Enterprise AI Governance: A Definition and a Growing Gap
Enterprise AI governance is the set of policies, identity controls, monitoring tools, and processes that manage how AI agents access systems, handle data, and act on behalf of humans across business environments. As autonomous agents spread from piloted chatbots to complex software actors, that governance layer is under pressure. Okta cites internal data showing that 90% of enterprise agents are over‑permissioned and 53% already touch sensitive information, underscoring how fast risk is escalating. At the same time, Gartner predicts that an average global Fortune 500 company could be running over 150,000 agents by 2028, amplifying every misconfigured permission or invisible integration. The core challenge is no longer whether enterprises will deploy AI agents, but whether they can see what each agent is, what systems it connects to, and how to shut it down when something looks wrong.
Okta and AWS: Making Agent Identity a First-Class Object
Okta’s expanded Okta for AI Agents platform aims to turn AI agents into first-class identities, not hidden processes. Its new integration with Amazon Bedrock AgentCore adds identity lifecycle management for agents running on AWS and extends support to non‑Okta identity providers. That means security teams can discover agents created in Bedrock, import them through the Okta Integration Network, and register each one with a clear human owner and baseline policies. Resource connections define which data or applications an agent can reach, how it authenticates, and what scopes it receives, improving AI agent security without forcing a single-vendor stack. As Ely Kahn, Okta’s Chief Product Officer, notes, “Security and IT leaders need a better way to understand where their agents are, what they can connect to, and what they can do,” especially as deployments span multiple platforms and distributed environments.
Automation Anywhere’s EnterpriseClaw: Autonomy Wrapped in Control
Automation Anywhere’s EnterpriseClaw shows what happens when powerful autonomous agents meet enterprise AI governance demands. Inspired by Nvidia’s OpenShell runtime, these “claw‑style” agents can access device file systems, interact with application screens, and create tools at runtime—essentially acting like highly capable digital workers. On its own, OpenShell could “access pretty much everything,” a serious problem for regulated industries. EnterpriseClaw answers this by surrounding that autonomy with centralized governance, credential controls, and observability, so enterprises can maintain autonomous agent control even when agents run near sensitive data or inside air‑gapped environments. Partnerships with Cisco, Nvidia, Okta, and OpenAI reinforce that focus: Cisco and Nvidia support secure infrastructure and on‑premises models, OpenAI brings access to GPT‑5.5, and Okta supplies identity management. Together, they begin to turn free‑ranging autonomous agents into governed, auditable participants in enterprise workflows.
The Industry’s Agent Identity Crisis
Despite new tools, the broader industry still faces an identity crisis around AI agents. Automation Anywhere’s Adi Kuruganti points out that most enterprises give agents human credentials for systems like Salesforce or SAP. When those agents act autonomously, logs show a human account performing the work, blurring accountability and complicating audit trails. This undermines enterprise AI governance because security teams cannot separate human actions from agent behavior or prove which steps an autonomous system took. Okta’s “first‑class identity” approach is a proposed fix: every agent receives its own identity, scoped access, and separate audit record. Kuruganti stresses that this should become a cross‑vendor standard, not a product‑specific feature. Until that happens, AI agent security remains fragile, with agents that can operate widely across networks but cannot be tracked, governed, or revoked with the precision enterprises expect for human users.
Building AI Governance Infrastructure for a Hybrid, Agentic Future
Both Okta and Automation Anywhere are reacting to a structural mismatch: AI agent adoption is accelerating faster than AI governance infrastructure, especially in hybrid environments where most critical data still sits outside public clouds. Kuruganti notes that many agent platforms assume cloud‑only designs, while large healthcare, financial, and manufacturing organizations often run on‑premises, in private VPCs, or in air‑gapped data centers. EnterpriseClaw’s ability to run near data, plus Nvidia’s Nemotron models via OpenShell, targets that reality. Okta’s neutral identity layer complements this by giving enterprises one place to discover, govern, and, when needed, deactivate agents across Salesforce Agentforce, ServiceNow, Google Vertex AI, AWS, and more. Together, these efforts hint at the next phase of autonomous agent control: a shared fabric for visibility, identity, and policy that treats agents as durable, governable entities rather than experimental scripts scattered across the enterprise.