惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
IT之家
IT之家
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Y
Y Combinator Blog
博客园 - 【当耐特】
The Cloudflare Blog
宝玉的分享
宝玉的分享
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Visual Studio Blog
小众软件
小众软件
博客园_首页
Last Week in AI
Last Week in AI
J
Java Code Geeks
V
V2EX
雷峰网
雷峰网
Apple Machine Learning Research
Apple Machine Learning Research
阮一峰的网络日志
阮一峰的网络日志
腾讯CDC
博客园 - 司徒正美
Engineering at Meta
Engineering at Meta
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
DataBreaches.Net
博客园 - 三生石上(FineUI控件)
MyScale Blog
MyScale Blog
云风的 BLOG
云风的 BLOG
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
T
The Blog of Author Tim Ferriss
N
Netflix TechBlog - Medium
F
Full Disclosure
B
Blog
H
Help Net Security
C
Check Point Blog
WordPress大学
WordPress大学
人人都是产品经理
人人都是产品经理
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
L
LangChain Blog
P
Proofpoint News Feed
D
Docker
Microsoft Security Blog
Microsoft Security Blog

Cloud Security Alliance

SearchLeak: Copilot Data Exfiltration Exploited | CSA Zero-Trust AI Governance for Multi-Agent Systems | CSA Dangling CNAMEs: Hidden Cloud Risk | CSA Agentic Payments in Financial Services | CSA Mythos and the Future of Cybersecurity | CSA AI-Driven Cloud Risk: Defenders Lose Ground | CSA Financial Services Industry Shifts from AI Adoption to | CSA CSAI Foundation Announces RiskRubric V2 as the Next Key | CSA RiskRubric Updates: AI Risk Assessment | CSA Over 80% of Organizations that Miss 24-Hour Patch Window Report | CSA ORCHIDEAS & MAESTRO: Secure AI Design | CSA Top 6 Claude Security Risks to Watch | CSA Cloud Cost Optimization in 2026 | CSA HIPAA Rule Overhaul in 2026 | CSA AI-Driven Exploits Outsmart Detection | CSA MCP Risks CISOs Should Prepare For | CSA AI Governance for Trust and Compliance | CSA MTTP: Patch Cycles Too Slow | CSA Cloud Security Evolution: Security Teams Lead | CSA Misconfigurations Break Customer Trust in Apps | CSA Taming Shadow AI: C-Suite Strategies | CSA Agentic AI Threats: Five Powers | CSA AIUC-1: Agentic AI Governance | CSA 2026 Threat Report for CISOs | CSA Securing AI in AWS: Runtime Detection & Response | CSA SLMs, LLMs, and the DSPM Difference | CSA OT Security Timeline: Mythos and Patch Pace | CSA Blast Radius and Cloud Threat Detection | CSA State of AI Cybersecurity 2026: 92% Concerned | CSA AI in MDR for Franchise & Multi-Location Ops | CSA AI Regulation: Identity and Authorization Gap | CSA MITRE ATT&CK for Cloud: Detection Coverage Guide | CSA Shadow AI Agents: The Insider Threat | CSA Medical Device Breaches Reveal Cloud Security Gaps | CSA AISMM: AI Security Maturity Model for Cloud | CSA Globee® Awards for Artificial Intelligence (AI) Honors Cloud | CSA Patching Smarter for Mythos Security | CSA SDP v3: Identity-First Zero Trust for AI | CSA AI-Ready Security Documents Beyond STIX, OSCAL, and SARIF | CSA Penetration Testing for ISO 42001 & Trust | CSA AI Agent Posture: Data-First Security Guardrails | CSA AI Agents Go Beyond Output: Enterprise Security | CSA AI Agent Security Starts with Scope Control | CSA Identity Spoofing vs. Identity Abuse | CSA AARM: Securing the Agentic Runtime | CSA Securing the Agentic Control Plane | CSA CSAI Foundation Announces Key Milestones to Secure the Agentic | CSA Catastrophic AI Risk Controls | CSA Cloud to AI: Building Secure Programs | CSA Identity in AI Era: Zero Trust's First Pillar | CSA SDLC Visibility: Securing Multi-Cloud Development Lifecycles | CSA Cloud Risk: Top 3 Threats & AI Tools | CSA AI Agent Identity Is Solved Backwards | CSA 8 Truths About Cloud Privilege Risk | CSA AI Governance: Mature Programs | CSA Agent Access Management: Data-First Security | CSA Glasswing: AI-Driven Security for Safer Software | CSA Runtime Security: Detection & Real-Time Cloud | CSA Identity as the OS for AI Security | CSA Cloud Misconfigurations Drive Attacks at Scale | CSA Sensing AI Behavior with the WBSC Probe Library | CSA An Actionable Guide to GDPR Compliance for Startups | CSA Cloud Security LIVE 2026: AI Risk & Trust | CSA Rethinking Non-Human Identity Security | CSA New Cloud Security Alliance Survey Reveals 82% of Enterprises Have Unknown AI Agents in Their Environments More Than Half of Organizations Experience AI Agent Scope | CSA SANS Institute, Cloud Security Alliance, [un]prompted, and OWASP | CSA AI Agents Are Talking: Are You Listening? | CSA Software Supply Chain Security Needs an Upgrade Choosing the Right AI Standard: 7-Point Guide | CSA Audience-Driven Authorization for AI Agents | CSA A CISO's Guide to Cloud Security Architecture | CSA Who’s Behind That Action? The AI Agent Identity Crisis SSCF Adoption for SaaS Security | CSA Mythos and the Vulnpocalypse: Cloud Defenses | CSA AI Security Risks and Data Visibility | CSA From Compliance to Credibility with CAIQ/CCM | CSA The State of Cybersecurity in the Finance Sector: Six Trends to Watch EU AI Act Compliance with prEN 18286 & ISO 42001 | CSA AI Security in the Cloud: Exposure Management | CSA Rethinking Incident Response as Engineering System | CSA Defense Depends on the Creator: AI Security | CSA ATF: Zero Trust for AI Agents | CSA Cybersecurity Needs a New Data Architecture | CSA CSA STAR v4.1 Updates for Cloud Security | CSA Unstructured Data Surges as Enterprises Struggle to Maintain | CSA SC Media Names Cloud Security Alliance’s Trusted AI Safety | CSA Exposed AWS Key Leads to Full Account Takeover | CSA Post-Quantum Cloud Migration for CSA Members | CSA AI Identity Security Compliance Checklist | CSA The Agentic Trust Deficit: MCP's Authentication Vacuum | CSA More Than Two-Thirds of Organizations Cannot Clearly Distinguish | CSA AI Cybersecurity 2026: Insights from 1,500 Leaders | CSA Three-Body Security: Data, AI & Identity | CSA IAM as Safety for AI-Controlled Systems | CSA Kubernetes Cost Savings and Security Debt | CSA Code to Cloud Security: Unified Exposure Management | CSA Retail Misconfigurations Attackers Exploit | CSA Rethinking Authorization for the Age of Agentic AI | CSA Enterprise AI: Guardrails to Governance | CSA
Shadow AI Agents: Enterprise Governance | CSA
2026-04-22 · via Cloud Security Alliance

Organizations say they have visibility into their AI agents. The data says otherwise.

Consider CSA and Token Security’s new survey report, Autonomous but Not Controlled. At first glance, the numbers look reassuring. The majority of organizations (68%) say they have high visibility into AI agents and autonomous workflows. So enterprises know what's running across their teams and tools, right?

Well, in the past year, 82% discovered at least one AI agent or workflow that security or IT did not previously know about.

Many organizations have enough visibility for day-to-day operations, but not enough for governance assurance. In other words, they may know about many of their AI agents, but not all of them. When agents can access systems, interact with processes, and trigger actions, “mostly visible” is not good enough.

