Drata, the leading Agentic Trust Management Platform, today declared AI Agent Governance the next major enterprise security category and revealed the product it is building to solve it. The new capability extends Drata's existing trust platform— used by 8,500+ organizations worldwide—into the governance of AI agents now operating inside every enterprise. The launch addresses what Drata's own platform data shows is the fastest-growing security question category in enterprise procurement.
Drata expands trust management platform to support governance of enterprise AI agents.
AI-specific security questions have surged over 30% in the last nine months.
89% of companies leave AI governance questions unanswered.
57% of business leaders cite governance friction as top blocker to deploying more AI, per McKinsey.
Questions cluster around: which AI agents are running, what they're allowed to do, who they run as, whether they behave as expected, and proof of all above.
New product provides inline sensors to inventory all AI agents including shadow AI.
While McKinsey finds 57% of business leaders cite governance friction as the top blocker to deploying more AI, this move is a strategic shift grounded in platform trends Drata is uniquely positioned to observe. Over the last nine months, the company has processed more than 2.1 million security questions through the Drata Trust Graph and seen the frequency of AI-specific questions surge by over 30%. These insights—derived from aggregate platform activity—reveal that questions cluster across five core themes:
Which AI agents are running?
What are they allowed to do?
Who do they run as?
Are they behaving as expected?
Can you prove all of the above?
As AI adoption surges, the diligence required of companies to govern them does as well. Unfortunately, security leaders are unprepared to answer the first four questions, making it nearly impossible to answer the fifth. In fact, a staggering 89% of companies leave questions in that category unanswered. Empowering security leaders to see the agents in their environment, authorize their access, monitor them continuously, and prove their posture is what the new product from Drata is designed to do.
"When enterprise customers conducted security reviews in the past, the conversation centered on which frameworks we were certified against, how we managed our security posture, and what our third-party risk profile looked like," says Nils Puhlmann, co-founder of Cloud Security Alliance and former chief security officer of Twilio, Navan and Zynga. "However, over the past few months, an entirely new category of questions has emerged, focused on which AI agents are running and how they are governed. Answering those questions confidently is impossible with today's technology; anyone who solves that problem is solving for the future of enterprise trust."
AI Agent Governance from Drata provides enterprise security teams with capabilities for the AI era, all built on the same platform that today produces compliance evidence for thousands of audits and enables teams to prove trust externally. Upon integration, Drata's inline sensors find every agent created by every employee in the environment—including the shadow AI agents no one knew existed—and provide a full inventory in minutes, mapping each one to its owner, identity, permissions, and scope. From there, every action is evaluated against its individual policy in real time, with violations blocked inline before execution and any drift caught and flagged immediately. Every decision is logged in a tamper-evident record, providing a single, verified evidence trail for the board, auditors, customers, and regulators.
"Every major technology wave creates a security wave, and the security wave never starts with the platform vendor. Where endpoint created CrowdStrike and cloud created Wiz, we are now in a world where AI agents are creating a technology wave that requires a security layer to support its growth," said Adam Markowitz, CEO and co-founder of Drata. "We have spent five years building the trust layer between great companies and helping our customers prove trust faster through agentic workflows. Extending the platform to govern agents themselves is the next required step and Drata is uniquely positioned with the platform data and the policies, controls, risk, monitoring, and remediation actions to do it credibly."
About Drata
Drata provides the trust network that enables businesses to operate, scale, and partner with confidence. Powered by AI and designed to operationalize trust, the Drata Agentic Trust Management Platform continuously interprets controls, risk, and assurance signals — reducing repetitive manual work while improving visibility into internal and third-party risk, enabling always-on audit readiness across compliance frameworks, and accelerating security reviews.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.