Market Intelligence Mar 21, 2026 · iEnable Team · 10 min read

RSAC 2026 Preview: The Battle for AI Agent Governance Has Arrived

RSAC 2026 marks the birth of AI agent governance as an enterprise category. Here's every vendor launching, what it means, and the five governance gaps the conference won't solve.

← Back to Blog

🏷️ Market Intelligence

RSAC 2026 Preview: The Battle for AI Agent Governance Has Arrived

📅 March 21, 2026 ⏱ 10 min

RSAC 2026 exhibition hall with AI agent governance vendor displays

When RSA Conference 2026 opens in San Francisco on March 23, one theme will dominate the exhibition floor that barely existed twelve months ago: AI agent governance.

From Innovation Sandbox finalists to Fortune 500 vendor announcements, RSAC 2026 marks the moment enterprise AI agent governance graduated from concept to category. Here is everything you need to know — who is launching what, what it means for enterprises deploying AI agents, and where the critical gaps remain.

Why AI Agent Governance Is the Story of RSAC 2026

The numbers tell the story. Gartner predicts that by 2028, enterprises will operate thousands of AI agents across business functions. Today, 97 percent of enterprises that suffered AI-related breaches lacked appropriate access management and formal governance practices. The AI governance market is projected to grow from $492 million in 2026 to over $1 billion by 2030.

But the real catalyst is simpler: enterprises have deployed agents faster than they can govern them. Shadow AI — unauthorized AI tools adopted by employees without IT oversight — is no longer a future risk. It is today’s unmanaged reality. RSAC 2026 is where the industry responds.

The Contenders: Who Is Launching What

Microsoft: Agent 365 and the Platform Play

Microsoft’s RSAC presence is its largest security showing ever. The company is demonstrating Agent 365 — its framework for managing AI agents within the Microsoft ecosystem — alongside sessions on “The CISO and CIO Mandate for Securing and Governing AI.” Microsoft’s approach is characteristically platform-native: deep governance within Entra ID, Copilot Studio, and Azure, with Microsoft Foundry serving as the orchestration layer.

What it means: If your agents live entirely inside the Microsoft ecosystem, Agent 365 will be compelling. The limitation is scope: it governs Microsoft’s agents, not your entire AI workforce.

ServiceNow: AI Control Tower Goes Cross-Platform (Sort Of)

ServiceNow’s AI Control Tower now integrates with Microsoft Agent 365, Copilot Studio, and Microsoft Foundry for unified oversight. CEO Bill McDermott’s open-market stock purchase signals internal confidence. NTT DOCOMO and StarHub are deploying Autonomous Roaming Resolution.

What it means: ServiceNow is building the connective tissue between its platform governance and Microsoft’s. This alliance covers a significant chunk of enterprise AI, but it still leaves vendor-neutral, cross-platform governance as an open problem.

Entro Security: Agentic Governance & Administration (AGA)

Launched March 19 — days before RSAC — Entro Security’s AGA (Agentic Governance & Administration) platform tackles shadow AI discovery, MCP activity visibility, agent monitoring, enforcement, and audit trails. Entro’s identity-security DNA gives it a natural angle into agent lifecycle management.

What it means: AGA brings identity-first governance to agents, with strong MCP visibility. The focus is on discovering and controlling agents you did not know existed. It is narrower than full lifecycle management but addresses a real and urgent pain point.

Geordie AI: Innovation Sandbox Finalist

London-based Geordie AI earned a Top 10 Innovation Sandbox spot with its “agent-native” security platform. It offers real-time discovery, behavior monitoring, and risk control of AI agents — designed specifically for enterprise-scale deployments.

What it means: Innovation Sandbox recognition brings investor attention and category validation. Geordie AI is agent-native from the ground up, which means less legacy baggage than vendors retrofitting existing products.

Token Security: Agent Identity at Scale

Also an Innovation Sandbox Top 10 finalist, Token Security focuses on AI Agent Identity Security — continuous discovery, lifecycle governance, and intent-based access controls. Their approach treats every AI agent as a non-human identity that needs the same rigor as human identities.

What it means: The non-human identity (NHI) angle is critical. With machine-to-human identity ratios now exceeding 82:1 in many enterprises, identity governance for agents is not optional — it is existential.

Bedrock Data: Governing What Agents Access

Bedrock Data’s leadership is running daily sessions at RSAC on “governing the data AI agents access, process, and act on.” Their angle is data governance for agents — ensuring agents only access authorized data and produce auditable outputs.

What it means: Most governance frameworks focus on the agent itself. Bedrock Data focuses on the data flowing through agents. This is complementary, not competitive, to agent lifecycle governance — and enterprises will need both.

CrowdStrike: The Manifesto

George Kurtz is keynoting RSAC with a focus on AI agent security, including the launch of an AI Operational Reality Manifesto. CrowdStrike’s brand weight makes this significant even if the product overlap is limited.

What it means: When CrowdStrike publishes a manifesto on AI agent security, it signals to every CISO that this is a board-level concern, not a science project. Category awareness is a rising tide.

