ServiceNow and Zenity tighten AI agent governance in SecOps

At a glance

What this is: Zenity and ServiceNow are linking AI agent governance with SecOps workflows, centring visibility, posture, and remediation for autonomous agents.

Why it matters: For IAM, PAM, and security teams, this matters because AI agents are becoming governed identities in operational systems, not just experimental workloads, and their access must be monitored, scoped, and remediated inside existing controls.

By the numbers:

• 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.

👉 Read Zenity's partnership update on AI agent governance in ServiceNow SecOps

Context

AI agent governance is moving out of isolated pilot projects and into the operational security stack. The core problem is not whether agents can act, but whether teams can see what they exist, what they touch, and when they drift outside intended scope. That is the identity control gap this partnership is trying to narrow for AI agent governance.

For IAM and SecOps teams, the practical question is whether existing NHI and access models can keep pace with agents that discover tasks, touch data, and invoke tools across environments. The article points to a shift toward operationalised oversight, where posture, inventory, and remediation are managed where security work already happens, not in a separate AI sandbox.

Key questions

Q: How should security teams govern AI agents inside SecOps workflows?

A: Security teams should govern AI agents as operational identities, not as one-off automation assets. That means tying each agent to an owner, permissions profile, data access scope, and response path inside the same SecOps process used for exposures and incidents. Governance works best when inventory, posture, and remediation are connected.

Q: Why do AI agents create new identity governance problems for IAM teams?

A: AI agents create new identity governance problems because they can act across systems, access data, and change scope during runtime. Traditional IAM models assume access is granted to a known subject with stable intent. Autonomous behaviour breaks that assumption, so entitlement review and monitoring must move closer to execution.

Q: What breaks when AI agent inventory is incomplete?

A: When AI agent inventory is incomplete, security teams lose the ability to link behaviour to ownership, dependencies, and permissions. That creates shadow AI, weak accountability, and delayed remediation. Without a reliable inventory, SecOps may detect a problem but still not know which agent caused it or who must fix it.

Q: Who is accountable when an AI agent causes a security exposure?

A: Accountability should sit with the business service owner, the platform owner, and the security team that governs the agent's permissions and response workflow. If the agent is autonomous, accountability also depends on whether the organisation can prove who approved its scope, what it touched, and when controls last changed.

How it works in practice

AI agent inventory in SecOps workflows

Agent inventory is the control layer that turns a vague AI deployment into a governed identity population. In this model, each agent is treated as a distinct runtime entity with attached services, dependencies, permissions, and data touchpoints. The value is not discovery alone, but the ability to relate agent behaviour back to a known security object in CMDB and SecOps processes. That matters because an unmanaged agent is effectively shadow AI: a runtime identity with no reliable ownership, scope, or response path. Practical implication: security teams need an authoritative inventory that ties each agent to service ownership, permissions, and change control.

Practical implication: maintain an authoritative agent inventory tied to service ownership, permissions, and change control.

AI security posture management for agent permissions

AI security posture management extends familiar NHI governance concepts into agentic environments. The focus is on what the agent is built from, what it can access, which systems it touches, and which permissions exist at runtime. This is not just configuration hygiene. It is the difference between a known agent with bounded access and one that can accumulate excessive permissions, expose data, or create compliance gaps. Posture management becomes the evidence layer for governance decisions, especially when agents are continuously changing through model updates, workflow changes, or new integrations. Practical implication: treat agent permissions and data access as reviewable entitlement state, not static setup data.

Practical implication: review agent permissions and data access as entitlement state, not static setup data.

Continuous remediation for autonomous AI agents

Continuous remediation matters because AI agent risk is operational, not episodic. When a platform can automatically surface high-risk exposures, the control question becomes how quickly teams can contain them before the agent completes another task cycle. That is particularly important for autonomous agents, where the same identity may touch multiple systems in a single workflow and amplify exposure before manual review can catch up. The architecture therefore blends detection, posture, and response into one loop. Practical implication: security operations should measure mean time to contain agent exposures, not just mean time to detect them.

Practical implication: measure mean time to contain agent exposures, not just mean time to detect them.

NHI Mgmt Group analysis

Agent governance is becoming a SecOps problem, not a sidecar AI problem. Bringing AI agent controls into Security Operations changes the operating model for identity teams. Once agents are handled alongside incidents, exposures, and remediation workflows, they stop being experimental automations and become governed identities with operational consequences. That is the right direction for enterprises that need visibility, response, and ownership in one place. The practitioner takeaway is simple: AI agent governance must be embedded where security response already lives.

Shadow AI becomes harder to tolerate when agent inventory is wired into CMDB and SecOps. The article's emphasis on seeing all agents, connected services, and dependencies points to a core NHI governance problem: unknown runtime identities are indistinguishable from unmanaged access. That makes inventory quality a governance issue, not just a discovery task. If the inventory is incomplete, the control plane is incomplete. The practitioner conclusion is that ownership and asset linkage now matter as much as detection.

