TL;DR: Enterprise AI agent governance is moving beyond static policy controls toward continuous monitoring, intent-aware detection and runtime enforcement across SaaS, cloud and endpoint environments, according to Gartner’s assessment of Zenity. That shift matters because autonomous agents can act across heterogeneous systems faster than traditional review cycles can observe or contain them.
At a glance
What this is: This is an analysis of Gartner’s recognition of Zenity, with the key finding that AI agent governance is shifting from static policy to runtime enforcement.
Why it matters: It matters to IAM practitioners because the same control gap affects NHI, autonomous agent and human governance programmes whenever access decisions happen faster than review and certification cycles.
👉 Read Zenity’s analysis of Gartner’s AI agent governance recognition
Context
AI agent governance is the problem of controlling software identities that can decide, act and invoke tools across systems at runtime. Zenity’s source article argues that static, policy-based controls are not enough for this class of behaviour, especially when agents operate across SaaS, cloud and endpoint environments with access to sensitive data.
For IAM, PAM and NHI teams, the core question is no longer whether a policy exists. The question is whether the programme can observe agent intent, distinguish legitimate from malicious behaviour, and enforce controls at the moment action is taken rather than after the fact.
Key questions
Q: How should security teams govern AI agents that can act across multiple systems?
A: They should treat AI agents as identities that need continuous discovery, runtime monitoring and scoped enforcement across every environment they touch. The main failure mode is assuming a static policy can cover dynamic behaviour. Teams need ownership, tool inventory, data-access tracing and containment controls that work while the agent is executing, not just when it is provisioned.
Q: Why do static IAM policies struggle with autonomous AI agents?
A: Static policies assume the access pattern is known before execution and remains stable long enough to review. Autonomous agents can change context, select tools and take actions at runtime, which makes precomputed scope an incomplete control. Governance has to move toward behaviour-aware enforcement because the risky decision may occur after the policy decision has already been made.
Q: What do security teams get wrong about shadow AI governance?
A: They often focus on blocking a known platform while missing the undiscovered agents already operating in the environment. Shadow AI is primarily a discovery and accountability problem. If an agent is not inventoried, it cannot be certified, monitored or offboarded, which leaves a governance gap even when formal policies look complete.
Q: What is the difference between agent discovery and runtime enforcement?
A: Agent discovery tells you what exists and where it runs. Runtime enforcement tells you what it is allowed to do while it is active. Discovery without enforcement leaves visibility without control, while enforcement without discovery leaves unknown identities outside governance. Mature programmes need both because AI agent risk is both an inventory problem and a behaviour problem.
Technical breakdown
Runtime enforcement for AI agent identities
AI agent governance shifts the control point from provisioning to execution. In practice, runtime enforcement means the security layer evaluates tool calls, memory access and data usage patterns as the agent acts, rather than relying on pre-approved policies alone. This is materially different from traditional IAM because an agent can chain decisions quickly across tools and environments, creating exposure before a human review cycle can intervene. The article also points to heterogeneous environments, which matters because enforcement has to follow the identity across SaaS, cloud and endpoint surfaces, not just inside one platform.
Practical implication: instrument controls that can evaluate agent actions at the moment of execution, not just at provisioning or review time.
Shadow AI discovery and full lifecycle observability
Shadow AI is unmanaged or undiscovered AI agent activity inside an enterprise. Full lifecycle observability means security teams can trace an agent from build time through runtime, including where it was deployed, what it accessed and how it behaved. That matters because a governance programme cannot protect what it cannot enumerate. The source article frames discovery and posture management as part of the control surface, which is consistent with the broader identity lesson: unknown identities cannot be certified, constrained or offboarded reliably.
Practical implication: build discovery and inventory into governance so undiscovered agents do not sit outside access review and offboarding processes.
Agentic identity across MCP and agent-to-agent interactions
AI agents do not always use a single static identity. They may operate through implicit identities, tool-based identities and delegated interactions with other agents. The inclusion of interoperability frameworks such as MCP matters because tool connectivity expands the governance boundary beyond one app or one account. If one agent can trigger another, identity assurance must follow the delegation chain, not just the originating principal. That is where conventional identity models become brittle: they tend to assume a stable subject, a stable permission set and a stable session boundary.
Practical implication: map delegated agent interactions explicitly so identity and access controls cover the full chain of tool use and handoffs.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Static policies are not a sufficient control model for AI agent governance. The source article correctly describes a market shift away from policy-only controls toward runtime enforcement. That shift reflects a deeper reality: agents act across multiple systems at machine speed, so a policy written at provisioning time cannot reliably govern intent at execution time. The practitioner conclusion is that governance now has to be evaluated against behaviour, not just configuration.
