Collibra and Databricks extend governance into agentic AI operations

At a glance

What this is: Collibra and Databricks are extending governance, lineage, and policy context into Databricks AI and agent workflows.

Why it matters: This matters because identity and access teams increasingly need to govern not just data access, but the context and control plane that autonomous agents rely on to act safely.

By the numbers:

• 60% of the Fortune 500 rely on Databricks, Databricks to build and scale data and AI apps, analytics and agents.
• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected.

👉 Read Collibra's analysis of expanded governance for Databricks agentic AI

Context

Agentic AI governance is the problem of controlling what AI systems can see, use, and act on when they rely on enterprise data, policy, and lineage to make decisions. In this case, the primary issue is not model quality alone, but whether the governance context that surrounds data and access remains intact as agents move from experimentation into production.

Collibra and Databricks are describing a tighter connection between business metadata, technical lineage, policy guardrails, and runtime signals. For identity and access programmes, that shifts the question from whether a platform can host AI to whether the control plane can preserve meaning, ownership, and traceability across the agent lifecycle.

That distinction matters for NHI, agentic AI, and lifecycle governance because autonomous systems increasingly consume governed data as a runtime dependency. If the governed context is stale or incomplete, the agent may still be authenticated but still behave outside enterprise intent.

Key questions

Q: How should security teams govern AI agents that rely on enterprise data context?

A: Security teams should treat business metadata, lineage, and data certification as part of the control surface, not just reference information. If agents use that context to choose actions, then stale definitions or missing ownership data can create unsafe outcomes even when access credentials are valid. The practical goal is continuous alignment between the governed context and the agent's runtime behaviour.

Q: When does governance break down for agentic AI systems?

A: Governance breaks down when the system can still authenticate and access data but no longer has a reliable, current understanding of what that data means or who owns it. That is when semantic drift turns into operational risk. Teams should watch for disconnected lineage, outdated classifications, and agents acting on incomplete business context.

Q: How do you know if AI agent trust controls are actually working?

A: Look for runtime evidence, not just policy approval. Useful signals include groundedness pass rates, lineage traceability, monitored versus unmonitored agents, and whether token usage or tool calls move outside expected patterns. If those signals are not visible in governance review, the control is probably too static for production use.

Q: What is the difference between data governance and agent governance?

A: Data governance defines what data means, who owns it, and how it should be used. Agent governance extends that work into runtime by checking whether the AI system continues to use governed context correctly when it selects tools, interprets data, and triggers actions. In practice, the two need to be connected, not separated.

How it works in practice

Bi-directional governance sync between Collibra and Unity Catalog

The technical core here is metadata synchronisation in both directions. Collibra pushes governed business context such as ownership, certification, classifications, and policy into Databricks Unity Catalog, while Databricks returns technical metadata, lineage, and observability signals back to Collibra. That creates a shared view of what data means, where it came from, and how it is being used. In identity terms, this is a control-plane pattern, not just an integration pattern, because it links approval context to runtime evidence.

Practical implication: treat governance sync as part of the access control architecture, not as documentation plumbing.

AI agent context resolution in Agent Bricks and MCP

The MCP-based approach gives agents real-time access to governed metadata so they can resolve definitions, quality signals, and access boundaries during execution. That matters because agent decisions depend on context, not just credentials. If an agent can query certified definitions before it acts, the platform reduces semantic drift, where a system uses the wrong dataset, metric, or business meaning. This is especially important in agentic workflows where the agent is not merely retrieving data but choosing actions based on that data.

Practical implication: validate which context sources an agent can query at runtime and whether those sources are approved for decision-making.

Runtime trust signals versus static approval

The Databricks side of the integration feeds runtime signals back into Collibra, including lineage and agent behaviour evidence. That is an important distinction because static approval is not enough for agentic systems that can drift over time. Trust scores, pass rates, and token-use trends are operational signals that show whether an agent still behaves within its intended guardrails. In governance terms, this is a move from one-time approval to continuous evidence of controlled behaviour.

Practical implication: define continuous trust indicators for agents and connect them to lifecycle review, exception handling, and remediation.

NHI Mgmt Group analysis

Agentic AI governance fails when context is treated as documentation instead of control. This partnership shows that business definitions, ownership, quality signals, and lineage now function as operational inputs to machine behaviour, not just reference material. Once an agent uses those inputs to choose an action, stale or incomplete context becomes a governance failure, not a data-quality annoyance. Practitioners should treat context governance as part of the authorisation surface.

