RSA Conference 2026 opened this morning at Moscone Center in San Francisco, and the thesis we have been tracking for months is now impossible to ignore on the exhibition floor: AI agent governance is the enterprise security story of 2026. Not one story among many — the story. The opening keynotes, the Innovation Sandbox finalists, the platform announcements, the session tracks — they converge on a single question that every CISO and enterprise architect in attendance is now being forced to answer: who is responsible for governing the AI agents operating inside your organization?
The good news is that the market has finally caught up to the urgency. The concerning news is what this coverage from the floor makes clear: the solutions on display govern some agents, on some platforms. The cross-platform visibility problem — governing all agents, everywhere they run — remains the industry's most important unaddressed gap.
Here is the full picture from Day 1.
The Key Announcements Shaping the Conversation
Entro Security AGA — Booth N4515
The most operationally specific announcement heading into RSAC came from Entro Security, which launched its AGA (Agentic Governance & Administration) platform on March 18 — five days before the conference opened. Entro is at booth N4515, and AGA addresses three capabilities that most governance vendors have so far left largely unbuilt: shadow AI discovery, MCP (Model Context Protocol) activity visibility, and cross-system policy enforcement.
Shadow AI discovery deserves particular attention. As line-of-business teams have connected agents to corporate systems through low-code platforms and marketplace integrations, security teams are discovering an agent sprawl that mirrors the shadow IT problem of the previous decade — except agents don't just store data, they act on it. AGA's ability to surface agents that were never formally provisioned or reviewed is a direct response to a problem that is already live in most enterprise environments.
Entro's MCP visibility is equally pointed. The Model Context Protocol has become the connective tissue of agentic AI, and MCP connections are the new blind spot: agents chaining together tool calls, database reads, and API interactions in sequences that no single platform's native logging captures completely. AGA is built specifically to see that surface.
The constraint: AGA is identity-security native. It excels at discovery and control of agents you didn't know existed. Full lifecycle governance — provisioning, performance measurement, organizational context, decommissioning — remains outside its primary scope.
Microsoft Agent 365 + Zero Trust for AI Reference Architecture
Microsoft's RSAC presence is its largest security showing to date. The company is demonstrating Agent 365 across multiple sessions, with general availability confirmed for May 1, 2026. Alongside Agent 365, Microsoft released a Zero Trust for AI reference architecture — a practical framework for CISOs mapping security controls to agentic deployments within the Microsoft ecosystem.
The reference architecture is genuinely useful. It maps agent identity (Entra Agent ID), access controls (Copilot Studio permissions, Azure role assignments), behavioral monitoring, and audit trail generation into a coherent model. For Microsoft-native enterprises, it provides the governance blueprint that previously required custom engineering.
"Microsoft governs Microsoft agents. ServiceNow governs ServiceNow agents. Nobody governs all agents." — The cross-platform problem stated plainly.
The constraint: Agent 365 and the Zero Trust reference architecture are compelling inside Microsoft's walls. They provide no visibility or control for agents running on Salesforce Agentforce, AWS Bedrock, Google Vertex AI, LangChain deployments, or any of the dozens of other platforms enterprise agent infrastructure now spans.
ServiceNow AI Gateway — Enforcement Now Active
ServiceNow's AI Gateway is live with active enforcement at RSAC, not just monitoring. The platform now includes MCP server monitoring — tracking agent interactions through Model Context Protocol connections within the ServiceNow ecosystem. Combined with the ServiceNow-Microsoft integration announced in the weeks prior, AI Control Tower can now surface agent activity across both platforms in a single view.
This is the most mature cross-ecosystem integration at RSAC 2026. Two major enterprise platforms sharing governance data is a real step forward. It also makes the remaining gap more visible: this integration covers ServiceNow and Microsoft. The other eight platforms in the average enterprise remain outside the frame.
ServiceNow CEO Bill McDermott's open-market stock purchase in the days before RSAC signals internal confidence in the AI platform direction. NTT DOCOMO and StarHub deployments of Autonomous Roaming Resolution provide early enterprise validation.
CrowdStrike — AI Operational Reality Manifesto (George Kurtz Keynote)
George Kurtz's keynote introduced the AI Operational Reality Manifesto — CrowdStrike's formal statement that the industry's AI security rhetoric has significantly outpaced its operational readiness. The manifesto is a direct challenge to vendors selling aspirational AI security frameworks while enterprises deal with agents making autonomous decisions in production environments today.
