Cequence Security has released Cequence Platform 9.0, an AI native update designed to make API security data accessible through conversational queries, automation workflows, and enterprise AI agents.
Now generally available, the platform includes a built in AI Assistant, an open Model Context Protocol server, a compliance ready risk rules library mapped to 25 global regulatory frameworks, and a rebuilt API security engine aimed at large enterprise environments.
Instead of requiring security and IT teams to navigate dashboards or understand the product interface in advance, Platform 9.0 allows practitioners to ask plain language questions such as “What is my biggest risk right now?” and receive ranked findings based on live platform data. Cequence said the same capability can also be exposed to a customer’s own agents, security orchestration tools, or automation workflows through the MCP architecture.
Read only actions can run freely, while any proposed write action requires explicit human approval and shows the exact change before it is applied. That approval step is central to Cequence’s approach as more enterprises give AI systems access to operational and security workflows.
Ameya Talwalkar, CEO and Co-Founder at Cequence, said: “Most vendors looked at the agentic era and added a chatbot. We looked at it and rebuilt the architecture. Cequence Platform 9.0 exposes the entire Cequence platform through an open MCP architecture so any agent can operate it directly, whether through our built-in AI Assistant, or a customer’s own agent. That is what AI-native actually means: the UI becomes optional. We are building for the way the agentic enterprise already works, while making sure a human approves every change along the way.”
APIs sit at the centre of modern enterprise systems, connecting applications, customer channels, data stores, partner platforms, and automated processes. As organisations adopt agentic AI, those interfaces are becoming more numerous and more important to secure, particularly where agents are authorised to retrieve information, trigger actions, or interact with live business systems.
Platform 9.0 adds more than 250 pre-built risk rules, a fourfold increase on the previous version. The rules are mapped to frameworks including OWASP API Security Top 10, PCI DSS, GDPR, HIPAA, SOC 2, ISO 27001, NIST CSF, DORA, NIS2, LGPD, SAMA, and MAS TRM.
Cequence said one click reports draw from live data, map findings to specific controls, score risk by control area, and provide remediation guidance. The platform also includes observe mode, allowing teams to test proposed rules without raising formal issues, and a test panel to validate rules against sample request and response data before activation.
That compliance layer gives the release a broader role than threat detection alone. Regulated organisations are increasingly being asked to show how systems are governed, monitored, assessed, and remediated. API security tools therefore need to support evidence generation and control mapping as well as discovery, classification, and policy enforcement.
Shreyans Mehta, CTO and Co-Founder at Cequence, said: “Most security chatbots are only as useful as the person asking the questions, which means they fall flat in the hands of anyone who is not already an expert. We built the Platform 9.0 agent differently. It runs a full agentic loop, planning which tools answer the question, calling them, and synthesising ranked, evidence-backed recommendations while showing you exactly how it got there. When it does not have the tool to do something, it tells you instead of guessing. That governance-first design is not an afterthought. It is the same conviction behind the Cequence AI Gateway, and it is what makes this safe to put in front of any practitioner on Day 1.”
The company has also reworked the platform’s API security engine. Cequence said Platform 9.0 supports a 50x increase in API endpoints while maintaining sub-five-second page load times across every view, with lower CPU usage intended to reduce infrastructure costs, particularly for on-premise deployments.
Similar governance pressures are already visible across enterprise AI programmes, where AI agents are gaining authority faster than internal controls can mature. Security teams are being asked to support productivity gains without allowing automation to obscure accountability, evidence, or approval rights.
For API security vendors, discovery and monitoring are no longer enough. Customers need tools that can interpret large estates, explain risk, draft rules, map findings to regulation, and fit into the automation patterns already spreading across IT and security operations. The more authority agents gain, the more important it becomes that the systems around them can show what changed, who approved it, and which evidence supported the action.
Cequence Platform 9.0 is immediately available for new customers.





You must be logged in to post a comment.