Agent fabric changes how enterprises govern AI agent identity

At a glance

What this is: Agent fabric is a control plane for AI agent identity that discovers, registers, and governs agents across runtimes and clouds.

Why it matters: It matters because identity teams now need enforceable policy and auditability for non-human actors that can hold scopes, move across platforms, and operate at machine speed.

By the numbers:

• Enterprises will see 80x more agents than human users within two years.
• 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.

👉 Read Strata Identity's analysis of agent fabric for AI agent identity governance

Context

Agent fabric is a governance layer for AI agents that sit outside the assumptions built into human IAM and application control planes. The problem is not that agents exist, but that they appear across LLM frameworks, API runtimes, CI/CD pipelines, and clouds without a single place to bind identity, scope, and accountability.

Strata Identity frames the answer as a registry and orchestration layer that makes agent identity visible, policy-driven, and auditable. That matters for agentic AI programmes because a distributed agent estate creates shadow access faster than conventional identity teams can catalogue it.

Key questions

Q: How should security teams govern AI agents across multiple clouds and runtimes?

A: Security teams should govern AI agents through a central identity registry that binds each agent to scopes, purpose, owner, TTL, and revocation state, then enforce policy consistently across every runtime. The goal is not just discovery but attributable control, so unmanaged agents cannot operate as invisible exceptions across cloud and CI/CD environments.

Q: What breaks when AI agents are deployed without a registry?

A: Without a registry, teams lose the ability to tie runtime behavior to a verifiable identity, which means scopes, audit trails, and revocation become fragmented or invisible. That creates shadow agents, over-permissioning, and weak accountability across distributed environments.

Q: How do you know if AI agent access governance is actually working?

A: It is working when every agent has an owner, a verifiable identity binding, a limited scope, a clear TTL, and a revocation path that is enforced across environments. If any of those fields are missing, the programme can describe access but cannot reliably govern it.

Q: What is the difference between agent fabric and ordinary application governance?

A: Application governance focuses on apps and APIs as the controlled objects, while agent fabric governs AI agents as runtime actors that can move across frameworks, clouds, and pipelines. The difference is that agents need identity continuity and policy portability, not just application-level access rules.

Technical breakdown

Agent identity registry and runtime bindings

An agent fabric uses a registry as the source of truth for each agent's identity binding, function, scopes, TTL, revocation state, audit trail, and risk level. In practice, that means the control plane must know not only that an agent exists, but what it can do, where it runs, and which identity object represents it in the directory. Without that binding, the agent is operationally real but governably invisible. The architecture is closer to identity inventory plus policy enforcement than to simple discovery, because the security value comes from tying runtime activity back to a verifiable identity record.

Practical implication: inventory agents as governed identities, not as loose integrations, and require a registry record before any scope is activated.

Federated trust across clouds and runtimes

Agent fabric is designed for distributed trust, which is necessary because AI agents do not stay inside one provider or platform. A single estate can span Entra, Okta, AWS, on-premises runtimes, and CI/CD pipelines, so the control plane must federate policy rather than centralise execution. This is where identity orchestration matters: it connects human identity fabric, app fabric, and agent fabric so policy, logging, and enforcement remain consistent across environments. The technical challenge is not authentication alone, but maintaining policy continuity when the actor moves between stacks.

Practical implication: map which platforms can assert, consume, and log agent identity so policy does not break at federation boundaries.

OAuth scope auditing and shadow agent detection

Agent fabric adds control where many current environments are weakest: scope visibility. Agents often inherit broad OAuth scopes, then operate with permissions that are difficult to interpret at runtime. By auditing scopes against function, purpose, and business context, the fabric turns over-permissioning into a detectable state rather than a hidden assumption. This is particularly important for shadow agents, because unmanaged agents with privileged scopes can look like ordinary service activity while still acting outside policy. The governance problem is therefore both identity sprawl and entitlement drift.

Practical implication: continuously review agent OAuth scopes against declared function and remove any privilege that is not traceable to a documented use case.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Agent fabric is becoming the missing identity tier for AI agents, but only because existing IAM models were never built for runtime actors that appear and disappear across multiple execution environments. Human IAM assumes stable subjects, while app governance assumes stable integrations. AI agents break both assumptions by moving through frameworks, clouds, and pipelines with no single control point, so the real issue is not visibility alone but governable identity at runtime. Practitioners should treat agent fabric as the control-plane response to identity fragmentation.

Shadow agents with privileged scopes create identity blast radius faster than traditional service accounts. The problem is not simply that agents have access, but that their access can be created, reused, and obscured across multiple environments before governance catches up. That makes scope, function, and revocation state the core fields of control, not nice-to-have metadata. The practitioner takeaway is that unregistered agents are not edge cases, they are latent policy exceptions.