The significance is partly substantive and partly symbolic. When the CEO of CrowdStrike stands on the RSAC keynote stage and draws a line between AI security theater and AI security practice, every CISO in the room recalibrates their vendor conversations. The manifesto elevates the conversation from "what does your agent governance product do in demo?" to "what does it do at 2 a.m. when an agent makes a decision your policy should have blocked?"
CrowdStrike's product footprint in agent governance is currently narrower than its brand weight. But the category-awareness lift this keynote creates is a rising tide that benefits every serious governance vendor — and raises the bar for every vendor selling security theater.
Innovation Sandbox Top 10: Geordie AI and Token Security
Two Innovation Sandbox Top 10 finalists address governance from complementary angles, and both deserve attention from enterprise architects evaluating their agent governance stack.
Geordie AI, founded by members of the Darktrace founding team and backed by Ten Eleven Ventures and General Catalyst with a $6.5 million seed, offers behavioral analysis of agent activity at scale. The Darktrace pedigree matters: the behavioral anomaly detection model that transformed network security is being applied directly to agent activity monitoring. Geordie is building "agent-native" security from the ground up, without the legacy architecture constraints of vendors retrofitting existing products.
Token Security is attacking the identity layer. With machine-to-human identity ratios now exceeding 82:1 in many enterprises — 82 service accounts, API keys, bot credentials, and agent tokens for every human in the directory — the identity governance model built for human actors is structurally insufficient. Token Security's AI Agent Identity Security Platform treats every agent as a non-human identity requiring continuous lifecycle management and intent-based access controls.
Bedrock Data — Daily Governance Sessions
Bedrock Data's leadership is running sessions each day of RSAC on governing the data that AI agents access, process, and act on. The angle is important and frequently overlooked: most governance frameworks focus on the agent as the unit of control. Bedrock argues, correctly, that an agent with narrowly scoped system permissions but broad data access can still cause significant harm.
Data governance for agents is not the same problem as agent identity governance or agent behavioral monitoring. It is a complementary discipline that will need to integrate with identity and behavioral layers rather than replace them. Bedrock's daily session cadence at RSAC reflects a bet that enterprise architects are ready to think about agent governance as a multi-dimensional discipline, not a single product category.
Zenity — AI Agent Security Summit in May
Zenity, which achieved FedRAMP In Process status, is actively at RSAC and hosting a dedicated AI Agent Security Summit in May. Zenity's enterprise focus and federal-market credibility make it a vendor worth tracking for regulated-industry deployments. The dedicated summit signals Zenity's intent to own the practitioner conversation around agent security outside the conference circuit.
The "Guardian Agents" Category Is Being Validated Everywhere
Gartner's "Guardian Agents" concept — AI systems specifically designed to govern other AI systems — is no longer a forecast. It is what every major vendor is building toward, whether they use that terminology or not.
Microsoft's Agent 365 and Zero Trust reference architecture constitute a Guardian Agent model for the Microsoft ecosystem. ServiceNow's AI Gateway with active enforcement is Guardian Agent logic applied to ServiceNow workflows. Geordie AI's behavioral monitoring is Guardian Agent detection. Entro's AGA is Guardian Agent administration. Token Security is Guardian Agent identity governance. Bedrock Data is Guardian Agent data control.
Gartner projects that spending on guardian agent capabilities will grow from less than 1% to 5–7% of total agentic AI budgets by 2028. Based on what is visible at RSAC 2026 today, the front end of that growth curve is being compressed. The EU AI Act's August 2 deadline is pulling enterprise governance investment forward by twelve to eighteen months.
| Vendor | Governance Layer | Platform Scope | Status at RSAC |
|---|---|---|---|
| Entro Security (AGA) | Shadow discovery, MCP visibility, policy enforcement | Cross-platform (discovery focus) | Live — Booth N4515 |
| Microsoft Agent 365 | Identity, access, orchestration, audit | Microsoft ecosystem only | GA May 1, 2026 |
| ServiceNow AI Gateway | Enforcement, MCP monitoring, policy | ServiceNow + Microsoft (via integration) | Enforcement active now |
| CrowdStrike | AI operational security, manifesto | Endpoint / platform-adjacent | Keynote today |
| Geordie AI | Behavioral analysis, anomaly detection | Agent-native, multi-platform | Innovation Sandbox Top 10 |
| Token Security | Agent identity, NHI lifecycle | Cross-platform identity | Innovation Sandbox Top 10 |
| Bedrock Data | Data governance for agents | Data layer, platform-agnostic | Daily sessions this week |
| Zenity | Agent security enforcement | Enterprise, FedRAMP | Booth + May Summit |
The Cross-Platform Gap Nobody Is Closing
Walk the floor at RSAC 2026 and the pattern becomes unmistakable: every governance solution covers part of the map. None covers the whole map.