Visibility is Not the Same as Assurance

One of the report’s most useful distinctions is between operational visibility and assurance-grade oversight.

Operational visibility means teams have a reasonable sense of what is running in the environment. That can be enough to support deployment, troubleshooting, and routine management. But assurance-grade oversight is a much higher bar. It requires confidence that all agents (authorized or not) are identified, scoped, and subject to control pathways.

That distinction matters because modern AI agent governance increasingly depends on bounded autonomy and exception-driven control. Many organizations are not trying to stop every agent action in real time. Instead, they let agents operate within defined limits and intervene when risk increases. That model can work, but only if you know about the agents in the first place.

Unknown agents do not respect governance diagrams.

If an agent is deployed outside approved processes, then:

  • Its purpose may not be documented
  • Its permissions may not be reviewed
  • Its boundaries may not be clearly defined

Exception-based governance depends on agents being known and bounded. When visibility is incomplete, the safeguards may not engage at all.

Why Shadow AI Agents Keep Appearing

The report also shows that shadow AI agents are not emerging in obscure corners of the enterprise. They are appearing in the same environments where legitimate agent adoption is accelerating.

The most common places organizations discovered unexpected or “shadow” agents were:

  • Internal automation or scripting environments
  • LLM platforms, including custom tools, assistants, and plugins
  • SaaS tools with built-in automation
  • Developer-created workflows

That should sound familiar to anyone working in IT or security. These are exactly the environments optimized for speed, experimentation, and decentralized problem-solving. They are where teams go to automate repetitive work, connect systems, build copilots, and streamline internal processes. They are also environments where creating a new workflow just feels like assembling a shortcut.

That is part of the challenge. AI agents do not always arrive through a formal procurement process or a clean engineering handoff. Sometimes they arrive as a plugin, a no-code workflow, a SaaS feature toggle, or a quick internal script that suddenly gains access to several systems and starts making decisions.

From a productivity standpoint, that is appealing. From a governance standpoint, that is how blind spots become normal.

The Real Issue is Coverage

Security teams often frame this problem as one of inventory: find the unknown agents, add them to the list, move on. The deeper issue is whether governance coverage extends to all the places where employees are creating and using agents.

If cloud platforms, internal orchestration systems, SaaS applications, and LLM environments are all active agent surfaces, then governance cannot live only in one review board, one ticketing process, or one control point. It has to function across a much more distributed environment.

Organizations may have enough visibility to operate AI agents day to day, but not enough completeness to ensure that control models apply universally.

Incomplete visibility creates several downstream issues:

  • Weakened approval pathways: If security teams do not know an agent exists, they cannot define when it would require human approval.
  • Undermined least-privilege decisions: Unknown agents may inherit permissions through existing tools, service accounts, or connected workflows.
  • Complicated incident response: When an autonomous workflow behaves unexpectedly, responders need to know what triggered it, what systems it touched, and who owns it.
  • Lifecycle risk: An agent that was never formally onboarded is unlikely to be formally retired.

Why This Matters Now

Enterprises no longer see AI agents as future architecture. They are already embedding them into core workflows. The report notes that agents are operating across cloud platforms, internal systems, SaaS applications, and LLM-driven environments. As those systems take on more autonomous roles, governance can no longer depend on assumptions like “we would know if someone built that.”

Apparently, many organizations do not, which would be concerning even if agents were low-impact tools. But we increasingly connect them to systems, data, and processes that matter.

When shadow deployment happens in environments tied to automation and orchestration, the blast radius grows. A hidden spreadsheet macro is annoying, but a hidden AI agent connected to internal systems, SaaS platforms, and business workflows is something else entirely.

AI agent governance is becoming an interconnected system spanning visibility, lifecycle management, policy design, and monitoring. Visibility is not a side concern. Visibility is the prerequisite that lets the rest of the model work.

What Organizations Should Do Next

Firstly, do not shut down innovation; the environments producing shadow AI agents are also producing legitimate business value. The goal is to make experimentation governable.

