Drata Expands Trust Platform With AI Agent Governance Capability
Drata has introduced AI Agent Governance, a new capability that extends its trust platform into the governance of AI agents used across enterprise environments. The company said the offering is designed to help security teams discover, monitor and govern AI agents as organizations face growing scrutiny over their use of artificial intelligence.
The announcement follows trends Drata observed through its platform, which is used by more than 8,500 organizations worldwide. According to the company, it processed more than 2.1 million security questions through the Drata Trust Graph over the past nine months and saw AI-specific security questions increase by more than 30%. Those questions centered on identifying which AI agents are operating, what they are permitted to do, which identities they use, whether they are behaving as expected and whether organizations can prove those controls.
Drata said many security leaders are not prepared to answer those questions, noting that 89% of organizations leave governance-related AI security questions unanswered. The company said its new product is designed to help security teams identify AI agents in their environments, authorize access, continuously monitor activity and provide evidence of governance.
"When enterprise customers conducted security reviews in the past, the conversation centered on which frameworks we were certified against, how we managed our security posture, and what our third-party risk profile looked like," said Nils Puhlmann, co-founder of Cloud Security Alliance and former chief security officer of Twilio, Navan and Zynga. "However, over the past few months, an entirely new category of questions has emerged, focused on which AI agents are running and how they are governed. Answering those questions confidently is impossible with today's technology; anyone who solves that problem is solving for the future of enterprise trust."
According to Drata, the platform's inline sensors discover AI agents created throughout an organization's environment, including previously unknown shadow AI agents, and build an inventory that maps each agent to its owner, identity, permissions and scope. The platform evaluates agent activity against defined policies in real time, blocks policy violations before execution, flags configuration drift and records every decision in a tamper-evident audit trail intended for boards, auditors, customers and regulators.
"Every major technology wave creates a security wave, and the security wave never starts with the platform vendor. Where endpoint created CrowdStrike and cloud created Wiz, we are now in a world where AI agents are creating a technology wave that requires a security layer to support its growth," said Adam Markowitz, CEO and co-founder of Drata. "We have spent five years building the trust layer between great companies and helping our customers prove trust faster through agentic workflows. Extending the platform to govern agents themselves is the next required step and Drata is uniquely positioned with the platform data and the policies, controls, risk, monitoring, and remediation actions to do it credibly."
AI Agent Governance is currently available in early access for customers in the financial services, healthcare and software sectors.