Semantic drift is the hidden failure mode in enterprise agent deployments. Agents do not need to be malicious to act outside intent. They only need to operate on definitions, datasets, or boundaries that no longer match current business reality. That is why synchronising enterprise context into the platform matters: the system can be authenticated and still be wrong. The practitioner conclusion is that lineage and certification now belong in the decision path.

Runtime trust scoring creates a more realistic control model for AI agents. Static approvals cannot capture whether an agent keeps using the right data, follows grounded definitions, or remains within approved tool boundaries over time. Continuous evidence such as pass rates, token-use trends, and unmonitored-agent counts gives governance teams a way to see drift while it is still contained. The implication is that agent governance must become evidence-led rather than policy-only.

Context-aware access is becoming the new baseline for NHI and agentic governance. The old assumption was that access control could be separated from meaning. That assumption fails when an agent's choices depend on who owns the data, whether it is certified, and what the lineage says about its use. The implication is not simply to add more controls, but to rethink where the governed decision boundary actually sits.

Identity and data governance are converging at the point of action. When agents trigger reports, approve transactions, or call downstream tools, identity is no longer only about authentication. It becomes the mechanism that connects enterprise policy, semantic context, and runtime accountability. Practitioners should expect governance models to shift from isolated IAM review to cross-domain control over data meaning, access scope, and agent behaviour.

From our research:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected, according to The 2024 ESG Report: Managing Non-Human Identities.
• Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to The 2024 ESG Report: Managing Non-Human Identities.
• For the broader NHI governance baseline, see NHI Lifecycle Management Guide for how provisioning, rotation, and offboarding shape control design.

What this signals

Context becomes part of the security boundary. As AI systems move closer to production decision-making, governance teams need to assume that meaning, ownership, and lineage are runtime dependencies, not static catalog entries. That makes the control problem broader than access review and narrower than full model governance.

With 72% of organisations reporting or suspecting NHI breaches, per The 2024 ESG Report: Managing Non-Human Identities, the signal is clear: enterprises are already struggling to keep non-human access under control. Agentic AI will expose the same weakness faster because context and execution are now joined.

Governance teams should prepare for reviews that combine lineage, policy, and runtime evidence in a single workflow. That shift aligns closely with the NHI Lifecycle Management Guide and the control expectations in the NIST AI Risk Management Framework.

For practitioners

• Map governed context to decision paths Inventory where AI agents consume business definitions, ownership data, certifications, and lineage before they act. Confirm that each source is current, approved, and visible to the teams responsible for review and exception handling.
• Separate static approval from runtime trust Use pass rates, lineage drift, and unmonitored-agent counts as operational indicators, then tie them to lifecycle review rather than relying on one-time approval alone.
• Validate agent access boundaries at the point of consumption Check that certified datasets, quality scores, and masking rules are enforced where agents query data, not only where data is catalogued.
• Build cross-platform lineage visibility into governance reviews Ensure teams can see how data and metadata move between the governance layer and the execution layer so access decisions remain auditable after deployment.

Key takeaways

• Agentic AI governance fails when enterprise context is disconnected from runtime action.
• Static approval is not enough when agents can use business metadata and lineage to decide what to do next.
• Practitioners need continuous trust evidence, cross-platform visibility, and lifecycle review for AI agents.

Key terms

• Agent Governance: Agent governance is the discipline of controlling what an AI agent can access, decide, and execute in production. It combines identity, policy, lineage, and runtime evidence so the system can be reviewed as it acts, not only before it is deployed.
• Semantic Drift: Semantic drift is the gap between the meaning a system was approved to use and the meaning it relies on during execution. In agentic environments, this can happen when definitions, certifications, or ownership data change but the agent still acts on older context.
• Runtime Trust Signal: A runtime trust signal is an operational indicator that shows whether an AI system is still behaving within approved boundaries. Examples include groundedness results, token consumption patterns, lineage consistency, and the count of agents that are not under active monitoring.
• Governed Context: Governed context is the approved enterprise meaning attached to data, assets, and access boundaries. It includes ownership, classification, quality, and usage rules, and it becomes security-relevant when AI systems depend on it to make decisions or trigger actions.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Collibra: New integrations extend governance into the Databricks Data Intelligence Platform. Read the original.