Home

/

Blog

/

Securing AI

What to Actually Ask a Vendor About AI Agent Governance

Nabeel Ansar

Every AI vendor in 2026 has a slide that says they offer "agent governance." Very few of those slides mean the same thing. Some mean audit logs. Some mean access control. Some mean a nice dashboard that shows agents exist. When you ask a follow-up question, you often find that the governance being sold is a fraction of what a real governance stack needs to cover.

Microsoft's recent Agent 365 documentation is actually useful here, not because Microsoft has solved the problem but because they've laid out in unusually clear language, the four things real agent governance has to handle. I want to translate that scope into a set of questions you can ask any vendor, not just Microsoft, when they tell you they can govern your agents.

If a vendor can't answer all four, they don't have governance. They have a slide.

What agent governance actually has to cover

Stripped of vendor branding, any real governance stack for AI agents needs to handle four distinct jobs. Miss any one and you have a gap an auditor, insurer, or attacker will find.

Area

What it covers

The question to ask

Registry and access

What agents exist, who owns them, what they can touch

How do I see every agent in my environment, and who decided it had access to what?

Data security and compliance

What data agents can see, what they do with it

If an agent reads sensitive data, how do I know and how do I stop it?

Threat protection

Attacks against and through agents

How do you detect a prompt injection or compromised agent?

Interoperability and performance

Agents working together, measuring what they produce

How do I know my agent is doing its job well and cost-effectively?

Let's walk through each one honestly.

Registry and access: the inventory problem

This sounds like paperwork. It isn't. The first governance failure in every AI deployment I've seen is the same — nobody knows how many agents exist in the environment.

Real registry and access governance answers four questions at any moment:

  • What agents exist in my tenant, across every platform we use?

  • Who owns each one — name of a person, not a team?

  • What does each agent have access to, at what scope?

  • What's the approval path when someone wants to add a new one?

The first question is the hardest. Most businesses have AI agents they don't know about, because every SaaS platform in their stack has quietly added an AI feature in the last twelve months. A governance tool that only sees agents you built is missing the ones that are actually most exposed.

What to demand from a vendor: A single view of every agent across every platform — not just the ones the vendor made. If they can only show you their own agents, they're showing you a product, not a governance solution.

Data security and compliance: where the real risk lives

AI agents need data to do anything useful. The governance question is which data, for what purpose, with what guardrails.

Three things real data governance for agents handles:

Exposure analysis. Before you connect an agent to a data source, you should know what it will be able to see. If the agent has access to a shared drive, does that include the HR folder nobody remembered to lock down? The Agent 365 framing calls this "AI-related data exposure risk." The principle applies to any tool. If the vendor can't show you what data an agent will touch before you deploy it, you're flying blind.

Content policies. Once agents are running, they'll touch sensitive data. The question is what they're allowed to do with it. Can they quote it back to users who shouldn't see it? Can they include it in outputs that get shared externally? Policies need to cover input (what goes into the agent) and output (what the agent produces).

Incident detection. When something goes wrong — an agent quotes confidential data to the wrong person, or its outputs start leaking information it shouldn't — you need to know quickly. This is where most SMB deployments have nothing. Not a dashboard, not an alert, not a log. Just hope.

What to demand from a vendor: A data flow diagram showing every place an agent's inputs and outputs go, what classifications apply, and what happens if a policy is violated. If they wave this away as "configurable on your side," they're selling you the steering wheel without the car.

Threat protection: the category that barely existed eighteen months ago

Prompt injection, tool misuse, memory poisoning, agent-to-agent attacks. These are the 2026 threat categories that didn't meaningfully exist in most security vendors' product roadmaps two years ago.

What threat protection for agents has to cover:

Posture assessment. Before attacks happen, a governance tool should tell you where you're exposed. Which agents have excessive privileges? Which ones trust inputs from untrusted sources? Which ones could be chained into a bigger attack? Posture assessment is the AI equivalent of vulnerability scanning.

Runtime defense. During operation, agents face live attacks. The simplest and most common is prompt injection — an attacker embeds instructions in data the agent reads, and the agent follows them. Runtime defense means detecting and blocking these attempts in real time, not in a report two weeks later.

Incident response. When an attack succeeds, you need a playbook. Containment, investigation, notification. Most SMBs have generic incident response plans that say nothing about AI agents. That gap will matter the first time it's tested.

What to demand from a vendor: Specific coverage of the OWASP Top 10 for Large Language Model Applications. If your vendor hasn't heard of it, that tells you where their product actually is in its maturity curve.

Interoperability and performance: where governance earns its keep

The fourth area is the one that gets the least attention and costs the most money when it's missing. Agents have to work with each other, with your existing systems, and at a cost you can justify.

Three questions real interoperability governance answers:

Can my agents access my company's data cleanly? An agent that can't see your CRM, your documents, your tickets, or your product catalog will produce generic, low-value output. A governance stack should support connecting agents to internal knowledge safely — with permissions, scopes, and audit.