Microsoft governs Microsoft agents. ServiceNow governs ServiceNow agents. The Microsoft-ServiceNow integration governs agents across those two ecosystems — a real and meaningful advance. But the average large enterprise in 2026 is running agents on Microsoft, ServiceNow, Salesforce Agentforce, AWS Bedrock, Google Vertex AI, and at least one or two open-source frameworks or custom builds. Shadow agents add another layer of undiscovered deployments on top of that.
The result is what might be called governance fragmentation by design: each vendor's investment in platform-native governance deepens the gap between what they cover and what the enterprise actually runs. A new integration between two platforms doesn't close the cross-platform gap; it raises the floor for two platforms while leaving six others ungoverned.
This fragmentation is not a failure of ambition. It is the logical outcome of platform-native governance as a competitive strategy. Microsoft wants you running more agents on Microsoft. ServiceNow wants you running more agents on ServiceNow. Their governance tools are simultaneously genuine solutions and retention mechanisms. There is nothing cynical about that — it is how enterprise software works. But it means that no single platform vendor has a structural incentive to build cross-platform governance. That layer has to come from somewhere else.
iEnable's Position: Layer 3 Cross-Platform Workforce Management
The competitive landscape visible at RSAC 2026 maps cleanly onto three layers of enterprise AI agent infrastructure:
- Layer 1 — Platform-native governance: Microsoft Agent 365, ServiceNow AI Gateway. Deep controls within a single ecosystem. Best-in-class for organizations running mono-platform agent infrastructure. Increasingly integrated between platforms that have business incentives to cooperate.
- Layer 2 — Specialized governance tools: Entro Security (shadow AI discovery, MCP), Token Security (agent identity), Bedrock Data (data governance), Geordie AI (behavioral monitoring), Zenity (enforcement). Each addresses a genuine gap. None provides the unified view required for enterprise-wide governance.
- Layer 3 — Cross-platform workforce management: The missing layer. Not a replacement for Layer 1 or Layer 2, but the connective tissue that aggregates their signals, maps them to organizational context (who owns this agent, which process depends on it, what policy governs it across all environments), and provides the unified inventory, audit trail, and compliance posture that regulators require and boards are beginning to demand.
This is the layer iEnable is building. Not another platform-specific governance tool competing with Microsoft or ServiceNow on their own turf. Not another specialized security product stacking on top of an already-complex security portfolio. The cross-platform intelligence layer that turns fragmented point solutions into a coherent, auditable, enterprise-wide AI workforce management discipline.
The 98% of enterprises now deploying AI agents — and the 79% that still lack governance policies spanning their full agent footprint — don't need another platform-native control. They need to govern what they've already built, across all of it, in a single frame.
The Regulatory Clock: 132 Days to EU AI Act Compliance
The governance urgency on the RSAC floor is not driven solely by competitive pressure or operational risk. There is a hard date on the calendar that is forcing enterprise architecture decisions that might otherwise take two or three more years to mature.
The EU AI Act compliance deadline is August 2, 2026 — 132 days from today. Enterprises operating in or serving EU markets must be able to demonstrate, to a regulator's satisfaction, that their AI systems are inventoried, risk-classified, operating under documented governance policies, and producing auditable records of their activity.
The Act does not distinguish between agents running on Microsoft and agents running on Salesforce. It requires comprehensive governance outcomes. An enterprise that can show auditors a clean Microsoft governance posture while its Salesforce Agentforce agents and custom AWS Bedrock deployments operate without oversight will not achieve compliance — regardless of how sophisticated its Microsoft governance architecture is.
This regulatory reality is the most powerful forcing function in the room at RSAC 2026. It is converting governance from a "we should get to this" initiative to a "we have a deadline" program with executive visibility, defined timelines, and budget authority. The enterprises that come out of this week with a cross-platform governance strategy are the ones that will make August 2 without scrambling. The ones that leave with a collection of platform-specific demos are going to have a difficult summer.
