Notifications
Clear all
Topic starter
08/06/2026 5:08 pm
TL;DR: Agent fabric is an identity control plane for AI agents that dynamically discovers them, maps scopes and risk, and ties runtime behavior back to verifiable identities across clouds and runtimes, according to Strata Identity. The core governance assumption breaks when agents are ephemeral, distributed, and capable of acting on behalf of users without a stable review window.
NHIMG editorial — based on content published by Strata Identity: agent fabric and AI agent identity governance
By the numbers:
- Enterprises will see 80x more agents than human users within two years.
Questions worth separating out
Q: How should security teams govern AI agents across multiple clouds and runtimes?
A: Security teams should govern AI agents through a central identity registry that binds each agent to scopes, purpose, owner, TTL, and revocation state, then enforce policy consistently across every runtime.
Q: What breaks when AI agents are deployed without a registry?
A: Without a registry, teams lose the ability to tie runtime behavior to a verifiable identity, which means scopes, audit trails, and revocation become fragmented or invisible.
Q: How do you know if AI agent access governance is actually working?
A: It is working when every agent has an owner, a verifiable identity binding, a limited scope, a clear TTL, and a revocation path that is enforced across environments.
Practitioner guidance
- Build an agent registry before scaling deployments Record each AI agent's identity binding, declared function, scopes, TTL, revocation state, and owner before allowing production access.
- Audit OAuth scopes against declared agent purpose Compare each agent's granted scopes with its intended function and business unit, then remove permissions that are broader than the runtime task requires.
- Federate policy across runtimes and IDPs Map how agent identity is asserted and verified across Entra, Okta, AWS, on-premises workloads, and CI/CD pipelines so policy, logging, and revocation remain consistent at every boundary.
What's in the full article
Strata Identity's full article covers the operational detail this post intentionally leaves for the source:
- A deeper explanation of the registry fields that matter for agent governance, including bindings, risk levels, and revocation data
- Examples of how the agent fabric fits alongside identity fabric and app fabric in a real architecture
- Discussion of private versus public registry patterns for regulated and distributed environments
👉 Read Strata Identity's analysis of agent fabric for AI agent identity governance →
Agent fabric and AI agent identity governance: are your controls ready?
Explore further
08/06/2026 7:10 pm
Agent fabric is becoming the missing identity tier for AI agents, but only because existing IAM models were never built for runtime actors that appear and disappear across multiple execution environments. Human IAM assumes stable subjects, while app governance assumes stable integrations. AI agents break both assumptions by moving through frameworks, clouds, and pipelines with no single control point, so the real issue is not visibility alone but governable identity at runtime. Practitioners should treat agent fabric as the control-plane response to identity fragmentation.
A few things that frame the scale:
- Enterprises will see 80x more agents than human users within two years, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What is the difference between agent fabric and ordinary application governance?
A: Application governance focuses on apps and APIs as the controlled objects, while agent fabric governs AI agents as runtime actors that can move across frameworks, clouds, and pipelines. The difference is that agents need identity continuity and policy portability, not just application-level access rules.
👉 Read our full editorial: Agent fabric changes how enterprises govern AI agent identity