A practical path forward starts with a few shifts.

Treat AI agent visibility as a governance capability, not an asset inventory exercise. Organizations need a repeatable way to identify agents across internal automation, LLM tools, SaaS ecosystems, and developer workflows.

Expand onboarding expectations beyond traditional software. If a team creates an autonomous workflow, custom assistant, or agentic integration, that should trigger ownership, purpose documentation, and permission review.

Focus on “where agents can emerge,” not only “where agents are approved.” Shadow agents often appear in tools built for decentralized creation. Governance models should start there.

Define boundaries before exceptions occur. Exception handling works only when you know what an agent should do under normal conditions.

Close the loop between visibility and lifecycle management. If organizations cannot reliably discover agents at creation, they will struggle even more to decommission them later.

The good news is that many organizations are already building pieces of this model.
 

The Takeaway

The shadow AI agent problem is not actually about shadows, but misplaced confidence.

Organizations are right to focus on risk signals, human delegation, and monitoring strategies. These are all critical components of modern AI agent governance. But these controls only function effectively when applied to a complete and accurate inventory of agents. Without that, even well-designed governance models operate with blind spots.

When organizations report both high confidence in visibility (68%) and frequent discovery of unknown agents (82%), it signals a mismatch between perception and reality.

Why visibility becomes foundational

One of the most important implications of this research is that visibility is the foundation of control.

Think about how most governance models are designed today:

  • You define an agent’s purpose
  • You assign permissions based on that purpose
  • You establish guardrails for acceptable behavior
  • You monitor for deviations and escalate when needed

Every one of those steps assumes that the agent is known, documented, and operating within a defined boundary.

But when shadow AI agents emerge—especially in environments like LLM platforms, SaaS automation tools, and internal scripting frameworks—that assumption breaks down. Governance fails because the controls were never applied.

The hidden cost of “mostly visible”

Many organizations are operating in a state that could be described as “mostly visible.” And for traditional IT assets, that might be acceptable, but AI agents behave differently. Unlike static infrastructure, AI agents can:

  • Evolve through updates or prompt changes
  • Expand their scope through integrations
  • Interact dynamically with other systems
  • Operate at machine speed without continuous human oversight

In this environment, “mostly visible” introduces compounding risk.

From visibility to assurance: closing the gap

So what does it take to move from visibility to assurance?

The report suggests that organizations need to shift their mindset in a few key ways:

  1. Treat AI agent creation as a governance event. Whether an agent is built in a developer environment, a SaaS tool, or an LLM platform, its creation should trigger the same lifecycle expectations. These include ownership, purpose definition, and permission scoping.
  2. Extend visibility into high-velocity environments. The environments producing the most innovation are also producing the most shadow agents. These environments include automation tools, LLM platforms, and internal orchestration systems. Visibility efforts need to prioritize these areas, not just traditional infrastructure.
  3. Align visibility with lifecycle discipline. Discovery alone is not enough. Organizations need to ensure that agents move through a consistent lifecycle: onboarding, monitoring, and ultimately decommissioning. Otherwise, today’s shadow agents become tomorrow’s “retirement debt.”
  4. Build governance models that assume decentralization. AI agent creation is no longer centralized. Governance models that rely on a single control point will struggle to keep up with how agents are actually deployed.


Cover of Autonomous but Not Controlled

A final thought

AI agents are scaling across enterprise environments—quietly, quickly, and often outside traditional processes.

That is not inherently a bad thing, as it reflects real demand for automation, efficiency, and intelligent workflows. However, it does move the rules of governance away from restrictive controls.

The organizations that succeed in this next phase will be the ones that align visibility, lifecycle management, and policy enforcement into a cohesive system that can operate at the same speed and scale as the agents it governs.

In the end, the principle still holds: You cannot govern what you cannot see. In the age of autonomous workflows, what you cannot see will start causing problems immediately.

To understand where your organization stands—and where the gaps may be—the full report is well worth your time.