Can my agents work together? Agents in silos solve small problems. Agents that coordinate solve bigger ones. Multi-agent orchestration is where the interesting work of 2026 is happening, and it requires infrastructure most governance tools haven't caught up with.

Am I getting value for what I'm spending? Every agent costs money — in tokens, in runtime, in infrastructure, in the human time to oversee it. If your governance tool can't tell you cost per outcome for each agent, you can't make the renew/retire decision with any confidence.

What to demand from a vendor: A dashboard showing cost, usage, and business outcome per agent. If the answer is "we can show you tokens spent," they're showing you a bill, not a governance tool.

What to do if you're starting from nothing

If you've read this far and are quietly realising your current "governance" is "we trust the vendor," three practical steps.

First, run the inventory exercise. Not a theoretical one. A real one. Sit with your IT lead and your ops lead for a morning. List every SaaS platform you pay for. For each, note every AI feature, assistant, or agent available on your tenant. Note which are enabled. Note who owns each one. The output is a spreadsheet. The spreadsheet is more governance than most businesses currently have.

Second, assign ownership. For every agent on the list, name a person — not a team. If nobody will own it, turn it off. An agent without a named owner is a problem waiting for a news cycle.

Third, pick one agent and harden it. Not all of them. One. Go through the four governance areas — registry, data security, threat protection, interoperability — for that single agent. See what's missing. That exercise will tell you more about what real governance requires than any vendor demo.

Once you've done one, the template for the rest is obvious.

The honest bottom line

Most "agent governance" products in the market today cover one or two of the four areas above. Some cover three. Very few cover all four, and the ones that do charge accordingly.

For any business running AI agents — which in 2026 means any business using modern SaaS — the choice isn't whether to govern agents. That decision has been made for you by your auditors, your insurers, and your largest customers' procurement teams. The only question is whether you build the capability in time.

The four-area framework above is what good looks like. Whether you build it with Microsoft's tooling, a competitor's, or a stack of point solutions is a secondary question. Getting to the point where you can honestly answer all four questions is the primary one.

If you can't today, the playbook is simple. Start with the inventory. The rest becomes obvious.

Related Posts

View All

Securing AI

The Lovable Story Isn't About a Bug. It's About Who Owns Security When AI Builds the Software.

Nabeel Ansar

Apr 20, 2026

Securing AI

Claude's Project Glasswing Changes the Clock. Here's What SMBs Should Actually Do About It.

Nabeel Ansar

Apr 20, 2026

Securing AI

The AI Agent Security Gap: What SMB Leaders Are Missing in 2026

Nabeel Ansar

Apr 12, 2026

More Article by Nabeel Ansar

View All

Leading AI

Where Is Your Business Actually At With AI? A Practical Maturity Check.

Nabeel Ansar

Apr 21, 2026

Shipping AI

What a Portfolio of AI Agents Actually Costs

Nabeel Ansar

Apr 21, 2026

Securing AI

The Lovable Story Isn't About a Bug. It's About Who Owns Security When AI Builds the Software.

Nabeel Ansar

Apr 20, 2026

Practical writing on shipping, securing, and leading AI — from a product leader who's built AI into media, MSP, cybersecurity, and ecommerce.

Practical writing on shipping, securing, and leading AI — from a product leader who's built AI into media, MSP, cybersecurity, and ecommerce.

Recent

View All

The AI Agent Security Gap: What SMB Leaders Are Missing in 2026

Nabeel Ansar

Apr 12, 2026

The PM's Job Just Changed: What Claude Skills and Managed Agents Mean for How We Build Products

Nabeel Ansar

Apr 20, 2026

The Non-Engineer's AI Stack: Why Claude and Copilot Are Enough for Most Leaders

Nabeel Ansar

Apr 20, 2026

Where Is Your Business Actually At With AI? A Practical Maturity Check.

Nabeel Ansar

Apr 21, 2026

Explore Topics

Shipping AI

Shipping AI

Securing AI

Securing AI

Leading AI

Leading AI

Practical writing on shipping, securing, and leading AI — from a product leader who's built AI into media, MSP, cybersecurity, and ecommerce.

info@nabeelansar.com

Newsletter

Get real-world takes on AI—what works, what doesn’t, and what actually ships.

By signing up, you agree to our Privacy Policy

© 2026 NABEEL ANSAR.

Practical writing on shipping, securing, and leading AI — from a product leader who's built AI into media, MSP, cybersecurity, and ecommerce.

info@nabeelansar.com

Newsletter

Get real-world takes on AI—what works, what doesn’t, and what actually ships.

By signing up, you agree to our Privacy Policy

© 2026 NABEEL ANSAR.

Practical writing on shipping, securing, and leading AI — from a product leader who's built AI into media, MSP, cybersecurity, and ecommerce.

info@nabeelansar.com

Newsletter

Get real-world takes on AI—what works, what doesn’t, and what actually ships.

By signing up, you agree to our Privacy Policy

© 2026 NABEEL ANSAR.