AI safety concerns are everywhere. The technology industry is claiming to be able to address the reality of the risks that do exist from the base-level data provence and infrastructure layer, from the agentic policy control layer, from the controlled agentic code execution layer and from the upper observability layer. Working in that upper (but not necessarily superior) tier of observability is Codenotary, a company with an AI runtime observability platform. But are its tools of any substance?
The company’s AgentMon AI runtime observability platform is now monitoring more than three million AI-agent interactions per day across enterprise customer environments.
Security, compliance & anomaly detection
That triple million marker has allowed the organisation to flag what it says is a view into the fact that approximately 7% of all monitored AI-agent interactions triggered security, compliance, or operational anomaly detections.
That’s around 210,000 potentially unsafe or non-compliant AI events daily – and if the team produced that figure roughly last week (which it did), then we might imagine that that figure has hit a quarter million already (or it soon will) as enterprise AI systems are introducing a new category of runtime risk that traditional cybersecurity and observability platforms were not designed to detect.
“The emergence of large-scale AI runtime telemetry marks an important milestone in enterprise AI adoption,” said Dan Twing, president and chief operating officer, Enterprise Management Associates (EMA).
Hello AI, what “state” are you in?
Twing says that, today, the challenge with autonomous systems is not simply whether they execute. It is whether they “interpret state correctly” and then operate within established guardrails and produce the intended outcome. He thinks that telemetry of this kind provides important visibility into a problem that enterprises will increasingly need to govern as AI moves deeper into production operations.”
“Organizations are rapidly moving from isolated AI experiments to highly interconnected AI ecosystems operating across infrastructure, business systems, APIs, applications, and operational workflows,” said Moshe Bar, CEO and co-founder of Codenotary. “What we are observing at scale is that AI runtime behavior itself has become a new operational and security layer that enterprises must continuously monitor, govern, and enforce.”
How it works
AgentMon provides runtime observability for AI agents, autonomous workflows and agentic infrastructure by continuously monitoring interactions between AI systems, tools, APIs, infrastructure, and enterprise data environments. The platform identifies unsafe, anomalous, or policy-violating AI behavior in real time.
According to telemetry collected by AgentMon, the majority of detected anomalies were not associated with traditional malware or external attacks. Instead, most originated from unsafe or unexpected AI behavior occurring inside legitimate enterprise workflows.
Observed runtime risks included:
- Exposure of sensitive information such as passwords, API tokens, cryptographic material, financial records, healthcare data, and confidential internal documents;
- AI agents attempting actions outside approved operational boundaries;
- Interactions with unauthorized external services or restricted enterprise systems;
- Violations of internal governance controls or industry compliance policies;
- Recursive workflows and runaway task execution;
- Excessive token consumption and abnormal retry behavior;
- Prompt injection attempts and context poisoning indicators;
- Unsafe external tool usage and anomalous access patterns.
As enterprises deploy thousands of AI-assisted workflows across departments including finance, customer support, infrastructure operations, legal, manufacturing, and internal knowledge systems, even a relatively small percentage of unsafe behavior can rapidly scale into material operational, financial, or regulatory risk.
Beyond the endpoint
Traditional security and observability platforms primarily focus on endpoints, networks, identities, and applications. Agentic AI systems introduce an entirely new execution layer – one driven by autonomy, orchestration logic, context sharing, tool invocation, and machine decision-making behavior.
“Runtime governance for AI systems is quickly becoming foundational enterprise infrastructure,” Bar said. “The organisations succeeding with AI adoption are not the ones slowing deployment. They are the ones building visibility, telemetry correlation, policy enforcement, and operational governance directly into their AI runtime environments.”
The company has said that this milestone reflects broader acceleration in enterprise AI adoption, particularly as organisations increasingly deploy autonomous agents and AI-assisted operational systems into production.
AgentMon is part of Codenotary’s broader portfolio focused on runtime trust, software supply chain integrity, AI observability, and autonomous infrastructure governance.
What developers should think next
Codenotary’s telemetry data (and wider approach to AI execution analysis) may point to a reality that software application developers should take on and internalise soon i.e. AI agents quite definitely “fail differently” when compared to traditional software. What we mean by this is that they rarely “crash cleanly” and so they are more prone to “drift” in terms of leaning towards risk areas like prompt injection, context poisoning, runaway recursion and so on. Software application developers now looking to build agentic workflows clearly shouldn’t consider observability as an afterthought that can be bolted on post-deployment. Teams need runtime visibility baked into the architecture from day one so that engineers can actually ask themselves: do we know what our agents are actually doing between invocations and can the team detect when one interprets state incorrectly?
The t-shirt slogan for this story might read (okay, yes it’s too long, but go with this please)… the governance layer isn’t a compliance checkbox, for agentic systems, it’s load-bearing infrastructure.