AI agents create a governance boundary problem that spans discovery, identity and runtime. Zenity’s article combines shadow AI discovery, lifecycle observability and intent-aware enforcement because none of those layers works alone. Discovery without enforcement leaves exposed agents alive in the environment, while enforcement without inventory leaves unmanaged identities invisible. The practitioner conclusion is that agent governance must be treated as a continuous identity control plane, not a point solution.
Identity security for autonomous systems now depends on understanding tool use, memory access and delegation chains. The article’s emphasis on tool calls, memory access and agent-to-agent interactions points to a control surface that traditional IAM does not model well. This is not just an access problem. It is a runtime identity problem where the same actor can shift context, invoke different tools and hand off work to another agent. The practitioner conclusion is that security teams need to govern the chain of action, not just the initial login or token issuance.
Agentic AI validates the need for context-aware governance, but it also exposes the limits of precomputed least privilege. Least privilege works best when the request path is known in advance. An autonomous agent can change its path mid-session based on prompts, tools and memory state, which makes static privilege assumptions brittle. The practitioner conclusion is that identity governance for agents has to be dynamic enough to follow runtime context without pretending that pre-authorised scope is stable.
From our research:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
- Only 44% of organisations have implemented policies to govern AI agents, even though 92% agree that governing them is critical to enterprise security.
- That governance gap is why practitioners should pair discovery with lifecycle controls, as outlined in Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs.
What this signals
Agentic governance will increasingly be evaluated as a control-plane problem, not a policy problem. Teams that rely on periodic review will keep finding that the agent has already acted by the time the review artifact exists. The practical response is to align discovery, monitoring and containment so they operate on the same event stream. That is the only way to make governance usable at machine speed.
With 80% of organisations reporting AI agents acting beyond intended scope, per AI Agents: The New Attack Surface report, the operational signal is clear: inventory quality now determines governance quality. If your team cannot reliably map which agents exist, what they can invoke and who owns them, runtime controls will be partial at best. That is a lifecycle issue as much as a security issue.
The next governance maturity step is context-aware containment. Security teams should expect more demand for control points that can inspect tool use, data access and delegation in real time. For practitioners, the question is not whether agentic AI needs governance, but whether the programme can follow behaviour across identity boundaries before risk becomes incident response.
For practitioners
- Map agent inventories across all execution surfaces Create a single register for SaaS-managed agents, custom-built agents and device-based deployments so discovery, ownership and offboarding are not split across teams. Include the business purpose, the tools each agent can invoke, and the systems it can reach.
- Shift control checks from policy existence to runtime behaviour Require monitoring of tool calls, memory access and data usage patterns so security can distinguish expected operation from manipulation attempts while the agent is active.
- Trace delegated actions through the full agent chain Document agent-to-agent interactions, MCP-connected tools and any implicit identities that arise during delegation so accountability does not stop at the first agent in the workflow.
- Align offboarding with agent lifecycle events Treat agent retirement, platform decommissioning and access scope changes as explicit governance events so orphaned agents do not retain access after the business use case ends.
Key takeaways
- AI agent governance is moving from static policy enforcement to runtime control because agent behaviour changes too quickly for review-only models.
- The strongest evidence in the market is the gap between urgency and implementation, with most organisations recognising the risk but far fewer governing it effectively.
- Practitioners need discovery, lifecycle ownership and behaviour-aware enforcement in the same programme if they want to govern autonomous agents at scale.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent tool use, memory access and runtime manipulation are central to this article. | |
| NIST AI RMF | The article’s governance theme maps to AI risk ownership and monitoring. | |
| NIST CSF 2.0 | PR.AA-01 | Discovery and visibility are essential to governance of unmanaged agents. |
Apply agentic AI controls that inspect runtime behaviour, delegation and tool invocation before action completes.
Key terms
- AI Agent Governance: The discipline of controlling autonomous software identities that can choose actions, tools and timing at runtime. In practice it combines discovery, ownership, monitoring and enforcement so an agent’s behaviour stays inside approved business and security boundaries across every environment it touches.
- Runtime Enforcement: A control model that evaluates and constrains behaviour while an identity is active, not only when it is provisioned. For AI agents, this means checking tool calls, data use and delegated actions at the moment they occur, because pre-approved scope can change mid-session.
- Shadow AI: AI agents or AI-driven workloads operating in an environment without full security or governance visibility. These identities may be unknown, unmanaged or poorly owned, which means they cannot be reliably reviewed, certified, constrained or removed through standard lifecycle processes.
- Delegation Chain: The sequence of identities and tools involved when one actor hands work to another. For AI agents, the chain may include implicit identities, MCP-connected tools and agent-to-agent handoffs, so accountability has to follow the full path of action rather than stop at the first principal.
Deepen your knowledge
AI agent governance and runtime enforcement are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for autonomous systems and unmanaged agent identities, it is a useful place to start.
This post draws on content published by Zenity: Zenity Named the “Company to Beat” in AI Agent Governance in New Gartner® Report. Read the original.
Published by the NHIMG editorial team on 2026-04-23.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
