Agent governance gaps

Companies are deploying artificial intelligence agents faster than they can govern them, and recent surveys show the control gap is widening. (cloudsecurityalliance.org) A March 24, 2026, Cloud Security Alliance survey found 73% of organizations expect AI agents to become vital within a year, but 68% cannot clearly distinguish agent activity from human activity. The same report said 85% already use AI agents in production environments. (cloudsecurityalliance.org) Rubrik said on April 16, 2026, that 86% of more than 1,600 information technology and security leaders expect AI agents to outpace their security guardrails within a year, while only 23% report full visibility into the agents running in their environments. Its report described the resulting spread of non-human identities as a “shadow workforce.” (businesswire.com) An AI agent is software that can plan steps, call tools, and keep state long enough to finish multi-step work, rather than just answer one prompt. OpenAI’s Agents Software Development Kit defines agents as applications that plan, call tools, collaborate across specialists, and keep enough state to complete longer tasks. (developers.openai.com) That design creates a governance problem because agents do not just read data; they can also act on it with delegated authority. Microsoft’s guidance says every agent introduces organizational risk because agents access data, take actions, and operate with delegated authority. (learn.microsoft.com) The practical fixes being pushed now are architectural controls: isolate the agent’s workspace, separate orchestration from execution, and require approvals or guardrails before risky steps continue. OpenAI’s current documentation says the harness should own the agent loop, tool routing, approvals, tracing, recovery, and run state, while compute runs inside a separate sandbox. (developers.openai.com) OpenAI said on April 15, 2026, that its updated Agents Software Development Kit adds native sandbox execution and a model-native harness so agents can inspect files, run commands, edit code, and work on long-horizon tasks inside controlled environments. The company said those features were built for teams moving from prototypes to production. (openai.com) Microsoft is making a similar argument from the governance side. Its latest guidance calls for a single control plane with centralized agent identity, unified inventory and ownership, continuous behavioral visibility, and consistent policy enforcement across platforms. (learn.microsoft.com) The security failure points are increasingly concrete: 31% of organizations in the Cloud Security Alliance survey allow agents to operate under human user identities, 43% rely on shared service accounts, and 52% use workload identities. That mix leaves agents in what the report called an “identity gray area.” (cloudsecurityalliance.org) The thread running through the new guidance is that agent risk is being treated less as a policy memo problem and more as a systems design problem. The organizations adding sandboxes, strict execution boundaries, tracing, and ownership controls are trying to make agents visible before their sprawl becomes unmanageable. (developers.openai.com)