AI security posture management is the new entitlement review layer for agentic systems. This is where the article intersects with classic IAM discipline. Knowing what data an agent touches, what permissions it holds, and which systems it can invoke is the practical equivalent of access review in an autonomous runtime. The difference is speed and scale. The practitioner conclusion is that agent entitlements need continuous review logic, not periodic spreadsheet governance.

Operationalising remediation inside SecOps validates the move from policy to execution, but it does not eliminate governance debt. The partnership helps close the gap between identifying risky agent behaviour and routing it into response workflows. Yet the underlying governance burden remains: teams still need clear ownership, scoped permissions, and reliable evidence for what each agent is allowed to do. The practitioner conclusion is that workflow automation should accelerate response, not replace entitlement governance.

Agent-centric security is now a category signal, not a feature add-on. The article reflects a market shift toward treating AI agents as first-class identities that need inventory, posture, remediation, and lifecycle controls. That broadens NHI governance beyond secrets and service accounts into runtime behaviour. The practitioner conclusion is that identity programmes should expect agent governance to sit alongside workload identity and access operations, not outside them.

From our research:

• 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
• Only 80% of organisations report AI agents have already acted beyond intended scope, including unauthorized access, sensitive data sharing, and credential exposure.
• Forward pivot: That governance gap is why OWASP Agentic AI Top 10 matters when teams move from visibility into control design.

What this signals

Agent inventory is becoming the minimum viable control for autonomous identity governance. Once AI agents are wired into SecOps, the question changes from whether they exist to whether each one can be tied to an owner, dependencies, and a response path. That is why shadow AI is now a governance exposure, not just an asset discovery miss. Teams that cannot inventory agents cannot confidently scope their permissions or their risk.

Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation. That kind of visibility gap means that post-incident review will increasingly depend on whether agents were governed as identities, not workflows. Where evidence trails are weak, response quality falls with them.

Agent governance now needs to align with external frameworks such as the NIST Cybersecurity Framework 2.0 and the OWASP Agentic AI Top 10. The practical signal is clear: if your programme cannot explain who owns the agent, what it can reach, and how exposure is contained, it is not ready for operational scale.

For practitioners

• Map every AI agent to an owning service and control path Link each agent to an accountable business service, named owner, and response workflow so SecOps can route exposure handling without ambiguity. Include dependencies, connected systems, and the approvals chain needed when the agent changes scope.
• Review agent permissions as living entitlements Treat the permissions granted to agents as active identity state that needs continuous review, especially when agents can touch multiple systems and data sets across workflows. Reconcile access against actual task scope and remove excess permissions when the agent's function changes.
• Instrument exposure containment for agent workflows Track how quickly high-risk AI agent exposures move from detection to containment inside SecOps, and use that metric to test whether response is keeping pace with agent activity. A long containment window means the governance loop is too slow for autonomous behaviour.
• Fold agent inventory into existing change and asset processes Place AI agents in the same operational records used for assets, dependencies, and change management so they do not sit outside established governance. This makes it harder for shadow AI to persist unnoticed after workflow updates or new integrations.

Key takeaways

• AI agents are now being governed as operational identities inside SecOps, which makes visibility, ownership, and response part of the same control problem.
• The strongest evidence in the market is a policy gap, not a tooling gap, because most organisations still lack formal AI agent governance despite recognising the risk.
• Practitioners should align agent inventory, entitlement review, and containment workflows so security operations can handle autonomous behaviour at runtime.

Key terms

• Agent Inventory: An agent inventory is the authoritative record of every AI agent in use, including ownership, dependencies, permissions, and connected services. For autonomous environments, it is the baseline control that makes shadow AI visible and ties runtime behaviour back to accountable governance.
• AI Security Posture Management: AI security posture management is the ongoing assessment of how AI systems are configured, what they can access, and where they create exposure. In agentic environments, it extends entitlement review to runtime behaviour, data access, and permission drift.
• Shadow AI: Shadow AI is an AI agent or AI-enabled workflow operating without formal inventory, ownership, or governance. The risk is not only that it exists, but that teams cannot prove what it can reach, who is responsible for it, or how it should be contained.
• Autonomous Agent: An autonomous agent is a software identity that can choose actions, select tools, and decide execution timing without human approval gates. That independence changes governance from periodic review to continuous control because intent, scope, and impact can change within a single session.

Deepen your knowledge

AI agent governance in SecOps is a core topic in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for autonomous agents in the same environments where you already run security operations, it is worth exploring.

This post draws on content published by Zenity: Zenity partnership with ServiceNow on AI agent risk reduction in SecOps. Read the original.