Notifications
Clear all
Topic starter
07/06/2026 8:50 pm
TL;DR: AI agents are being governed through metadata visibility and runtime policy hints, but that model still depends on agents cooperating with the governance layer, according to WorkOS. For production systems, the harder problem is enforced authentication and authorization, not just observability or data classification.
NHIMG editorial — based on content published by WorkOS: Bedrock Data for AI Agent Security: Features, Pricing, and Alternatives
By the numbers:
- WorkOS provides SSO with 70+ identity providers for enterprise applications.
- Bedrock Data was backed by $10 million from Greylock Partners.
- The platform includes a Metadata Lake with over 50 metadata elements for data governance.
Questions worth separating out
Q: How should security teams govern AI agents that can access sensitive data across multiple systems?
A: Security teams should govern AI agents with enforced identity controls, not only data classification.
Q: Why do metadata-based controls fall short for production AI agent security?
A: Metadata-based controls fall short when they depend on the agent to cooperate.
Q: What breaks when AI agent governance is built only on runtime policy hints?
A: What breaks is enforceability.
Practitioner guidance
- Separate data governance from authorization enforcement Use metadata catalogs and classification for discovery, but enforce access at the identity layer where the system can approve or deny each agent action in real time.
- Require revocation paths for every AI agent identity Verify that each agent has session termination, directory-based provisioning, and auditable deprovisioning so access can be removed without relying on voluntary compliance.
- Test uncooperative-agent scenarios Validate what happens when an agent ignores governance guidance, skips the metadata query, or attempts a direct API call outside the intended workflow.
What's in the full article
WorkOS's full article covers the operational detail this post intentionally leaves for the source:
- The platform-by-platform comparison of Bedrock Data, WorkOS, and related controls for production AI deployments.
- The implementation implications of SSO, SCIM, fine-grained authorization, and audit logging in agentic environments.
- The pricing and procurement context behind Bedrock Data's enterprise-only commercial model.
- The specific feature-by-feature rationale the vendor uses when evaluating data governance versus identity infrastructure.
👉 Read WorkOS's analysis of Bedrock Data and AI agent security →
AI agent governance and metadata-only controls: what teams should know?
Explore further
08/06/2026 8:33 am
Metadata visibility is not the same thing as control. Bedrock Data’s model improves insight into where sensitive data lives and how it moves, but insight alone does not establish authority over an AI agent’s runtime actions. In identity terms, the system can know more about the data and still fail to stop the wrong access path. Practitioners should treat that as a governance boundary, not a feature gap.
A few things that frame the scale:
- AI LLM hijack breach analysis shows how stolen AWS access keys can turn model access into a compromise path, according to AI LLM hijack breach.
- Our research on the Moltbook AI agent keys breach shows that 1.5 million AI agent keys were exposed in one incident.
A question worth separating out:
Q: Should organisations rely on data governance tools instead of IAM for AI agents?
A: No. Data governance tools help teams discover and classify sensitive information, but IAM defines who or what may access it and under what conditions. For AI agents, that includes authentication, authorization, session management, and revocation. Without those controls, the agent may know the policy and still bypass the boundary.
👉 Read our full editorial: Bedrock Data and AI agent governance: identity controls fall short
