Entro Security: Governance for Enterprise AI Agents & Access

Entro Security has introduced a significant new component to its platform called Agentic Governance & Administration (AGA). This system is engineered to provide security and identity teams with the tools needed to manage AI agents and their access rights within complex corporate IT environments. As companies rapidly integrate AI assistants and autonomous agent platforms, AGA addresses the critical governance challenges of maintaining an inventory, establishing clear ownership, enforcing the principle of least privilege, ensuring auditability, and implementing consistent policy enforcement for this new class of non-human users.

The company’s CEO, Itzik Alvas, emphasized the organic and often unmanaged way AI tools enter an organization. He noted that adoption frequently begins with an individual making a simple connection—linking a large language model to a development tool, adding an AI app to a SaaS platform, or authorizing an agent to access systems like SharePoint or Salesforce. These connections work, spread quickly, and soon create a shadow landscape that security teams struggle to map and control. The core questions—who connected what, to which systems, and with what permissions—become urgent. AGA is designed to restore that clarity and command as AI-driven access becomes commonplace.

AGA effectively extends the established principles of Identity Governance and Administration (IGA) to a novel and expanding access surface. While the concepts of permissions and access reviews remain, the nature of the user has fundamentally changed. The accessing entity is now often an AI service or a locally running software agent. These agents utilize non-human identities (NHIs), API keys, tokens, and service accounts for authentication. Furthermore, the potential impact of a compromise is defined by OAuth scopes, integrations, and automated workflows, not a single user’s login session. AGA adapts the governance processes security teams already understand to a reality where agents can be provisioned in seconds, operate around the clock, and proliferate unpredictably across different departments.

The platform operates by constructing a comprehensive, structured profile for each AI agent, built from three interconnected layers. It begins by gathering data from sources such as endpoint telemetry, agent development platforms (foundries), cloud environments utilizing NHIs, and Model Context Protocol (MCP) servers. It then identifies the targets, which are the specific enterprise applications and assets the agent interacts with. Finally, it maps the identities—whether human, non-human, or based on secrets—used to authenticate that access.

From this foundational profile, AGA delivers two powerful core capabilities. The first is comprehensive Shadow AI discovery. This goes beyond just unauthorized SaaS apps and LLMs to uncover the complete footprint of AI agents across endpoints, specialized agent platforms, and cloud infrastructure. By integrating with Endpoint Detection and Response (EDR) tools, AGA can identify AI clients and local agent runtimes on employee workstations. Native integrations with agent foundries like AWS Bedrock and Copilot Studio, along with cloud providers, allow it to discover newly created agents and the NHIs they depend on, such as OAuth apps and IAM roles. This creates a single, governed view of where an agent operates, what resources it can reach, and the identities that empower it.

The second capability is continuous AI agent monitoring and enforcement. While discovery reveals what exists, monitoring governs what actually happens. AGA provides visibility into MCP activity and enables policy enforcement, allowing teams to audit and control agent behavior in real-time. This includes detailed logs of the tools an agent invokes and the services it connects to, policy controls to define sanctioned MCP targets and permissible AI client behaviors, and clear audit trails of all allowed and blocked activities. Crucially, it also offers AI-focused controls designed to minimize the exposure of sensitive data and secrets, directly addressing key security risks introduced by autonomous systems.