AI agent security governance gaps in government agencies

At a glance

What this is: This is a public sector AI agent security partnership announcement that highlights a widening visibility and governance gap as agents begin acting inside government environments.

Why it matters: It matters because IAM, NHI, and governance teams need controls for what autonomous systems can access and do, not just policy for how AI should be used.

👉 Read Zenity's announcement on public sector AI agent security

Context

AI agent security is the governance problem created when software can take action, not just generate output. In public sector environments, that means the core question is no longer whether agencies have AI policy, but whether they can see where agents are deployed, what they can access, and how their runtime behaviour is controlled.

This matters for IAM and NHI programmes because AI agents sit across SaaS, cloud environments, and endpoints as active identities with permissions and tool access. If the identity layer cannot continuously discover and govern those actors, policy documents and AI usage guidance do not translate into operational control.

Key questions

Q: How should government agencies govern AI agents that can act inside enterprise systems?

A: Govern AI agents as active identities, not as passive AI features. Agencies should maintain an inventory, map each agent to its permissions and owner, and enforce runtime controls that can stop unsafe actions. Policy alone is not enough if the agent can still reach sensitive workflows or data in production.

Q: Why do AI agents complicate existing IAM and NHI controls?

A: AI agents complicate IAM and NHI controls because they combine identity, access, and behaviour in one runtime actor. Traditional controls are often built to manage static accounts or predefined workflows, but agents can invoke tools and shift actions during execution. That requires continuous discovery, entitlement mapping, and behavioural enforcement.

Q: What do security teams get wrong about AI agent governance?

A: Teams often mistake policy approval for operational control. A policy tells staff how AI should be used, but it does not prevent an already-authorised agent from accessing data or taking unexpected actions. Effective governance needs monitoring, intervention, and lifecycle management across the full agent population.

Q: Who is accountable when an AI agent violates policy in a government environment?

A: Accountability should sit with the business owner and the control owner, not with the agent itself. Government teams need named ownership for deployment approval, access scope, monitoring, and offboarding. That structure matters because runtime behaviour can create mission impact even when no human is directly driving each action.

How it works in practice

AI agents as active identities in government environments

AI agents differ from models because they execute actions inside connected systems. In practice, they can invoke tools, access data, and carry out tasks across SaaS applications, cloud platforms, and endpoints. That makes them behave like operational identities rather than passive software features. The security issue is not just what the model says, but what the agent can do once it is attached to real systems and real permissions. In government environments, that changes the control surface from content safety to runtime access governance.

Practical implication: treat agents as governed identities with explicit access and action boundaries, not as model features that sit outside IAM.

Why visibility, access, and behaviour must be governed together

The article points to three linked gaps: where agents are deployed, what they can access, and how they behave operationally. Those are not separate questions. Discovery without entitlement mapping leaves blind spots. Entitlement mapping without behavioural monitoring leaves policy violations undetected. Behaviour monitoring without deployment inventory leaves unmanaged shadow AI. For public sector teams, the technical problem is that agent governance spans multiple control planes at once, including SaaS permissions, cloud identities, and endpoint activity.

Practical implication: build one control view that ties agent inventory to entitlements and observed actions across the full environment.

Governance documents do not stop risky agent actions

The article draws a line between governance and security. Governance defines approved use, accountability, and policy intent. Security has to enforce what happens at runtime when an agent deviates from that intent. That distinction matters because agents can act after deployment without human review at each step. In operational terms, this shifts control from static approval to continuous enforcement, where risky access and unexpected actions must be stoppable in session.

Practical implication: pair policy approval with runtime enforcement that can interrupt unsafe agent behaviour before it reaches sensitive systems.

NHI Mgmt Group analysis

AI agent security in government is an identity governance problem before it is an AI problem. The article is right to focus on visibility, access, and control because those are identity questions, not model questions. Once an agent can act inside SaaS, cloud, or endpoint environments, the practical issue becomes whether the organisation can govern that execution path with the same discipline it applies to other non-human identities. Practitioners should treat agent governance as part of the broader identity security stack.

Shadow AI becomes a control failure when agencies cannot inventory agents as identities. If teams do not know where agents are deployed, they cannot certify access, review behaviour, or remove dormant exposure. That is the same failure mode NHI programmes have long faced with unmanaged service accounts and secrets, only now the actor can also choose actions at runtime. Practitioners should collapse discovery, entitlement, and monitoring into one operating model.

Model governance and runtime agent governance solve different problems. Policies about acceptable AI use do not constrain an agent that already has live access to records, workflows, or tools. The control gap is not the absence of guidance, but the absence of enforcement at the point of action. Practitioners should reframe the programme from policy publication to runtime authorization and intervention.

AI agent security is converging with NHI governance, but with a wider blast radius. Agents inherit the same exposure patterns as other machine identities, yet they can trigger actions across multiple systems in one session. That means identity teams must consider not only who or what owns the agent, but also what policy constrains its delegated reach. Practitioners should align agent governance with NHI lifecycle and access review processes.

Visibility without behavioural control will not satisfy public sector operational risk. Agencies need to see deployed agents, but they also need to know whether those agents are acting within approved policy once operational. In regulated or mission-critical settings, the meaningful question is whether risky behaviour can be interrupted before it affects public services or sensitive data. Practitioners should design for both detection and containment.

From our research:

• Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
• The average estimated time to remediate a leaked secret is 27 days, even though 75% of organisations express strong confidence in their secrets management capabilities.
• For a broader view of machine identity exposure and lifecycle controls, see Ultimate Guide to NHIs and connect it to your agent governance model.

What this signals

Agent governance will increasingly be measured as an identity discipline, not an AI experiment. Public sector teams that cannot show inventory, entitlement mapping, and behavioural enforcement for agents will find that AI policy reviews do not translate into control evidence. The operational benchmark is whether an agent can be identified, constrained, and stopped across the systems it touches.

The control model is converging on broader non-human identity practice, but the runtime behaviour of agents raises the bar for monitoring and lifecycle management. Teams that already struggle to manage secrets, service accounts, and access reviews should expect the same governance pressure to intensify as agents spread across mission systems.

For practitioners

• Inventory AI agents as governed identities Create a central register of deployed agents across SaaS, cloud environments, and endpoints, then map each one to a business owner, data access scope, and approval record.
• Map agent entitlements to real access paths Trace which systems, datasets, and tools each agent can reach, including delegated permissions inherited through connected applications and service identities.
• Add runtime controls for unsafe behaviour Set policy thresholds that trigger containment when an agent attempts unexpected data access, unapproved tool use, or out-of-policy workflow execution.
• Fold agents into lifecycle review cycles Include AI agents in access review, recertification, and offboarding processes so abandoned or over-scoped agents do not persist after the use case changes.

Key takeaways

• AI agents create an identity governance problem because they can act inside production systems, not just generate content.
• The core evidence is a visibility gap across deployment, access, and behaviour, which leaves agencies unable to govern agents with confidence.
• Practitioners should move from policy-only oversight to inventory, entitlement mapping, runtime enforcement, and lifecycle review for every agent.

Key terms

• AI Agent: A software entity that can take actions on behalf of a user or system by selecting tools, accessing data, and executing tasks. In identity governance, an AI agent must be treated as an active runtime actor with scoped permissions, monitoring, and lifecycle ownership.
• Shadow AI: AI agents or related systems operating without central visibility or governance. The risk is not only unapproved use, but unmanaged access paths that can persist after the original use case changes or the operator loses oversight.
• Runtime Enforcement: Controls that evaluate and constrain actions while a system is operating, rather than only at provisioning or approval time. For AI agents, runtime enforcement is the difference between policy guidance and actual prevention when an agent attempts unsafe access or execution.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or operational governance in your organisation, it is worth exploring.

This post draws on content published by Zenity: Zenity and Carahsoft Partner to Bring AI Agent Security to Government Agencies. Read the original.