Notifications
Clear all
Topic starter
25/06/2026 2:46 pm
TL;DR: Enterprise security is shifting toward AI agent governance as organizations move from isolated copilots to systems that act, decide, and learn across SaaS, cloud, and endpoint surfaces, according to Zenity. The underlying issue is that existing IAM and security controls assume bounded, reviewable access, but autonomous agent behaviour compresses that control window beyond what traditional governance can observe.
NHIMG editorial — based on content published by Zenity: Fortune names Zenity to the Cyber 60 and its analysis of AI security governance
Questions worth separating out
Q: How should security teams govern AI agents that can act across multiple systems?
A: Security teams should govern AI agents as privileged non-human identities with discovery, permission review, and runtime monitoring.
Q: Why do AI agents create a different governance problem from ordinary automation?
A: AI agents create a different governance problem because they can choose actions at runtime instead of following only fixed rules.
Q: What breaks when organisations cannot see all of their AI agents?
A: When organisations cannot see all of their AI agents, they lose the ability to assess privilege, data access, and accountability.
Practitioner guidance
- Map every agent, integration, and connection Build a current inventory of AI agents across SaaS, cloud, and endpoint environments, then tie each one to the data sources and tools it can reach.
- Review agent permissions before deployment Treat each agent as a privileged workload and validate what it can read, write, and invoke before it is allowed into production.
- Add runtime policy enforcement for agent behaviour Instrument detection for misuse, leakage, and policy violations while the agent is active, not only during approval workflows.
What's in the full analysis
Zenity's full article covers the operational detail this post intentionally leaves for the source:
- How Zenity defines full-lifecycle AI agent security across buildtime, deployment, and runtime
- The specific enterprise surfaces it claims to cover, including SaaS, cloud, and endpoint environments
- The product narrative behind discovery, posture management, and real-time detection for AI agents
- The customer and ecosystem references Zenity uses to frame market traction and category maturity
👉 Read Zenity's Cyber 60 analysis of AI security and agent governance →
AI agent governance: what it means for IAM and security teams?
Explore further
25/06/2026 3:53 pm
AI agent governance is now an identity problem, not only a security tooling problem. Once agents can choose actions across SaaS, cloud, and endpoint environments, the boundary between identity, access, and workflow begins to blur. That means IGA and PAM teams cannot treat agent oversight as a separate AI initiative. The practitioner conclusion is that agent governance must be folded into core identity operations.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to the same research.
A question worth separating out:
Q: Who should own AI agent governance inside the enterprise?
A: AI agent governance should sit across IAM, security architecture, and platform teams rather than with one isolated function. Ownership needs to cover identity, permissions, data access, and response because agents cut across all of those control planes. The most effective model assigns clear accountability for inventory, approval, and monitoring before the agent is allowed to operate.
👉 Read our full editorial: AI agent governance is becoming a core enterprise security category
