Unbound AI Announces Agent Access Security Broker (AASB), a New Market Category for Governing AI Coding Agents

SAN FRANCISCO — March 2026 — Unbound AI today announced the Agent Access Security Broker (AASB), a new market category created to solve the security, compliance, and governance gap introduced by AI coding agents. Unbound also announced its AASB platform, which helps enterprises discover which AI coding agents are in use, understand their risk, and enforce guardrails over what those agents can see, touch, and do.

AI coding agents such as Cursor, Claude Code, GitHub Copilot, and Windsurf are quickly becoming a default interface for software development. They can modify files, run terminal commands, provision infrastructure, interact with internal APIs, and connect to external tools through Model Context Protocol (MCP) servers. While those capabilities can dramatically improve engineering productivity, they also create a new attack surface that traditional AppSec, IAM, CASB, and endpoint tools were not designed to govern inside live developer workflows.

The need is urgent. As AI coding agent adoption accelerates, security teams are being asked to enable developer productivity while still meeting internal security policy, compliance obligations, and audit requirements. Yet many organizations still cannot answer basic governance questions: which agents are running, how they are configured, which MCP servers are connected, which terminal commands are being executed, and what human approvals exist for high-impact actions. Without a dedicated governance layer, autonomous systems can end up operating with production-level permissions and minimal oversight.

AASB is designed to close that gap. Similar to how Cloud Access Security Brokers created a control layer for cloud applications, an Agent Access Security Broker creates a control and enforcement layer between AI coding agents and the systems they interact with; including IDEs, terminals, files, APIs, infrastructure, databases, and external tool servers.

“CASB was built for a world of human access to SaaS. AI coding agents changed the problem. Enterprises now need to govern software that can read, write, execute, connect, and act with enterprise permissions. We created the AASB category because the industry needs a control plane for agent access before the first destructive command, unsafe MCP action, or compliance gap forces the issue.”

What Unbound AASB Delivers

Unbound AASB gives enterprises a practical path to govern AI coding agents at scale by enabling them to:

• Discover AI coding agents, versions, sub-agents, rules, and connected MCP servers across the organization
• Identify risky configurations such as auto-approve settings, excessive permissions, and unsanctioned tool access
• Audit, warn, block, or require approval for destructive terminal commands, unsafe MCP actions, and sensitive data flows
• Produce audit-ready evidence for security, compliance, and internal policy review
• Roll out progressive governance without forcing developers off the AI tools and IDEs that make them productive

“Security leaders do not need another reason to say no to AI coding agents. They need a way to say yes safely. Unbound lets organizations keep the productivity gains of AI coding tools while giving security and compliance teams visibility, policy, approvals, and evidence over the highest-risk actions.”

Unbound is the first vendor dedicated to the AASB category and sees AASB as the successor control plane to CASB for the age of agentic software development. CASB remains important for governing human access to cloud applications. But CASB does not natively control live terminal access, govern MCP actions, or evaluate the runtime behavior, configuration posture, and tool connections of AI coding agents. AASB was built for that new reality.

These are not isolated events. Industry data confirms the governance gap is systemic. A 2025 JetBrains survey of nearly 25,000 developers found that 85% regularly use AI tools for coding and software development, while a separate study found that 49% of enterprise employees use AI tools not sanctioned by their employers. Meanwhile, Astrix Security's research revealed that 53% of MCP servers rely on insecure, long-lived static credentials, and a July 2025 scan discovered over 1,800 MCP servers connected to the public internet with virtually no authentication. Gartner predicts 40% of enterprise applications will integrate task-specific AI agents by the end of 2026, up from less than 5% in 2025, yet only 29% of organizations report being prepared to secure those deployments.

Unbound is uniquely suited to lead the category because its platform was built for exactly this problem. In early production deployments, Unbound has already intercepted hundreds of instances of excessive agency; including agents acting beyond what was explicitly requested, including restarting services after code changes, pushing commits directly to repositories without user instruction, executing destructive terminal commands during change freezes, and connecting to unsanctioned MCP servers. The platform focuses on the control surfaces that matter most in AI coding environments: agent discovery, configuration auditing, runtime visibility into terminal and MCP activity, policy enforcement, human-in-the-loop approvals, data guardrails, and progressive rollout from audit mode to full enforcement.

Availability

Unbound AASB is available now.

About Unbound AI

Unbound AI is creating the Agent Access Security Broker (AASB) category: the governance layer for AI coding agents. The Unbound platform helps enterprises discover AI coding agents, assess their risk, and enforce guardrails over terminal access, MCP actions, sensitive data flows, and high-impact workflows without sacrificing developer productivity.