Agent identity fabric is a named governance concept worth adopting because it describes a control problem that neither human IAM nor workload identity fully covers. It is the layer that binds agent runtime behaviour to policy, audit, and revocation across distributed environments. That framing is useful because it shifts the conversation from tool coverage to identity accountability, which is what security and compliance teams actually need. Practitioners should use it to separate agent governance from generic automation management.

The scale signal matters as much as the architecture signal. If enterprises are heading toward 80x more agents than human users, then identity operations built around human-centric review cycles will become structurally insufficient. The volume change is not just more of the same, it changes how quickly policy exceptions accumulate and how hard it becomes to attribute action to actor. Practitioners need to plan for agent population management as a first-order identity problem.

Zero Trust still applies, but agent fabric shows that enforcement must move closer to the actor and its runtime identity rather than stop at the network or application boundary. This is where identity orchestration becomes operationally important because it can carry policy, logging, and assurance across environments. The implication for practitioners is clear: if identity context does not travel with the agent, trust becomes local, fragmented, and easy to lose.

From our research:

• Enterprises will see 80x more agents than human users within two years, according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• That visibility gap is why the Ultimate Guide to NHIs remains relevant as teams extend governance from service accounts to agent identities.

What this signals

Agent fabric will force IAM programmes to treat AI agents as governed identities, not as a side effect of application automation. The practical signal is that discovery, ownership, and revocation will need to be tracked as first-class identity events across clouds and runtimes. Teams that do not already map agent identity bindings should expect policy drift to appear faster than their normal access review cadence can absorb.

With 80x more agents than human users on the horizon, the governance burden shifts from individual exception handling to scalable identity operations. That makes the registry concept operationally useful because it creates a place to anchor audit, scope review, and revocation across heterogeneous stacks. For practitioners, the next planning question is not whether to govern agents, but which control plane will hold the accountability record.

Agent identity fabric is the point where Zero Trust, NHI governance, and runtime orchestration start to overlap. If that overlap is not designed intentionally, teams will end up with isolated controls that cannot follow the agent from one environment to another. The programme signal is to align identity orchestration, audit, and policy enforcement before distributed agent adoption outruns manual oversight.

For practitioners

• Build an agent registry before scaling deployments Record each AI agent's identity binding, declared function, scopes, TTL, revocation state, and owner before allowing production access. Treat the registry as the control point that makes shadow agents visible and auditable.
• Audit OAuth scopes against declared agent purpose Compare each agent's granted scopes with its intended function and business unit, then remove permissions that are broader than the runtime task requires. This is the fastest way to surface over-permissioned agents in distributed environments.
• Federate policy across runtimes and IDPs Map how agent identity is asserted and verified across Entra, Okta, AWS, on-premises workloads, and CI/CD pipelines so policy, logging, and revocation remain consistent at every boundary.
• Treat shadow agents as governance exceptions Require discovery workflows that flag agents without a registry record, then block or constrain any agent that cannot be tied to an accountable owner and a verifiable identity object.
• Link agent lifecycle to revocation controls Attach TTL and revocation metadata to every agent identity so expired or retired agents cannot continue to act with inherited access across clouds and tools.

Key takeaways

• Agent fabric addresses a real governance gap: AI agents need identity controls that follow them across runtimes, clouds, and pipelines.
• The scale problem is already visible, with agent populations expected to outgrow human users by 80x within two years.
• Enterprises should treat agent registries, scope audits, and revocation state as mandatory identity controls, not optional architecture details.

Key terms

• Agent Fabric: An agent fabric is an identity control plane for AI agents. It discovers, binds, and governs agents across clouds and runtimes so their scopes, ownership, audit trail, and revocation state remain visible and enforceable as they move through the enterprise.
• Identity Orchestration: Identity orchestration is the layer that coordinates identity policy, logging, and enforcement across multiple systems. For AI agents, it keeps identity context portable so authorisation and audit do not break when the actor moves between platforms or execution environments.
• Shadow Agent: A shadow agent is an AI agent operating without a documented identity record, owner, or governance path. In practice, it is the agentic equivalent of shadow IT, except the access can be more dynamic, more distributed, and harder to revoke after deployment.
• Agent Registry: An agent registry is the authoritative inventory of agent identity bindings, permissions, risk, TTL, and revocation information. It turns runtime AI activity into a governed object that can be audited, constrained, and removed when the actor no longer has a valid business purpose.

Deepen your knowledge

AI agent identity governance is a core topic in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for distributed agents, it is worth exploring from the same starting point.

This post draws on content published by Strata Identity: agent fabric and AI agent identity governance. Read the original.