Development of Domestic Security Products to Protect AI Agents and Generative AI Begins

Mitsui Bussan Secure Directions, Inc. (Headquarters: Chuo-ku, Tokyo; President and CEO: Ooyama Suzuki; hereinafter referred to as "MBSD") and SMBC Cyberfront, Inc. (Headquarters: Chiyoda-ku, Tokyo; President and CEO: Yasunori Aoki; hereinafter referred to as "SMBC Cyberfront") will commence the development of domestic security products compatible with AI agents, with the aim of enabling the safe and secure utilization of AI agents. As part of this development, we also plan to conduct a Proof of Concept (PoC) assuming actual operation. This product will not provide specific AI agents or generative AI services, but will function as a domestic security product for their safe use. Instead of suppressing AI utilization, we will provide 'guardrails' to create an environment where companies can confidently introduce and utilize AI agents.

1. Market Background and Challenges
In recent years, AI-related technologies such as generative AI and AI agents have been rapidly developing. In software development, their use is expanding not only for code generation, testing, review, and operational support but also by general employees for tasks like market research and document creation to improve operational efficiency.
On the other hand, as the scope of information handled by AI and its execution privileges expand, new security risks and governance challenges are becoming apparent, including information leakage, generation of vulnerable code, and unintended operations.
In the future, with the anticipated increase in AI agents specialized for specific business tasks and services, leading to a proliferation of diverse AI agents, establishing a governance foundation that balances strengthening competitiveness through AI utilization with safe usage is expected to become an increasingly critical management issue for companies.

2. Overview of This Initiative
MBSD possesses extensive technical knowledge in the AI security domain and has been providing various services to government agencies and major corporations since 2016. SMBC Cyberfront, as the first cybersecurity subsidiary of a Japanese bank, has provided optimal services by leveraging its user-centric cybersecurity consulting expertise and acting as a bridge between management and specialized departments, while supporting customers nationwide.
Through joint deliberations to date, both companies have completed initial research on AI security and will now move into the development phase for advanced AI agent security products in Japan. By combining MBSD's AI security technology with SMBC Cyberfront's consulting expertise and customer base, we will establish a security environment that enables more companies to safely and securely utilize the ever-evolving AI.

3. Value Proposition and Product Features
This product will detect the use of unapproved AI services (Shadow AI) within an organization and inspect/control dangerous actions by AI agents (such as transmitting confidential information externally or executing dangerous commands). This will provide 'guardrails' to enable the introduction and promotion of AI utilization within safe boundaries.
As a domestic product, this product will offer the following features in accordance with Japanese regulations and business practices:

① Uniform Action Control Based on Organizational Policies
It allows for the application of unified organizational policies to AI agents operating within the company's environment.

② Inspection Interpreting Intent, Difficult for Rule-Based Systems
It can detect attack methods that are difficult for traditional rule-based systems to detect, such as multi-turn memory contamination attacks.

③ Choice Between Gateway or Proxy Type
Companies can select the optimal configuration (gateway type or proxy type) based on their implementation hurdles and visibility requirements.

④ Combination of Real-time and Post-execution Inspection
Enabling real-time inspection allows for proactive control of dangerous AI agent actions, preventing major incidents like information leakage before they occur.

⑤ Centralized Management and Tracking of All Action Logs
Centralized management of scattered AI agent action logs enables cause investigation and recovery response in the event of an incident, and can also be utilized as audit trails.

4. Regarding the Conduct of PoC (Proof of Concept)
In the development of this product, we will focus on the control engine for AI agents, for which de facto standards have not yet been established, and conduct a PoC.
This PoC will verify the technical feasibility and market suitability of multi-layered control combining rule-based systems, machine learning, and LLMs. Furthermore, this PoC is intended for user companies promoting AI utilization, and we will reflect findings from verification in actual environments into product development. (For details regarding participation, please contact the inquiry point below.)

The following schedule is planned, and we will promote the development and social implementation of this product as a foundation for realizing the safe utilization of AI by companies.

1st Half of 2026: PoC Implementation

2nd Half of 2026: Beta Release (Planned)

5. Company Profiles

About Mitsui Bussan Secure Directions, Inc.

Established in 2004 as a wholly-owned subsidiary of Mitsui & Co., Ltd., MBSD offers a wide range of advanced security technical services, including penetration testing/TLPT/red teaming, Web application/network vulnerability assessments, malware analysis, integrated log monitoring/Managed XDR services, and consulting services. It also provides AI security services (vulnerability assessments for AI systems, advisory, research and development), and is home to many of Japan's leading advanced security technical professionals. For more details, please visit our website (https://www.mbsd.jp/).

About SMBC Cyberfront, Inc.

SMBC Cyberfront is a joint venture established in February 2025 by Sumitomo Mitsui Financial Group, Inc., Mitsui Sumitomo Insurance Company, Limited, Cybereason Holdings, Inc., and eGuarantee, Inc. It primarily supports cybersecurity measures for small and medium-sized enterprises (SMEs) in Japan through medium-to-long-term regular consulting services. In the process, it proposes appropriate solutions for the specific challenges that emerge for its clients. For more details, please visit our website (https://www.smbc-cyberfront.co.jp/).

Inquiries

■ Mitsui Bussan Secure Directions, Inc.

Contact: Ishikawa, AI & Advanced Technology Promotion Department

Email: ai-sec@mbsd.jp

Tel: +81-3-5649-1961

■ SMBC Cyberfront, Inc.

Contact: Sakai, Business Planning Department

Email: hibiki.sakai.01@smbc-cyberfront.co.jp

Tel: +81-70-5598-6082