Recently, our data team showed me something. A category of question that did not exist in vendor security questionnaires three years ago was climbing — fast — across our customers' procurement traffic.
We run a data platform we call the Drata Trust Graph — the layer that turns the controls, evidence, questionnaire responses, audit trails, and risk signals from thousands of Drata customers into patterns, benchmarks, and actionable insight. It's how we tell a healthcare company how their posture compares to other healthcare companies. It's how we tell a financial services firm which controls the rest of the industry is monitoring continuously.
One part of the Trust Graph is fueled by AI Questionnaire Assistance (AIQA) the product that helps our customers answer vendor security questionnaires at scale. Over a million questions flow through it annually.
What the team found in the AIQA traffic was a climbing curve. Security and procurement teams at companies that buy from our customers had started asking about AI agents — what was running, who owned them, how they were governed. The category was small at first. It climbed fast.
When the pattern stabilized, I started a series of conversations with CISOs across industries to understand what was driving it. Healthcare. Financial services. Public software companies. Pre-IPO scaleups. A frontier AI lab. The setting changed every time. The five questions did not.
In the last post in this series, I promised to lay them out. Here they are.
The Five Questions
Discovery: What AI Agents Are Running Here?
The first question is the simplest, and the one almost no CISO can answer with confidence. Employees spawn agents through SaaS connectors. Engineers build agents from internal frameworks. Vendors ship agents inside their products. The CISO knows agents are running. The CISO doesn't know how many, owned by whom, with what scope.
Authorization: Do They Have the Right Permissions, Scope, and Policy?
The authorization question is not whether an agent should exist — that decision has already been made, and the speed of adoption is going to overwhelm any company that tries to gate it. The real question is whether each agent, once spawned, is operating within the permission profile, OAuth scope, and policy boundaries the company set for it. The question has shifted from gating to proving.
Identity: What Identity Does It Run Under?
The identity question is structurally harder in the agentic world than it was in the human one. An agent inherits the privileges of the user who spawned it, but it can outlive the session, operate at machine speed, and act on systems the user never touched directly. One human identity can spawn dozens of agent identities, each with different access. A CISO at a frontier AI lab told me last week that the identity problem is ten to fifty times bigger in the agentic world than it was in the human one. They may be understating it.
Monitoring: Are They Behaving as Expected?
An agent approved on Monday is not the same agent operating on Friday. OAuth scopes expand. Vendor APIs change. Behavior drifts. Continuous monitoring of agent behavior — against the policy the company actually set — is the only credible answer to this question. Point-in-time approval is not enough.
Proof: Can I Show Evidence of All of It?
This is the question the auditor will ask, the question the board will ask, and the question our data says the customer's procurement team is already starting to ask. The first four questions are operational. The fifth is the one the others have to roll up to. Without it, the other four don't matter — because the CISO can't show their work to anyone outside the security team.
What the Trust Graph Showed Us
When the AIQA team classified six months of traffic, the new category came back with measurable share — and the breakdown closely matched the five questions:
The exact percentages aren't the point. The point is that they appear together, consistently, across thousands of questionnaires, between companies that buy from each other.
This isn't a forecast. It's already in flight.
What the CISO Conversations Confirmed
The data told me a pattern existed. The conversations told me how it lived inside specific companies.
A CISO at a healthcare technology company told me their largest customer — a Fortune 50 health insurer — had just sent over a formal request for AI agent governance documentation. They had nothing. A policy template from six months ago, never finalized. A list of the agents the team had built. No way to show the customer how they governed any of it. The procurement conversation paused for two weeks.
A CISO at a public software company said the CEO had told them to clear the path for AI — and now the board was asking how they'd cleared it.
A senior security leader who advises a community of more than 800 CISOs said nobody they talked to could describe what an AI agent governance program was supposed to look like.
Same five questions. Different industries. Same gap.
Why the Five Questions Add Up to Something Structural
The thing that strikes me about the data is not the individual questions. It's that they appear together, as a coherent category, across thousands of questionnaires, between companies that buy from each other. Five questions, asked of the seller by the buyer, about how the seller governs the agents inside its own walls.