What to Watch for the Rest of the Week
Day 1 has established the theme. Here is what the remainder of RSAC 2026 will either confirm or complicate:
- Does any vendor announce genuine cross-platform governance beyond the Microsoft-ServiceNow integration? Watch for announcements from Salesforce, AWS, and Google Cloud — or from startups positioning to bridge those ecosystems.
- How operationally specific does CrowdStrike get? The AI Operational Reality Manifesto frames the challenge. Does the follow-through include enforcement capabilities that go beyond positioning?
- What does the Innovation Sandbox winner reveal about where investor conviction is landing? Geordie AI and Token Security are two of the finalists. The category distribution of the Top 10 tells you where the smartest security investors see the governance market heading.
- Do any customer case studies emerge from the Bedrock Data or ServiceNow sessions? Vendor positioning is one thing. Enterprises sharing their actual governance architectures — what they built, what they learned, where they are still exposed — are the signal worth extracting.
iEnable will be tracking all of it. Not as a participant in the vendor race — as the intelligence layer that maps the entire competitive landscape so enterprises can make clear-eyed decisions about their AI agent governance architecture.
Frequently Asked Questions About RSAC 2026 and AI Agent Governance
What is the dominant theme at RSAC 2026?
AI agent governance is the defining theme of RSAC 2026. The exhibition floor features more AI agent governance and security vendors than any previous RSA Conference, including multiple Innovation Sandbox Top 10 finalists specifically focused on agent identity, discovery, and behavioral monitoring. Major platform vendors — Microsoft, ServiceNow, CrowdStrike — are all making AI agent governance central to their RSAC narratives. Gartner's concept of "Guardian Agents" is being validated by nearly every enterprise software category simultaneously.
What did Entro Security announce at RSAC 2026?
Entro Security launched AGA (Agentic Governance and Administration) on March 18, 2026 — days before RSAC opened. The platform is showcased at booth N4515 and targets three under-served governance capabilities: shadow AI discovery, MCP (Model Context Protocol) activity visibility, and cross-system policy enforcement. AGA's shadow AI discovery is particularly relevant for enterprises that have deployed agents through low-code platforms or marketplace integrations without formal security review. Entro's identity-security background gives AGA a strong foundation for agent lifecycle management at scale.
What is Microsoft Agent 365 and when does it become generally available?
Microsoft Agent 365 is Microsoft's enterprise framework for managing, governing, and orchestrating AI agents within the Microsoft ecosystem. It integrates with Microsoft Entra ID for agent identity management, Copilot Studio for agent building, and Azure Foundry for orchestration. Microsoft also released a Zero Trust for AI reference architecture at RSAC 2026, providing CISOs with a structured approach to securing agentic deployments. Agent 365 reaches general availability on May 1, 2026. It is best suited for enterprises whose agent infrastructure is primarily Microsoft-native; it does not address governance of agents running on Salesforce, AWS, Google Cloud, or open-source frameworks.
What is the cross-platform governance gap and why does it matter?
The cross-platform governance gap refers to the absence of a unified governance layer that spans all AI agent platforms simultaneously. Microsoft governs Microsoft agents. ServiceNow governs ServiceNow agents. Entro Security addresses shadow AI discovery. But no single solution at RSAC 2026 provides comprehensive governance across the five to ten platforms the typical enterprise runs simultaneously. This gap matters because regulators — particularly under the EU AI Act, which has an August 2, 2026 compliance deadline — require governance outcomes that are platform-agnostic. An enterprise that can demonstrate governance for its Microsoft agents but not its Salesforce Agentforce or AWS Bedrock deployments will not satisfy audit requirements.
What is the EU AI Act deadline and how does it affect enterprise AI agent governance?
The EU AI Act's primary compliance deadline is August 2, 2026 — approximately four months after RSAC 2026. Enterprises operating in or serving EU markets must demonstrate that their AI systems, including AI agents, are inventoried, risk-classified, subject to documented governance policies, and capable of producing auditable records of their activity. The Act applies regardless of which platform hosts the agent, making cross-platform governance a regulatory necessity rather than a best practice. Enterprises that rely only on platform-native governance tools — Microsoft for Microsoft agents, ServiceNow for ServiceNow agents — will face compliance gaps that regulators are unlikely to accept.
Track the entire AI agent governance landscape — not just one platform.
iEnable is the cross-platform intelligence layer for enterprise AI workforce management. Understand what every agent in your organization is doing, across every platform, from a single frame.
Learn More About iEnable →