The rapid deployment of AI agents across enterprises has created a governance blind spot that traditional security tools were never designed to handle. At Zenith Live 2026, Zscaler unveiled a comprehensive platform for securing agent-to-agent communications and data access, signaling that the industry is converging on a critical problem: how to control AI agents that operate independently of human oversight.

What Makes Agent Security Different From Traditional Enterprise Security?

For decades, enterprise security teams have focused on protecting user-to-application traffic. A person logs in, accesses a system, and security tools monitor that interaction. But AI agents operate differently. They communicate directly with other agents, invoke tools through standardized protocols, and retrieve data from sources that may sit outside any existing access control policy. This agent-to-agent (A2A) communication layer is largely uninstrumented in most enterprise environments today.

The scale of agent deployment is accelerating faster than governance frameworks can keep up. At CoreWeave, an AI infrastructure company, the CIO reported deploying roughly 10 enterprise-wide agents spanning multiple departments including engineering, supply chain, finance, and marketing, with hundreds of smaller task-specific agents deployed across teams. At Medtronic, the world's largest medical technology company, operational agents like Harmony (HR), Robin (IT help desk), and EVA (IT asset management) are already delivering measurable value. These deployments are happening now, but the security infrastructure to govern them is still being built.

How Are Security Vendors Approaching Agent Governance?

Zscaler's announcement at Zenith Live included three interconnected capabilities designed to close the governance gap. The AI Broker enforces fine-grained access controls on agent-to-agent and model-context-protocol (MCP) communications through an integrated Agent Registry that tracks which agents are permitted to access what. The AI Access Graph, built on Zscaler's acquisition of Symmetry Systems, maps how identities, applications, and data sources connect across the enterprise in real time. Together, these tools aim to provide both the visibility and enforcement layers that agent governance requires.

However, Zscaler is not alone in this space. The competitive landscape is crowded. Palo Alto Networks, Cisco, Netskope, and Fortinet all have active agentic AI security programs. Identity vendors like Okta, SailPoint, and Delinea are shipping agent-specific governance offerings. Hyperscalers like Microsoft are positioning themselves as the natural home for agent discovery and inventory through offerings like Agent 365. Purpose-built startups including Zenity and Pillar Security are shaping the standards conversation through initiatives like the Agent Control Standard (ACS), a vendor-agnostic framework launched just before Zenith Live.

The question facing enterprises is not whether to govern agents, but which layer of the technology stack should own that governance. Will it be network security vendors, identity platforms, cloud providers, or specialized startups? The answer will likely determine which vendors win the agent governance market.

What Are the Key Challenges in Implementing Agent Governance?

Even with new tools in place, several practical obstacles remain. The most immediate challenge is visibility. Before any governance framework can work, organizations need to register and classify agents. This cataloging task is harder than it sounds when agent proliferation is already outpacing IT visibility. Shadow deployments of agents are common, and agent catalogs are never truly complete.

A second challenge is architectural. Zscaler's traditional strength lies in inspecting north-south traffic, the data flowing between users and applications. But agent-to-agent communication often runs east-west within cloud environments and may never pass through Zscaler's inspection points at all. This means enforcement layers designed for traditional network architectures may miss significant portions of agent traffic.

A third challenge is the tension between speed and governance. Organizations deploying agents are moving fast, driven by competitive pressure and the promise of productivity gains. But governance frameworks require discipline, documentation, and ongoing oversight. The CIOs interviewed emphasized the importance of operationalizing governance into every stage of the software development lifecycle, not bolting it on afterward.

Steps to Building a Sustainable Agent Governance Program

• Establish a governance committee: Create a cross-functional team responsible for overseeing responsible AI usage, ensuring that policies align with organizational goals and regulatory requirements. This committee should include representatives from security, compliance, engineering, and business units.
• Build an agent inventory: Conduct a comprehensive audit of all agents currently deployed or in development across the organization. Document their purpose, the data they access, the systems they interact with, and the business owner responsible for each agent.
• Integrate governance into development workflows: Rather than treating governance as a post-deployment step, embed it into the software development lifecycle from the beginning. This includes agent design reviews, access control policies, and audit logging before agents go live.
• Invest in visibility tools: Deploy solutions that map identity and data lineage across the enterprise. Without understanding which data sources agents can reach and how those data flows connect, enforcement decisions are made blind.
• Plan for incomplete visibility: Accept that agent catalogs will never be complete and shadow deployments will occur. Design governance frameworks that work with incomplete information rather than requiring perfect visibility as a prerequisite.

Why CIOs Are Treating Agent Governance as a Strategic Priority

The CIOs participating in the Women in Tech Network discussion made clear that agent governance is not a technical problem to be delegated to security teams. It is a strategic issue that touches workforce dynamics, organizational design, and regulatory compliance. Sandy Venugopal, CIO at CoreWeave, noted that the company has deployed agents across engineering, IT, supply chain, finance, HR, marketing, and sales, requiring coordination across the entire enterprise.

"While speed is essential, prioritize sustainable and disciplined execution of AI initiatives to create lasting value," the CIO panel emphasized.

CIO Panel, Women in Tech Network

This reflects a broader shift in how CIOs view their role. They are moving beyond operational tasks to lead strategic discussions on workforce changes and organizational design. Leading change initiatives requires empathy and understanding of employees' concerns regarding AI adoption and its impact on their roles. Governance frameworks that are perceived as restrictive or opaque will face resistance. Frameworks that are transparent, fair, and aligned with business objectives will gain adoption.

What Does the Competitive Convergence Mean for Enterprises?

The fact that SASE vendors, identity vendors, hyperscalers, and purpose-built startups are all converging on agent governance is both a signal and a warning. It signals that the problem is real and urgent. It is a warning that no single vendor has yet established a dominant position, and the category is still being defined.

For enterprises evaluating solutions, this means asking pointed questions about integration depth, architectural fit, and long-term viability. How deeply integrated is the agent governance solution with the rest of the security platform? Does it work with agents deployed across multiple cloud providers, or is it optimized for a single cloud? Can it handle east-west traffic within cloud environments, or only north-south traffic at the perimeter? Will the vendor continue investing in this capability, or is it a secondary feature bolted onto an existing product ?

The answers to these questions will determine whether agent governance becomes a competitive advantage or a compliance checkbox. Organizations that treat it as a strategic priority, invest in the right tools, and integrate governance into their development workflows will be better positioned to scale agent deployments safely. Those that treat it as an afterthought will face the same data breaches, compliance violations, and operational chaos that plagued earlier waves of enterprise technology adoption.