The Wider Field

Other vendors with governance-adjacent RSAC presence include Zenity (FedRAMP In Process, hosting its own AI Agent Security Summit in May), Kore.ai (Agent Management Platform launched March 17 for enterprise AI ecosystems), WitnessAI (agentic AI governance framework), and SurePath AI (AI security for agent workflows).

The Five Governance Gaps RSAC Will Not Solve

Despite the flurry of announcements, five critical gaps remain unaddressed:

1. Cross-Platform Visibility

Most solutions govern agents within one ecosystem. Microsoft governs Microsoft agents. ServiceNow governs ServiceNow workflows. But enterprises run agents across Salesforce, AWS, Google Cloud, open-source frameworks, and custom builds — simultaneously. No RSAC announcement addresses true cross-platform agent visibility.

2. The Enablement Layer

Security vendors are racing to lock down agents. But who helps organizations enable agents responsibly? Governance without enablement creates friction that drives shadow AI adoption underground. The governance-enablement balance is the difference between a security product and a workforce platform.

3. Vendor-Neutral Identity

Microsoft Entra Agent ID sets the enterprise baseline for agent identity within Microsoft’s ecosystem. But agents operating across platforms need vendor-neutral identity management that works regardless of where the agent was built or deployed.

4. Agent Lifecycle Beyond Security

Discovery and monitoring are necessary but insufficient. Enterprises need to manage the full agent lifecycle: provisioning, capability assignment, performance measurement, retirement, and knowledge transfer. Most RSAC announcements stop at “detect and control.”

5. Organizational Context

A governance framework that does not understand organizational context — who owns this agent, what team uses it, which business process depends on it, what happens if it fails — is operating blind. Context-aware governance is what separates a security alert from an actionable decision.

What Enterprises Should Do Before RSAC

If you are attending RSAC 2026 or tracking announcements remotely, here is a practical framework:

  1. Inventory your agents now. You cannot evaluate governance solutions without knowing what you are governing. How many AI agents are active in your organization? Who owns them? What data do they access?

  2. Map your ecosystem. Which platforms host your agents? If the answer is more than one, you need cross-platform governance — not just platform-native controls.

  3. Define your governance goals. Are you solving for compliance (EU AI Act deadline August 2), security (shadow AI risk), operational efficiency (agent sprawl), or all three? The vendor landscape serves each differently.

  4. Evaluate for lifecycle, not just security. Ask every vendor: “What happens after you discover an unauthorized agent?” If the answer stops at “alert,” the gap between detection and resolution is still yours to fill.

  5. Plan for scale. Gartner’s “thousands of agents” prediction is not hypothetical. Your governance solution must handle 10x your current agent count without breaking.

The Bigger Picture: A Category Is Born

RSAC 2026 marks the official birth of AI agent governance as an enterprise category. Gartner has named “Guardian Agents” as a key emerging pattern. Funding has exploded — over $180 million in agent governance and security in a single week. The EU AI Act’s August 2 compliance deadline is creating regulatory urgency.

But a category birth is messy. The vendors at RSAC are solving different slices of the same problem: identity (Token Security, Microsoft Entra), discovery (Entro, Geordie AI), data governance (Bedrock Data), platform-native management (ServiceNow, Microsoft), and security enforcement (CrowdStrike, Zenity).

The enterprise that wins is the one that builds governance as an enablement platform — not a security lockdown. The organization that treats AI agents as a workforce to be managed, measured, and empowered — not just threats to be contained — will outperform competitors who are still fighting shadow AI with firewalls.

That is the gap. That is the opportunity. And that is what RSAC 2026 is really about.

Frequently Asked Questions

What is AI agent governance? AI agent governance is the set of policies, controls, and management practices organizations use to oversee autonomous AI agents — including discovery, identity management, access controls, performance monitoring, compliance enforcement, and lifecycle management.

Why is AI agent governance important at RSAC 2026? RSAC 2026 features more AI agent governance vendors than any previous conference, with multiple Innovation Sandbox finalists, platform announcements from Microsoft and ServiceNow, and new product launches from Entro Security, Kore.ai, and others. The category has moved from concept to enterprise priority.

What is shadow AI and why does it matter for governance? Shadow AI refers to AI tools and agents deployed by employees without IT oversight or approval. It creates security risks, compliance gaps, and operational blind spots. Governance frameworks must discover and manage shadow AI before it becomes an uncontrolled liability.

How does the EU AI Act affect AI agent governance? The EU AI Act’s August 2, 2026 compliance deadline requires organizations to implement governance controls for high-risk AI systems, including many enterprise AI agents. This creates regulatory urgency for governance adoption.

What is the difference between AI agent security and AI agent governance? Security focuses on protecting agents from threats and preventing unauthorized access. Governance is broader — it includes security but also covers lifecycle management, performance measurement, compliance, organizational context, and enablement. Effective governance includes security; security alone is not governance.

Want to stay ahead of the AI agent governance landscape? iEnable tracks every competitor, every launch, and every gap — so your organization can govern AI agents as a workforce, not just a threat.