TL;DR: Governance starts with discovering which agents exist, where they run, and what they connect to, because multi-cloud deployments can create blind spots before security teams see them, according to PlainID. The practical issue is not just visibility, but whether authorization can keep pace with newly created agents and changing platform registries.
NHIMG editorial — based on content published by PlainID: Agentic AI Observability from the Agentic Identity Platform Feature Focus Series
By the numbers:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
- Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.
Questions worth separating out
Q: How should security teams govern AI agents that appear across multiple cloud platforms?
A: Security teams should centralise discovery first, then apply authorization only after agents are visible in one authoritative registry.
Q: Why do AI agents create governance problems for IAM programmes?
A: AI agents create governance problems because they can be created, connected, and updated outside the slower identity lifecycle processes built for humans and many NHIs.
Q: What breaks when agent metadata is not part of authorization?
A: When metadata is not part of authorization, teams are forced to manage agents with static exceptions or broad entitlements.
Practitioner guidance
- Build a single agent registry Aggregate agents, gateways, and target systems from every platform into one authoritative inventory so security teams can see what exists before access decisions are made.
- Require governed metadata before access Define a minimal set of approved attributes such as business unit, platform source, and owner, and block authorization until those fields are populated and validated.
- Treat registry drift as a control failure Compare scheduled discovery results with current policy scope and investigate any newly detected agent that is already connected to internal systems.
What's in the full article
PlainID's full article covers the operational detail this post intentionally leaves for the source:
- How the unified agent registry maps discovered agents, gateways, and targets into a single access graph
- How custom agent metadata is extended into policy conditions and grouped for real-time authorization
- How scheduled discovery updates the registry when connected platforms change, reducing drift between policy and reality
- How the platform links discovery state to access decisions across AWS AgentCore and Microsoft Foundry
👉 Read PlainID's analysis of agentic AI observability and discovery-driven authorization →
Agentic AI discovery: what it means for IAM teams?
Explore further
Discovery is now the control that decides whether agentic AI can be governed at all. PlainID’s focus is not on a new access trick, but on the ordering problem in agentic AI governance: if you do not know an agent exists, every later policy decision is partial. That makes discovery the first authorisation control, because the registry defines the population that policy can actually reach. Practitioners should treat incomplete discovery as a governance failure, not an operational inconvenience.
A few things that frame the scale:
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to The 2026 Infrastructure Identity Survey.
- A separate finding from the same survey shows that 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems.
A question worth separating out:
Q: How do continuous discovery and access control work together for AI agents?
A: Continuous discovery keeps the authoritative agent list aligned with current platform reality, and access control uses that list to decide what each agent may reach. Without recurring discovery, newly deployed agents can stay outside policy scope long enough to operate with unreviewed access. That is how agentic AI turns into shadow identity risk.
👉 Read our full editorial: Agentic AI discovery is now the first authorization control