Notifications
Clear all
Topic starter
25/06/2026 2:52 pm
TL;DR: AI agents now need lifecycle governance across discovery, policy, detection, prevention, and response, according to Zenity, underscoring Zenity’s recognition in the CyberSecurity Breakthrough Awards. The bigger signal is that agent behaviour, tool invocation, and access scope are becoming identity governance problems, not just application security problems.
NHIMG editorial — based on content published by Zenity: Zenity Named “Agentic AI Security Solution of the Year” in 9th Annual CyberSecurity Breakthrough Awards Program
Questions worth separating out
Q: How should security teams govern AI agents that can use multiple tools across environments?
A: Treat the agent as an identity with explicit ownership, scoped entitlements, and a monitored action path.
Q: Why do AI agents create governance risk for IAM and NHI programmes?
A: AI agents can act within delegated access while changing what they do at runtime, which breaks assumptions built around stable, reviewable access.
Q: How do teams know whether agent governance is actually working?
A: Look for evidence that the organisation can inventory agents, trace tool use, and explain each action after the fact.
Practitioner guidance
- Inventory every agent and its delegated tools Create a complete register of agent identities, connected data sources, and tool permissions across SaaS, cloud, and endpoint environments.
- Bind tool use to explicit policy and entitlement records Map each agent tool invocation to an approved entitlement and context rule.
- Unify monitoring and response across all agent environments Make sure alerts, logs, and response workflows are consistent across the platforms where agents operate.
What's in the full analysis
Zenity's full article covers the operational detail this post intentionally leaves for the source:
- The award context and vendor-specific framing around buildtime-to-runtime AI agent protection.
- Zenity Labs references, including the AgentFlayer vulnerability disclosures and standards involvement.
- The vendor's own description of its cross-environment coverage across SaaS, cloud, and endpoint deployments.
- The article's related-post links on federal, Claude Enterprise, and AWS Security Hub integrations.
👉 Read Zenity's announcement on agentic AI security recognition →
Agentic AI security governance: what does this recognition really change?
Explore further
25/06/2026 4:03 pm
AI agent security is becoming an identity governance problem, not just an application security problem. The award matters because it reflects market recognition that agents must be governed as identities with lifecycle, tool, and access boundaries. Once an agent can decide which tool to invoke and when to invoke it, the control plane shifts from software behaviour to entitlement governance. Practitioners should stop treating agent security as a separate domain and fold it into IAM, NHI, and PAM governance.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- A separate finding shows that 80% of organisations report their AI agents have already acted beyond intended scope, including unauthorised system access, sensitive data sharing, and credential exposure.
A question worth separating out:
Q: What is the difference between securing an AI model and governing an AI agent?
A: Securing a model focuses on the model itself, while governing an agent means controlling what it can access, which tools it can invoke, and what actions it can trigger. The latter is broader because the risk sits in execution, not just output. That is why agent governance belongs alongside IAM and NHI controls.
👉 Read our full editorial: Zenity’s agentic AI security award spotlights governance needs
