AI Agent Discovery: Why You Can't Govern What You Can't See

← Back to Blog

Three days before RSA Conference 2026 opens in San Francisco, a pattern has emerged across every major vendor announcement: discovery comes first.

Entro Security launched Agentic Governance & Administration (AGA) on March 18, leading with shadow AI discovery. Microsoft's Agent 365 centers on agent identity and inventory. ServiceNow's AI Control Tower starts with an agent registry. Even CrowdStrike's RSAC keynote is expected to anchor on the operational reality that most enterprises can't enumerate their own AI agents.

The consensus is forming: you cannot govern what you cannot see. And right now, most enterprises are blind.

The Discovery Gap: By the Numbers

The scale of the discovery problem isn't theoretical. It's quantifiable, and the numbers paint a picture of enterprises that have already lost track of their AI footprint.

78% of enterprise leaders say AI adoption is outpacing their ability to manage risk. The tools are arriving faster than the governance frameworks designed to contain them.
47% of generative AI users access tools through personal accounts, bypassing enterprise controls entirely. Nearly half of your AI usage is invisible to IT.
92% of MCP servers carry high security risk, and 24% require no authentication at all. The Model Context Protocol is becoming the connective tissue of agentic AI — and it's largely ungoverned.
82:1 machine-to-human identity ratio. For every human identity in your enterprise, there are 82 non-human identities — service accounts, API keys, OAuth tokens — many of which now power AI agents.
Average large enterprises are running agents across 5–10 platforms, from Microsoft and ServiceNow to Salesforce, AWS Bedrock, Google Vertex, and custom deployments built on LangChain, CrewAI, and AutoGen.

These numbers describe a governance gap that widens every week. Every new agent platform, every employee experimenting with a personal AI account, every MCP connection adds to an inventory that most security teams don't even know exists.

What AI Agent Discovery Actually Means

Discovery isn't a single scan. It's a multi-layered process that must account for the full spectrum of how AI agents enter and operate within an enterprise. Think of it as four concentric layers, each harder to see than the last.

Layer 1: Platform-Registered Agents

These are the agents you know about — the ones deployed through sanctioned platforms like Microsoft Copilot Studio, ServiceNow AI Control Tower, Salesforce Agentforce, AWS Bedrock, and Google Vertex AI. They have formal registrations, defined scopes, and typically some level of administrative oversight. This is the easiest layer to inventory, but it's also the smallest. Platform-registered agents represent only the tip of the iceberg.

Layer 2: Shadow Agents

This is where visibility starts to collapse. Shadow agents are the AI tools and automations that employees deploy without IT involvement — low-code automations on platforms like Zapier and Make, personal AI accounts accessed through browsers, Chrome extensions with AI capabilities, and custom GPTs shared within teams. Entro Security's AGA platform specifically targets this layer, using EDR integrations to detect AI client processes running on enterprise endpoints. The 47% stat isn't a forecast. It's the current reality.

Layer 3: Non-Human Identities (NHIs)

Every AI agent needs an identity to act. That identity manifests as OAuth tokens, service accounts, API keys, IAM roles, and platform-specific constructs like Microsoft Entra Agent ID. With an 82:1 machine-to-human identity ratio, the non-human identity layer has become the largest and least-governed identity surface in the enterprise. Most identity providers weren't designed to track agent-specific NHIs, which means agents can accumulate privileges, persist access tokens, and act across systems without appearing in standard identity audits.

Layer 4: Agent-to-Agent Connections

The most dangerous layer is also the hardest to see. Modern agentic architectures allow agents to spawn other agents, chain actions across MCP servers, and trigger cross-platform workflows that no single administrator can trace end to end. When a ServiceNow agent calls a Microsoft agent that queries a Salesforce agent, the resulting action chain crosses three governance boundaries. The 92% high-risk MCP figure becomes critical here — these connections are the arteries of agentic AI, and they're largely unmonitored.

Why Platform-Native Discovery Isn't Enough

Microsoft and ServiceNow announced a deep integration at Enterprise Connect 2026, combining Agent 365 with AI Control Tower. It's an impressive technical achievement — but it only covers two platforms. What about the Salesforce Agentforce deployment your sales team launched last quarter? What about the AWS Bedrock agents your engineering team is running in production? What about the custom LangChain and CrewAI deployments that your AI team built to handle specialized workflows?

Platform-native discovery creates islands of visibility. You can see everything within Microsoft's ecosystem. You can see everything within ServiceNow's ecosystem. But the gaps between those islands are where shadow agents thrive and ungoverned NHIs accumulate.

We've seen this pattern before. In the shadow IT era, Cloud Access Security Brokers (CASBs) emerged precisely because no single cloud vendor could provide visibility across the full SaaS landscape. The same architectural need exists today for AI agent discovery. Enterprises need a cross-platform discovery layer that sits above individual vendor ecosystems and provides a unified view of every agent, every NHI, and every agent-to-agent connection — regardless of where it lives.

