Article Mar 25, 2026 · iEnable Team · 12 min read

RSAC 2026 Final Verdict: 8 Vendors Launched Agent Governance. None Solved the Real Problem.

After 4 days at RSAC 2026, one thing is clear: every major vendor launched AI agent governance — but none can see across platforms. Here's the gap that will define the next 12 months.

← Back to Blog

📊 Market Intelligence

RSAC 2026 Final Verdict: 8 Vendors Launched Agent Governance. None Solved the Real Problem.

📅 March 25, 2026 ⏱ 12 min

RSAC 2026 just wrapped. The AI agent governance market went from “emerging” to “everyone has one.” But the most important question went unanswered.

Four days. Eight major vendor launches. Over $400 million in disclosed funding. And a single, glaring gap that every booth, keynote, and breakout session managed to talk around without addressing.

RSAC 2026 was the conference where AI agent governance went mainstream. By Wednesday, you couldn’t walk the expo floor without tripping over a vendor promising to discover, govern, or secure your AI agents. The market validation was overwhelming. The actual solutions? Underwhelming — because every single one solves governance for their agents, on their platform, inside their ecosystem.

The problem isn’t that vendors aren’t building governance. They are, aggressively. The problem is that none of them can see across the walls they’ve built.

The 8 Launches That Defined RSAC 2026

Here’s what shipped this week, and what each vendor actually governs:

1. Microsoft Entra Agent ID (GA May 1)

Microsoft’s flagship announcement: every AI agent gets a unique identity in Entra, integrated with Agent 365 Security Policy Templates. It’s the identity layer the market has needed — if you live exclusively in Microsoft’s ecosystem.

What it governs: Microsoft agents — Copilot Studio, Agent 365, Azure AI. What it misses: Every agent built on AWS Bedrock, Google Vertex, Salesforce Agentforce, LangChain, CrewAI, or the shadow agents your marketing team built last Thursday.

2. Astrix Security — 4-Method Agent Discovery

Astrix came to RSAC with the most technically impressive discovery architecture: platform integrations, NHI fingerprinting, sensor telemetry, and bring-your-own-source (BYOS). Their real-time policy engine adds enforcement on top of visibility.

What it governs: Agent discovery and policy at the infrastructure layer. What it misses: Business context. Astrix can tell you an agent exists and what APIs it calls. It cannot tell you whether that agent’s output is aligned with your compliance requirements, your business rules, or your operational workflows across platforms.

3. Rubrik SAGE (Semantic AI Governance Engine)

Rubrik surprised the conference with SAGE — a custom small language model (SLM) purpose-built for real-time policy interpretation and agent control. It’s the first time a data security vendor has applied its own AI to govern other AIs.

What it governs: Data access and policy enforcement for agents touching Rubrik-protected data. What it misses: Agents that don’t touch Rubrik’s data layer — which is most of them.

4. Cisco Duo IAM — Zero Trust for Agents

Cisco extended its Zero Trust framework to AI agents via Duo IAM, with MCP policy enforcement and intent-aware monitoring for what they’re calling the “agentic workforce.”

What it governs: Network-level agent authentication and access control. What it misses: Agent behavior after authentication. Knowing an agent is authorized to access a system doesn’t tell you what it’s doing once inside.

5. Check Point — AI Defense Plane

Check Point’s approach: acquire Cyata for agent discovery and observability, then layer it into a unified “AI Defense Plane.” They know what agents exist, what tools they access, and what actions they perform.

What it governs: Agent visibility and threat detection at the security perimeter. What it misses: Policy orchestration across business units. Security teams get alerts; operations teams get nothing.

6. 1Password — Unified Access Platform for Agent Identity

1Password expanded from human identity to agent identity, with partnerships across Anthropic, Cursor, GitHub, Perplexity, and Vercel. Discover, secure, and audit across human, AI, and machine identities from one platform.

What it governs: Agent credentials and access management. What it misses: Agent governance beyond authentication — what agents do with their access, across which platforms, and whether that aligns with enterprise policy.

7. Bedrock Data — ArgusAI (MCP Server Governance)

Bedrock Data expanded ArgusAI to govern the full enterprise AI risk surface — agents, MCP servers, and data connections. With Snowflake Ventures backing a $25 million Series A, they’re focused on MCP server hardening.

What it governs: MCP server security and agent data access patterns. What it misses: Agents that don’t use MCP — which, in most enterprises, is the majority.

8. ServiceNow AI Control Tower + Microsoft Integration

The biggest partnership at RSAC: ServiceNow’s AI Control Tower now integrates with Microsoft Agent 365, Copilot Studio, and Microsoft Foundry. Two platform giants, unified governance view.

What it governs: Agents on ServiceNow + Microsoft. Together, that’s substantial. What it misses: Everything else. The Salesforce agents. The AWS agents. The custom-built agents. The shadow agents. If it’s not ServiceNow or Microsoft, it doesn’t exist in the Control Tower.

The Pattern Nobody at RSAC Talked About

Pull back from the individual launches and a clear pattern emerges:

Every vendor governs a fragment. No vendor governs the whole.

That’s not a temporary gap. It’s structural. Each vendor has a business incentive to govern agents within their ecosystem because governance is a retention mechanism. If Microsoft governs Microsoft agents brilliantly, you have one more reason not to move to AWS. If ServiceNow’s Control Tower only sees ServiceNow and Microsoft agents, you have one more reason to consolidate on those two platforms.

Platform-native governance isn’t just incomplete. It’s designed to be incomplete. The incompleteness is the value proposition — for the vendor, not for you.

Meanwhile, reality looks like this: 98% of enterprises deploy AI agents. The average enterprise uses 5-10 platforms for agent deployment. 79% lack governance policies spanning their full agent footprint.

Sixty-eight percent of security teams at RSAC reported they cannot distinguish between human and AI agent actions in their logs. That statistic, from the Cloud Security Alliance’s survey released during the conference, tells you everything about where enterprise governance actually stands.

What “Cross-Platform” Actually Means

Cross-platform agent governance isn’t another governance tool. It’s the layer that sits above all the tools launched this week.

Think of it this way: every RSAC launch was about depth — deep visibility into agents on this platform, deep policy enforcement for this type of agent, deep integration with this vendor’s ecosystem.

What’s missing is breadth — a single operational view of every agent, on every platform, governed by unified policies, managed through one interface.

That means:

The Next 12 Months

RSAC 2026 settled one question definitively: AI agent governance is a real category, not a niche. Over $400 million in funding and eight major vendor launches in one week proved that.

But it raised a bigger question: who builds the cross-platform layer?

The platform vendors won’t — it undermines their lock-in. The security startups might, but they’re focused on discovery and threat detection, not operational governance. The identity vendors are closest, but identity is only one piece of governance.

The enterprise that figures out cross-platform agent governance — a single pane of glass across every vendor, every cloud, every agent framework — will own the most important layer in the AI infrastructure stack.

Because in 12 months, the question won’t be “do you govern your AI agents?” Every vendor at RSAC just made sure the answer will be yes.

The question will be: “Can you govern all of them? Across everything? At once?”

After four days at RSAC 2026, nobody has that answer yet.

iEnable is building cross-platform AI agent governance — the unified layer above every vendor-specific solution. Learn more about our approach →