Drata Launches AI Agent Governance for Enterprises

BusinessWire reports Drata expanded its trust management platform to include AI Agent Governance, a capability the company frames as focused on governing AI agents inside enterprises. BusinessWire reports Drata's trust platform is used by 8,500+ organizations worldwide. BusinessWire says the company processed more than 2.1 million security questions over nine months and observed AI-specific queries surge by over 30%. BusinessWire reports 89% of companies leave critical AI governance questions unanswered, according to Drata's platform data. BusinessWire includes a quote from Nils Puhlmann: "When enterprise customers conducted security reviews in the past, the conversation centered on which frameworks we were certified against, how we managed our security posture, and what our third-party risk profile looked like."

Dealroom and BusinessWire report the product aims to help security teams discover and inventory agents, map agents to owners and permissions, authorize access, monitor behavior continuously, evaluate actions against policies in real time, and maintain tamper-evident records for auditing. Dealroom describes the implementation surface as using inline sensors to detect agents and generate auditable evidence, and states the product is in early access with customers in financial services, healthcare and software.

Industry-pattern observations: enterprises adopting agentic systems commonly struggle with four operational problems - discovery of "shadow" agents, attribution of agent identity and owner, continuous behavioural monitoring, and producing tamper-evident evidence for audits. Products that combine inventory, real-time policy evaluation and immutable logging reduce friction during procurement and regulator reviews by turning qualitative controls into measurable signals. For practitioners: integrating discovery sensors with existing identity and access management and SIEM workflows will be a critical integration point; centralized evidence capture can simplify audit trails but raises questions about log volume, retention, and access controls.

BusinessWire cites a McKinsey finding that 57% of business leaders identify governance friction as the top blocker to broader AI deployment, placing this launch in the broader market push to operationalize governance for autonomous workflows. Industry reporting frames Drata's move as part of a growing vendor wave providing agent-level controls; similar offerings from other vendors focus on inventory, policy enforcement and attestation. For practitioners, the notable element is the emphasis on tamper-evident proofs and real-time policy checks, which are the features auditors and compliance teams increasingly request.

• •Adoption signals: expansion from early-access customers into regulated sectors and reported integration partners.
• •Interoperability: whether vendors publish standard event schemas or APIs for evidence exchange with SIEM, IAM and GRC systems.
• •Audit posture metrics: how vendors quantify "proved" compliance for agent behavior and whether third-party auditors accept the generated evidence.