The Discovery-to-Governance Pipeline

Discovery is not the end goal. It's the foundation of a four-step pipeline that transforms raw visibility into actionable governance. Each step builds on the previous one, and skipping any step leaves critical gaps.

Step 1: Discover

Build a living inventory of every AI agent across your enterprise — not a point-in-time snapshot, but a continuously updated registry that detects new agents as they appear. This means monitoring sanctioned platforms, scanning for shadow agents via EDR and network telemetry, enumerating NHIs across identity providers, and mapping MCP connections. The inventory must be living because the agent landscape changes daily.

Step 2: Classify

Not all agents carry equal risk. Classification assigns a risk profile to each discovered agent based on four dimensions: data access scope (what data can this agent read and write?), action scope (what actions can this agent take in the real world?), identity scope (what credentials and permissions does this agent hold?), and blast radius (if this agent is compromised, what is the maximum potential damage?). A customer-facing chatbot with read-only access to a knowledge base has a very different risk profile than an autonomous procurement agent with write access to financial systems.

Step 3: Map

Understanding individual agents isn't enough. You need to map the relationships between agents — which agents call which other agents, what MCP servers they share, and what cross-platform action chains they create. This is where the 92% high-risk MCP figure becomes operationally critical. A single high-risk MCP server that connects five agents across three platforms creates a blast radius that none of those agents would have individually. Mapping reveals systemic risks that per-agent classification misses.

Step 4: Govern

With discovery, classification, and mapping complete, you can finally apply governance policies that match actual risk profiles. High-risk agents get human-in-the-loop approval gates. Agents with broad data access get data loss prevention monitoring. Agent-to-agent chains that cross security boundaries get additional scrutiny. The key insight is that effective governance is impossible without the first three steps — and most enterprises are trying to skip straight to policy without doing the foundational discovery work.

What to Look for at RSAC 2026

RSA Conference 2026 will be saturated with AI governance announcements. Here are five questions to ask every vendor to separate genuine cross-platform discovery from marketing:

Can you discover agents on platforms other than yours? If a vendor can only see agents within its own ecosystem, it's providing platform management, not enterprise discovery.
How do you handle shadow agents? Look for concrete technical mechanisms — EDR integration, network traffic analysis, CASB-style detection — not vague promises about "comprehensive visibility."
Do you track NHIs across identity providers? Agents use identities from multiple providers. Discovery that only covers one identity system misses the 82:1 problem.
Can you map agent-to-agent chains across platform boundaries? This is the hardest technical problem in agent discovery. If a vendor can trace a workflow from Microsoft to ServiceNow to Salesforce, they're solving the real problem.
Is your discovery continuous or point-in-time? A quarterly agent audit is a compliance artifact. Continuous discovery is a security control. They are not the same thing.

The Cross-Platform Imperative

The vendor landscape heading into RSAC 2026 reveals a market that's rapidly segmenting around different aspects of the discovery and governance problem. No single vendor covers the full stack — which is precisely why enterprises need a cross-platform strategy.

Entro Security (AGA): Shadow AI discovery and MCP governance. Strong on detecting unknown agents via EDR and securing the MCP layer that connects them.
Bedrock Data: Data access governance for AI agents. Focuses on what data agents can reach and enforcing least-privilege data access across platforms.
Geordie AI: Real-time agent behavior monitoring. Watches what agents actually do at runtime, detecting anomalous actions and policy violations as they happen.
ServiceNow + Microsoft: Platform-native integration. Deep governance within the Microsoft-ServiceNow ecosystem, including agent identity, lifecycle management, and control tower capabilities.
AvePoint AgentPulse: Multicloud governance. Extends governance across multiple cloud platforms, addressing the island-of-visibility problem for organizations with diverse cloud footprints.

Each of these vendors addresses a real piece of the puzzle. But the enterprise challenge is stitching them together into a coherent discovery-to-governance pipeline that spans every platform, every identity provider, and every agent-to-agent connection.

Start Here: Your 48-Hour Discovery Checklist

Before RSAC opens, take these five steps to understand your current agent exposure:

Inventory sanctioned agent platforms. List every platform where your organization has officially deployed AI agents — Microsoft, ServiceNow, Salesforce, AWS, Google, and any custom deployments.
Check your NHI count. Ask your identity team how many non-human identities exist across your identity providers. If they can't answer quickly, that's your first finding.
Ask your security team about MCP. Determine whether any MCP servers are running in your environment, who deployed them, and what authentication they require.
Search EDR logs for AI client processes. Look for processes associated with known AI clients — ChatGPT desktop apps, Claude, Copilot, custom agent runtimes — running on enterprise endpoints.
Review CASB/DLP alerts for AI service connections. Check whether your existing cloud security tools have flagged connections to AI services that weren't sanctioned by IT.

Discover Every AI Agent Across Your Enterprise

iEnable helps enterprises discover, classify, and govern AI agents across every platform — not just one.

Start Discovery →