Three years ago, that conversation didn't exist. There was no procurement category for it. There was no row in the vendor questionnaire template. There was no auditor framework that asked about it.
Now there is. When a new category of question stabilizes in procurement, something structural has happened to the trust transaction itself.
The Four Dimensions of Trust
The trust transaction between Company A and Company B has historically rested on three dimensions. All three are growing right now. A fourth is emerging alongside them.
The first is certifications. SOC 2. ISO 27001. HIPAA. PCI. Frameworks the company is audited against, attestations a third party signs. The dimension is expanding fast — AIUC-1, ISO 42001, and the EU AI Act are joining the existing standards, each carrying AI-specific obligations that did not exist in SOC 2 or ISO 27001. The surface area is growing.
The second is security questionnaires. The bespoke list of questions procurement asks before a contract is signed. Two thousand answers a year for an enterprise vendor is not unusual. The dimension is also expanding — AI-agent-specific questionnaire templates are being built right now, drawn from the same five questions the Trust Graph is surfacing. Procurement teams aren't adding one new row; they're adding thirty.
The third is vendor risk assessments. TPRM. The buyer's own assessment of the seller's risk posture, refreshed annually, sometimes more often if the seller handles sensitive data. TPRM is expanding too — every vendor is increasingly also an AI vendor, and the buyer's assessment has to grow to cover the AI tools the vendor sells. TPRM absorbs the AI-tool question naturally; that's still inside the third dimension.
But the AI-tool question is not the AI-agent question. AI agents are different. They run inside the seller's company, spawned by the seller's employees, operating on the seller's data, under the seller's identity providers. They are not vendors. TPRM cannot cover them.
So a fourth dimension is emerging.
AI Agent Governance Posture. Live agent inventory, identity attribution, scope and permission validation, behavioral monitoring, and continuous evidence — between two companies, about the agents running inside one of them. It's not a new question inside the questionnaire dimension. It's not a new vendor in the TPRM dimension. It's a new dimension of trust entirely. And our data shows it growing the fastest.
The trust transaction now has four dimensions. Companies that can answer in all four will move through procurement at speed. Companies that can't will lose deals to companies that can.
What the EU AI Act Already Codifies
I'm writing this just over two months before EU AI Act enforcement begins on August 2, 2026.
The Act doesn't use the words five questions or four dimensions — but its core requirements for high-risk AI systems map directly onto them:
Record-keeping — automated logging of AI operations and decisions. That's Monitoring.
Human oversight — design measures so the system can be overseen and stopped. That's Trust.
Technical documentation — comprehensive documentation of the system's risk profile, data sources, and design. That's Proof.
Risk management — a continuous iterative process across the system's lifecycle. That's Trust and Monitoring together.
Data governance — what the system processes, how it was trained, who has access. That's Discovery and Identity.
The five questions and the four dimensions aren't a forecast about where regulation is heading. They're a description of where regulation has already arrived. The Act will operationalize what procurement is already asking.
Where This Lands
Within twelve months, every meaningful enterprise vendor questionnaire will carry a section on the fourth dimension. Inside twenty-four months, AI Agent Governance Posture will be a standard line item in any third-party risk assessment, alongside SOC 2 and ISO 27001. For companies serving regulated industries — healthcare, financial services, defense, public sector — the timeline is shorter. The window between "we don't ask about this" and "we won't sign without it" will close inside the same fiscal year.
What's Next
The five questions are operational. The four dimensions are structural. The EU AI Act codifies them. The Trust Graph caught them forming; the CISO conversations told me how they lived inside companies; the regulation tells me how they will be enforced.
What none of it describes is the system that delivers an answer.
In the next post in this series, I will lay out what an AI Agent Governance solution actually looks like — the architecture, the controls, the evidence flow, the surfaces where the proof shows up.
The pattern from cloud and endpoint told us a category leader would emerge. The data tells us the category has now arrived. The window is open. We intend to shape this new dimension of Trust.
