Drata brings visibility, control and auditability to enterprise AI agents

Drata has introduced AI Agent Governance, a new security category focused on managing the risks and oversight requirements of AI agents, while extending its trust platform to support enterprise adoption of autonomous AI systems.

While McKinsey finds 57% of business leaders cite governance friction as the top blocker to deploying more AI, this move is a strategic shift grounded in platform trends Drata is uniquely positioned to observe. Over the last nine months, the company has processed more than 2.1 million security questions through the Drata Trust Graph and seen the frequency of AI-specific questions surge by over 30%. These insights, derived from aggregate platform activity, reveal that questions cluster across five core themes:

1. Which AI agents are running?
2. What are they allowed to do?
3. Who do they run as?
4. Are they behaving as expected?
5. Can you prove all of the above?

As AI adoption surges, the diligence required of companies to govern them does as well. Unfortunately, security leaders are unprepared to answer the first four questions, making it nearly impossible to answer the fifth. In fact, a staggering 89% of companies leave questions in that category unanswered. Empowering security leaders to see the agents in their environment, authorize their access, monitor them continuously, and prove their posture is what the new product from Drata is designed to do.

“When enterprise customers conducted security reviews in the past, the conversation centered on which frameworks we were certified against, how we managed our security posture, and what our third-party risk profile looked like,” says Nils Puhlmann, co-founder of Cloud Security Alliance and former chief security officer of Twilio, Navan and Zynga. “However, over the past few months, an entirely new category of questions has emerged, focused on which AI agents are running and how they are governed. Answering those questions confidently is impossible with today’s technology; anyone who solves that problem is solving for the future of enterprise trust.”

AI Agent Governance from Drata provides enterprise security teams with capabilities for the AI era, all built on the same platform that produces compliance evidence for thousands of audits and enables teams to prove trust externally. Upon integration, Drata’s inline sensors find every agent created by every employee in the environment, including the shadow AI agents no one knew existed, and provide a full inventory in minutes, mapping each one to its owner, identity, permissions, and scope.

From there, every action is evaluated against its individual policy in real time, with violations blocked inline before execution and any drift caught and flagged immediately. Every decision is logged in a tamper-evident record, providing a single, verified evidence trail for the board, auditors, customers, and regulators.

“Every major technology wave creates a security wave, and the security wave never starts with the platform vendor. Where endpoint created CrowdStrike and cloud created Wiz, we are now in a world where AI agents are creating a technology wave that requires a security layer to support its growth,” said Adam Markowitz, CEO of Drata.

“We have spent five years building the trust layer between great companies and helping our customers prove trust faster through agentic workflows. Extending the platform to govern agents themselves is the next required step and Drata is uniquely positioned with the platform data and the policies, controls, risk, monitoring, and remediation actions to do it credibly,” Markowitz concluded.