AI Agent Governance is here!
In the first post of this series, I shared that the AI security wave was here and the category leader had not yet emerged. In the second post, I described the Fourth Dimension of Trust between companies. In fact, our own data taken from millions of security questions shows interest in AI governance—what was running, who owned them, and how they were governed—has surged in the last nine months. I closed that post by saying the next one I'd write would cover what the system that delivers an answer actually looks like.
Today, I'm showing you how we’re building it!
It's called AI Agent Governance. It's a new product from Drata and Early Access opens today.
What the Solution Has to Solve
Before describing the product, let me restate the problem in four lines because the shape of the problem dictates the shape of the answer.
Most security leaders can’t see the agents already running. Employees spawn agents through SaaS connectors. Engineers build them from internal frameworks. Vendors ship them inside the products you already buy. You know agents are running. You just can't say how many, who owns them, or the scope of each one.
Most monitoring tools only tell you after it's happened. They sit alongside the execution path, watch the agent, and send an alert after the action has already run. For autonomous actors moving at machine speed, notification isn't governance.
Previously approved agents drift. OAuth scopes expand. Vendor APIs change. Behavior changes. Point-in-time approval can't keep up with actors that outlive the session that created them.
Security questions have no approved answers. Boards, customers, and auditors are all starting to request the same thing — show us how your AI agents are governed. Today, 89% of companies leave that question unanswered. Only 11% of vendors can substantively prove an audit trail for AI agent decisions. That gap is the single largest unmet expectation in enterprise procurement right now.
Each of those four problems gets a direct response in our new product.
What We Built to Solve the AI Agent Governance Problem
Drata’s AI Agent Governance is built around five moves.
The Drata Sensor — See Every Agent in Minutes
When we asked one large enterprise's security leader how many AI agents were running in their environment, the answer came back: between 100 and 2,000. They weren't being glib. They genuinely didn't know and wouldn’t have been surprised with any number in that range.
The Sensor sits inline with the AI platforms your company uses, and it registers every agent at inception — mapping each one to its owner, identity, permissions, and scope. Not through a quarterly inventory exercise. Not through a self-reported list. At the moment of creation. The full inventory of every agent in your environment populates in minutes, not weeks, and stays current because it isn't a snapshot — it's a stream.
Mission Control — Policy as Intent, Enforced Before Execution
Most monitoring tools in this space are smoke detectors. They watch the agent, sound an alarm after the action runs, and hope someone hears it. Mission Control is built more like a fire suppression system. It evaluates every agent action against approved policy in real time, and blocks violations inline, before they execute.
Policies are written by the team as intent — plain English, not code. "Customer service agents may not access patient records." "No agent may write outside the staging environment without explicit human approval." Mission Control compiles intent into enforced controls, and applies them across every agent and every action.
The Trust Ladder — Prove the Policy Before You Turn It On
One of the most interesting things our customers asked for during early conversations is the ability to test a policy against real agent traffic before they enforce it. We built the Trust Ladder for exactly this. Every policy advances through three stages on your timeline:
Training (the policy observes real traffic, no enforcement)
Recommendation (the policy surfaces what it would do if it were active)
Active (the policy enforces inline).
Teams move policies up the ladder when they're ready. No surprises. No false positives in production. No accidental blocking of agents the business actually depends on.
Drift Detection — Catch the Moment an Agent Steps Out of Scope
The Sensor continuously monitors every command, prompt, and tool call against the policy you actually set. The moment an agent operates outside its approved scope — a scope that expanded silently, an action it shouldn't be making, a system it shouldn't be touching — drift detection catches it and flags it immediately. You stop discovering problems three months later in the audit. You catch them when they happen.
Chain of Custody — Auditor-Grade Proof of Every Decision
Every agent decision, every policy evaluation, every remediation action gets logged in a tamper-evident record. Not a screenshot. Not a CSV pulled out of a logging tool the morning of the audit. A single, verified evidence trail that your board, your auditors, your largest customers, and the regulator can all review from the same source of truth.
Those five capabilities map directly to the five questions every CISO is being asked.
Five Questions—Five Answers
In the last post, I laid out the five questions every CISO I talk to is being asked about AI agents inside their company. Here is how the product answers each one.
Discovery — What AI agents are running here?
Drata Sensor. Live inventory at the moment of creation.
Authorization — Do they have the right permissions, scope, and policy?
Mission Control. Intent-based policy, enforced inline.
Identity — What identity does it run under?
Sensor identity mapping. Every agent tied to a human owner and an identity provider.
Monitoring — Are they behaving as expected?
Drift Detection. Continuous evaluation, real-time flagging.
Proof — Can I show evidence of all of it?
Chain of Custody. Tamper-evident, auditor-accepted, framework-mapped.
Out of the Box and On Your Stack
Drata customers don't start from a blank page. AI Agent Governance ships with a baseline policy set drawn from established standards like OWASP, so a security team can start governing their agent fleet on day one without writing a single line of policy from scratch. Teams can also bring their own — Mission Control's intent-based authoring makes a custom policy as easy to write as a sentence.
Framework mapping is where the world is still catching up. Most existing compliance frameworks don't have AI-specific requirements yet — they're being written and amended in real time. AI Agent Governance maps to the standards that do today (ISO 42001, EU AI Act, and AIUC-1 as it formalizes) and adds new framework mappings as they ship. Where AI-specific requirements don't yet exist, we surface agent activity into the same evidence layer that powers tens of thousands of Drata audits today across SOC 2, ISO 27001, HIPAA, and 30+ other frameworks.
Your AI governance posture becomes part of the same trust story you already tell — not a separate, parallel system that has to be re-mapped, re-explained, and re-audited from zero.
What Practitioners Are Telling Us
Our team has had roughly 150 CISO conversations over the past six months, spanning financial services, healthcare, public software companies, and the largest AI labs.
One of the sharpest articulations I have heard came from Nils Puhlmann, Co-Founder, Cloud Security Alliance:
"When prospects sent us security questions in the past, they asked which frameworks we were certified against, how we managed our security posture, and what our third-party risk profile looked like. Over the past few months, we've seen an entire new category emerge around which AI agents are running and how we are governing them, and answering those questions with 100% confidence is impossible with today's technology. Anyone who solves that problem is solving for where enterprise trust is going in the very near future."
Anyone who's sat in an enterprise procurement conversation over the past six months has felt this. The questions are arriving; the answers don't exist yet. Teams that can answer first will build agents with confidence and move through procurement faster. Teams that can't will lose deals.
Come Build It With Us
AI Agent Governance enters Early Access today.
We're further shaping this product alongside a small group of early access partners, building to address what they’re experiencing. The questionnaires they're receiving. The auditor conversations they're having. The agent fleets they're needing to govern.
A few months ago, I argued that every technology wave creates a security wave and the AI wave was no exception. A few weeks ago, I argued that the trust transaction between companies had grown a Fourth Dimension of Trust and our own data showed it was already in flight.
Today, the Fourth Dimension of Trust is no longer theoretical. It runs as agentic software. It deploys inline with the AI platforms your company already uses. It produces evidence your auditor already accepts. It surfaces into the Trust Center your customers already consume.
If your team and you are interested, apply here. Help us build the next iteration.
