With a 30% growth in security questions tied to AI governance and only 11% of vendors confident in their responses, Drata launches new capabilities to enable companies to deploy AI forward with confidence.
SAN FRANCISCO--(BUSINESS WIRE)--Drata, the leading Agentic Trust Management Platform, today declared AI Agent Governance the next major enterprise security category and revealed the product it is building to solve it. The new capability extends Drata's existing trust platform— used by 8,500+ organizations worldwide—into the governance of AI agents now operating inside every enterprise. The launch addresses what Drata's own platform data shows is the fastest-growing security question category in enterprise procurement.
While McKinsey finds 57% of business leaders cite governance friction as the top blocker to deploying more AI, this move is a strategic shift grounded in platform trends Drata is uniquely positioned to observe. Over the last nine months, the company has processed more than 2.1 million security questions through the Drata Trust Graph and seen the frequency of AI-specific questions surge by over 30%. These insights—derived from aggregate platform activity—reveal that questions cluster across five core themes:
- Which AI agents are running?
- What are they allowed to do?
- Who do they run as?
- Are they behaving as expected?
- Can you prove all of the above?
As AI adoption surges, the diligence required of companies to govern them does as well. Unfortunately, security leaders are unprepared to answer the first four questions, making it nearly impossible to answer the fifth. In fact, a staggering 89% of companies leave questions in that category unanswered. Empowering security leaders to see the agents in their environment, authorize their access, monitor them continuously, and prove their posture is what the new product from Drata is designed to do.
"When enterprise customers conducted security reviews in the past, the conversation centered on which frameworks we were certified against, how we managed our security posture, and what our third-party risk profile looked like," says Nils Puhlmann, co-founder of Cloud Security Alliance and former chief security officer of Twilio, Navan and Zynga. "However, over the past few months, an entirely new category of questions has emerged, focused on which AI agents are running and how they are governed. Answering those questions confidently is impossible with today's technology; anyone who solves that problem is solving for the future of enterprise trust."
AI Agent Governance from Drata provides enterprise security teams with capabilities for the AI era, all built on the same platform that today produces compliance evidence for thousands of audits and enables teams to prove trust externally. Upon integration, Drata’s inline sensors find every agent created by every employee in the environment—including the shadow AI agents no one knew existed—and provide a full inventory in minutes, mapping each one to its owner, identity, permissions, and scope. From there, every action is evaluated against its individual policy in real time, with violations blocked inline before execution and any drift caught and flagged immediately. Every decision is logged in a tamper-evident record, providing a single, verified evidence trail for the board, auditors, customers, and regulators.
“Every major technology wave creates a security wave, and the security wave never starts with the platform vendor. Where endpoint created CrowdStrike and cloud created Wiz, we are now in a world where AI agents are creating a technology wave that requires a security layer to support its growth,” said Adam Markowitz, CEO and co-founder of Drata. "We have spent five years building the trust layer between great companies and helping our customers prove trust faster through agentic workflows. Extending the platform to govern agents themselves is the next required step and Drata is uniquely positioned with the platform data and the policies, controls, risk, monitoring, and remediation actions to do it credibly.”
To discover more about the new product, read this blog post from Drata CEO Adam Markowitz. AI Agent Governance is in early access for customers across financial services, healthcare, and software. Enterprises interested in learning more can apply to join the program at drata.com/agent-governance.
About Drata
Drata provides the trust network that enables businesses to operate, scale, and partner with confidence. Powered by AI and designed to operationalize trust, the Drata Agentic Trust Management Platform continuously interprets controls, risk, and assurance signals — reducing repetitive manual work while improving visibility into internal and third-party risk, enabling always-on audit readiness across compliance frameworks, and accelerating security reviews.
Purpose-built for enterprise complexity, Drata unifies governance, risk, compliance, and assurance to deliver faster time-to-value, reduce operational overhead, and enable continuous trust for 8,500+ organizations worldwide. For more information, visit drata.com.
Also Read:
How AI Agents for Detection Optimization Strengthen Security?
