AI agent governance reaches the public sector through Carahsoft

At a glance

What this is: This is a public sector partnership announcement focused on AI agent security and governance, with the key finding that agencies need visibility and policy enforcement for agents that act on systems and data.

Why it matters: It matters because IAM, PAM and NHI programmes now have to account for autonomous access paths that can outpace human-paced review, especially in regulated and mission-critical environments.

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.

👉 Read Zenity's analysis of AI agent security and governance for public sector agencies

Context

AI agents are moving from task automation into systems that can decide, act and interact with sensitive data without a human approving every step. That shift changes the identity problem from authenticating a user to governing a non-human actor whose access, behaviour and tool use can vary at runtime.

For public sector teams, the governance gap is immediate: discovery, posture management and policy enforcement must now extend across SaaS, cloud and endpoint environments. The relevant question is whether existing IAM and NHI controls can observe agent behaviour before that behaviour creates operational or policy risk.

Key questions

Q: How should security teams govern AI agents that can take actions on behalf of users?

A: Security teams should govern AI agents as identities with observable behaviour, not just as application features. That means inventorying where the agents run, defining the data and tools they can touch, and enforcing runtime policy that can stop unsafe actions before they complete. Human approval alone is not enough once the agent can act independently.

Q: Why do AI agents complicate existing IAM and NHI controls?

A: AI agents complicate IAM and NHI controls because they can change behaviour during execution, which makes static access decisions incomplete. Traditional governance assumes an identity is granted a role, uses it predictably and remains visible long enough for review. Autonomous behaviour breaks that assumption and pushes control toward runtime enforcement and continuous observation.

Q: What breaks when AI agent access reviews are treated like standard entitlement reviews?

A: What breaks is the timing model. Standard entitlement reviews assume access persists long enough to be observed, certified and removed if needed. An AI agent can use privileges within a single operational session, meaning the review arrives after the relevant activity has already happened. Governance then sees a record, not a preventable decision.

Q: Who is accountable when an AI agent violates policy in a public sector environment?

A: Accountability should rest with the team that owns the agent’s identity lifecycle, policy scope and runtime controls, not with the agent itself. In practice, that usually means shared ownership across identity, security and the business function deploying the agent. If ownership is unclear, policy enforcement will be too slow to matter.

How it works in practice

AI agent discovery across SaaS, cloud and endpoint environments

AI agent governance starts with inventory, because you cannot govern what you cannot see. Discovery in this context means identifying where agents exist, what systems they touch and which identities, tokens or service paths they use to operate. In practice, that requires correlating agent activity across SaaS applications, cloud control planes and endpoints rather than relying on a single directory or vault view. The challenge is that agents may be embedded in workflows, spread across teams or created outside central IT. Without a reliable inventory, every downstream control, from least privilege to auditability, remains incomplete.

Practical implication: build an agent inventory that joins identity, access and runtime telemetry before expanding AI use cases.

Runtime policy enforcement for agent behaviour

Policy enforcement for AI agents is not the same as static access approval. These systems can choose actions during execution, so control points must evaluate behaviour as it happens, including tool invocation, data access and policy violations. That pushes governance closer to runtime protection than traditional entitlement review. The important distinction is between granted access and exercised behaviour. An agent may be authorised to enter a system, but governance still needs to stop actions that violate policy or exceed intended context. This is where agent-centric controls differ from conventional workload identity patterns.

Practical implication: tie agent permissions to behavioural guardrails that can block unsafe actions during execution, not only at provisioning time.

Why autonomous systems change identity governance assumptions

AI agents break the assumption that identity is mostly a stable subject with predictable intent. Once a non-human actor can decide when to act, which tools to invoke and how to sequence those actions, governance must account for changing context rather than fixed role assignment alone. That does not make every AI feature autonomous, but it does mean IAM teams need to distinguish scripted automation from runtime decision-making. The governance model must follow the actor type, because access review, logging and containment all behave differently when the identity can act without a human approval gate.

Practical implication: classify each agent by autonomy level before deciding whether human IAM, NHI controls or agentic governance should apply.

NHI Mgmt Group analysis

Identity governance now has to classify autonomous behaviour, not just credential type. The article points to a governance shift that many programmes have not yet made: an AI agent is not simply another workload account. Once an identity can choose actions at runtime, the control question changes from "who gets access?" to "what can this actor decide to do with that access?" That is where NHI governance, policy enforcement and agent oversight begin to converge. Practitioners should treat autonomy as a separate governance dimension, not a branding label.

Runtime enforcement is becoming the decisive control layer for agentic systems. Static entitlements do not resolve the risk created when an agent can change behaviour mid-session, invoke tools dynamically or interact with multiple systems in sequence. This is a behavioural problem, not just an authentication problem, and it sits squarely in the NHI and agentic AI overlap. The implication for practitioners is that access approval alone is no longer enough; enforcement has to follow execution.

Access review processes assume access is stable long enough to be reviewed, but autonomous actors can consume and discard privilege faster than the review cycle can see it. That assumption was designed for persistent identities and scheduled governance cadences. It fails when the actor can make decisions, select tools and execute without a human approval gate. The implication is not merely better review frequency, but a rethink of what evidence governance can actually observe.

Public sector AI adoption will expose the gap between procurement access and operational control. The partnership model may make deployment easier, but easier deployment also increases the chance that agencies will onboard agents before they have the inventory, logging and policy architecture to govern them. That is a familiar failure mode in identity programmes: acquisition outpaces control design. Practitioners should expect the governance burden to move from buying access to proving restraint.

AI agent security is becoming an identity programme, not a point product discussion. The article reflects a broader market direction in which discovery, posture, enforcement and auditability are collapsing into one operational problem. For identity leaders, that means the relevant control set now spans IAM, NHI, PAM and lifecycle governance. Teams should plan for cross-domain ownership rather than assuming AI agent risk can sit in one silo.

From our research:

• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, with 38% having no or low visibility and a further 47% having only partial visibility, according to The State of Non-Human Identity Security.
• From our research: Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the Ultimate Guide to NHIs.
• For deeper context, see Ultimate Guide to NHIs from lifecycle processes for managing NHIs for the governance gap that becomes more visible as AI agents gain operational access.

What this signals

Identity teams should expect agent governance to move from experimentation into policy enforcement. The signal here is not just that agencies want AI agents, but that procurement channels are now being used to distribute governance-capable control planes into public sector environments. With 92% of organisations exposing NHIs to third parties in our research, the broader pattern is clear: external access is becoming the default path for machine and agent identity sprawl.

Runtime visibility will become the gating factor for safe adoption. Agencies that cannot see where agents are deployed, what they can access and when they deviate from policy will not be able to prove control, only hope for it. That makes agent inventory and behavioural logging the practical starting point for NHI and AI governance convergence.

Agent-centric governance will increasingly sit alongside Zero Trust and lifecycle controls. The issue is no longer whether a token is valid, but whether the actor using it is still acting within intended bounds. Teams should prepare to connect policy enforcement, review cadence and offboarding into one lifecycle model for autonomous access paths.

For practitioners

• Inventory every deployed AI agent Map agents across SaaS, cloud and endpoint environments, then tie each one to the identity, token or service path it uses. Use the inventory as the base layer for access review and policy enforcement.
• Separate automation from autonomy Classify agents by whether they follow fixed workflows or make runtime decisions without human approval. Apply different control expectations to scripted orchestration than to systems that can choose actions mid-session.
• Enforce behavioural guardrails at runtime Block risky tool invocations, unexpected data access and policy violations while the agent is operating. Do not rely only on pre-approval, because many agent risks emerge after execution begins.
• Align governance ownership across IAM, NHI and PAM Assign a single accountable owner for each agentic identity path, including provisioning, policy enforcement, logging and offboarding. Avoid leaving agent oversight split between platform teams and security operations.

Key takeaways

• AI agent governance is becoming an identity problem, not just an AI operations problem.
• Visibility, runtime policy enforcement and lifecycle ownership are the controls that determine whether agent adoption stays governable.
• Programmes that still assume stable, human-paced access reviews will miss autonomous behaviour until it has already created risk.

Key terms

• AI Agent Identity: An AI agent identity is the set of credentials, permissions and behavioural controls used by software that can act on its own at runtime. Unlike a simple automation account, it may choose actions, tools and timing within an operational session, so governance must account for behaviour as well as authentication.
• Runtime Policy Enforcement: Runtime policy enforcement is the control layer that evaluates actions while a system is executing, not just before access is granted. For AI agents, it limits tool use, data access and policy violations in the moment, which is necessary when intent can shift after a session starts.
• Agent Inventory: Agent inventory is the authoritative record of where AI agents exist, what environments they run in and which identities or access paths they use. It is the starting point for governance because untracked agents create blind spots that make entitlement review and monitoring incomplete.
• Autonomy Classification: Autonomy classification is the process of distinguishing scripted automation from systems that can make independent decisions, select tools and execute without human approval. That distinction matters because governance controls, review cycles and containment strategies change materially once an actor can behave autonomously.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity security programme, it is worth exploring.

This post draws on content published by Zenity: Zenity and Carahsoft bring AI agent security and governance to federal, state and local agencies. Read the original.