Drata launched AI Agent Governance capabilities within its Trust Management Platform on June 12, 2026, to help organizations manage the security risks of autonomous AI systems. The update addresses a sharp increase in procurement friction, as 89% of companies currently leave AI-specific security questions unanswered during vendor reviews.
The surge in AI security questions
Drata processed 2.1 million security questions through its Trust Graph over the past nine months, with AI-specific inquiries increasing by more than 30%. McKinsey research indicates that 57% of business leaders view governance friction as the primary obstacle to broader AI deployment. These procurement inquiries typically focus on five core areas: which agents are active, their permitted actions, their operational identities, whether they behave as expected, and if organizations can prove these facts.
How the new platform operates
The updated system uses inline sensors to detect every AI agent deployed by employees, including unauthorized shadow AI. This visibility is critical for teams addressing AI for Executives & Strategy, as the platform maps each agent to its owner, identity, permissions, and operational scope within minutes.
The system evaluates every action against specific policies in real time. It blocks policy violations before execution and logs all decisions in a tamper-evident record for auditors, regulators, and the board. This creates a centralized inventory, providing a necessary foundation for leaders managing AI for CIOs to control compliance risks.
Industry perspective on enterprise trust
Nils Puhlmann, co-founder of the Cloud Security Alliance and former chief security officer at Twilio, Navan, and Zynga, highlighted the shift in vendor assessments. "When enterprise customers conducted security reviews in the past, the conversation centered on which frameworks we were certified against, how we managed our security posture, and what our third-party risk profile looked like," Puhlmann said. "However, over the past few months, an entirely new category of questions has emerged, focused on which AI agents are running and how they are governed."
Adam Markowitz, CEO and co-founder of Drata, noted the historical pattern of security following new technology. "Every major technology wave creates a security wave, and the security wave never starts with the platform vendor," Markowitz said. "Where endpoint created CrowdStrike and cloud created Wiz, we are now in a world where AI agents are creating a technology wave that requires a security layer to support its growth."
Why this matters for management
Management teams must prepare for stricter regulatory and board-level scrutiny regarding autonomous systems. Organizations that cannot provide verifiable evidence of AI agent behavior will face delayed procurement cycles and increased compliance liabilities. Establishing centralized monitoring is no longer an IT-only initiative, but a core business requirement for maintaining vendor trust and operational continuity.
Your membership also unlocks:
