CoSAI and agentic AI standards: what it means for IAM teams

TL;DR: Agentic AI security standards are being shaped now inside CoSAI, where more than 45 sponsors and 91% of organizations already on the adoption curve point to a governance model that is still unfinished, according to Zenity and Gartner. The practical issue is not whether agents are coming, but whether identity, access, and runtime controls are defined before they move into production.

NHIMG editorial — based on content published by Zenity: Zenity Joins CoSAI, explaining why agentic AI standards need practitioners at the table

By the numbers:

• The coalition includes more than 45 sponsor organizations, including Google, Microsoft, NVIDIA, IBM, and Meta.
• A Gartner poll of 147 CIOs and IT leaders found that 24% had already deployed AI agents, 50% were actively experimenting, and 17% planned to deploy by the end of 2026.
• Gartner’s 4Q25 forecast projects agentic AI spending overtaking chatbot and assistant spending by 2027 on its way to $752.7 billion by 2029.

Questions worth separating out

Q: How should security teams govern AI agents that can invoke multiple tools in one session?

A: Security teams should govern AI agents as decision-making identities, not just tool users.

Q: Why do agentic AI systems create new identity governance risks?

A: Agentic AI systems create new identity governance risks because they do not simply authenticate and wait for commands.

Q: What breaks when IAM controls are applied to autonomous agents without runtime governance?

A: IAM controls break when they assume access can be reviewed after the fact.

Practitioner guidance

• Map agent governance to emerging standards now Inventory which of your agentic AI controls reference OWASP Agentic AI guidance, MITRE ATLAS techniques, and CoSAI workstream outputs.
• Unify identity and tool-access policy for agents Treat agent identity, MCP tool permissions, and data scope as a single governance problem.
• Review runtime controls before provisioning controls alone Assess whether your current programme can detect or interrupt an agent that chains actions across systems in one session.

What's in the full article

Zenity's full analysis covers the operational detail this post intentionally leaves for the source:

• The specific CoSAI workstreams and governance mechanics behind each open specification effort
• Zenity's direct contributions to OWASP, MITRE ATLAS, and the standards credibility stack it describes
• The article's practitioner questions for CISOs evaluating vendors against emerging agentic AI standards
• The full argument for why runtime governance matters when agents can chain actions across enterprise systems

👉 Read Zenity's analysis of CoSAI and agentic AI security standards →

CoSAI and agentic AI standards: what it means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →