiid's Terniion sits on the access side and is positioned as a way to remove exposed pathways attackers use for discovery and lateral movement. Xiid links the product to its SealedTunnel technology, which it says uses outbound-only connections and multiple layers of encryption. It also describes the approach as having "quantum-secure" properties.

The partnership uses monitoring and governance signals from Cytex alongside Xiid's access controls. The companies describe a workflow that identifies suspicious activity and then changes connectivity patterns so assets become non-routable from an attacker's perspective. The approach reflects a broader industry shift towards reducing external exposure rather than relying only on detection and response.

Regulatory pressure

The companies cited a tightening regulatory environment as a driver of joint customer demand. Public companies in the US face cybersecurity disclosure requirements from the Securities and Exchange Commission. In Europe, the EU AI Act adds obligations around AI systems, while the Digital Operational Resilience Act sets expectations for operational resilience in financial services. The Cyber Resilience Act introduces security requirements for products with digital elements.

In the US healthcare sector, the Department of Health and Human Services has signalled work on strengthening the HIPAA Security Rule. Hospitals and health systems continue to face ransomware and data theft, often linked to credential compromise and third-party access.

The partnership is positioned for industries that must balance fast incident response with documentation and reporting obligations. Security leaders are also watching how regulators interpret "reasonable" security measures when AI is used in workflows involving sensitive data.

Agentic threats

The announcement also reflects concern that autonomous or semi-autonomous AI agents could shorten the time attackers need to exploit exposed accounts. Gartner has said AI agents will reduce the time it takes to exploit account exposures by 50% by 2027. McKinsey has reported a surge in phishing attacks since the rise of generative AI. Forrester has predicted agentic AI deployment will cause a public breach this year, leading to employee dismissals, according to the companies.

Security teams are already reporting higher volumes of targeted phishing and more convincing social engineering. Automated tooling can also speed up reconnaissance and credential testing across services. The trend increases the importance of limiting what an attacker can reach, even after gaining an initial foothold.

Cytex chief executive Andrew Surwilo said enterprises need governance and security foundations for AI adoption.

"As enterprises race to harness the transformative power of AI agents across their workflows, a foundational security and governance layer is mandatory for safe, compliant, and scalable adoption," said Andrew Surwilo, CEO, Cytex.

He added: "While industry is embracing the benefits of AI, the organizations that embed secure-by-design governance with proactive risk management and automated remediation will emerge as the clear leaders in the enterprise landscape."

Xiid chief executive Steve Visconti said AI-driven detection and containment should be paired with preventive controls that reduce repeatability of attacks.

"There's no foolproof way to protect your organization, but AI-driven solutions that identify threats in real time, automatically contain them, and then harden the environment against repeat attacks can go a long way in making enterprises more secure and compliant," said Steve Visconti, CEO, Xiid.

He added: "This collaboration creates the potential to deploy Terniion as a deterministic, preventive security fabric along with Cytex's threat protection solution, giving customers the real-time ability to spin up SealedTunnel connections as new threats are identified so critical assets become non-routable and any potential lateral movement is stopped before it starts."

The partnership will package the two product lines for organisations seeking combined AI usage governance and controls that reduce exposed access paths across environments, including deployments that use AI agents.