SINGAPORE, 15 JULY 2026 – Keeper Security, a zero-trust and zero-knowledge identity security and Privileged Access Management platform, today announced agentic AI governance for Keeper Endpoint Privilege Manager, which launched earlier this year. The feature extends policy enforcement to AI agents and establishes Keeper as a governance layer for both human and non-human identities across employee workstations and enterprise endpoints.
Keeper Endpoint Privilege Manager governs every agent action as it happens, regardless of whether the agent uses Model Context Protocol, a direct API, a local tool or any other path. The company notes that competing approaches govern only at the MCP layer, leaving all non-MCP actions taken by agents outside of security policy.
Gartner predicts that by 2028, an average global Fortune 500 enterprise will have more than 150,000 AI agents in use, up from fewer than 15 in 2025. Yet according to IBM’s 2025 Cost of a Data Breach report, a majority of organisations lack AI governance policies entirely, and among those that experienced an AI-related breach, nearly all lacked proper AI access controls.
Governing agents where they execute
Keeper enforces governance from the same installed endpoint agent that already mediates human privilege requests, observing AI agents where they actually execute — on the machine itself. This allows Keeper to govern actions such as spawning child processes, writing directly to the filesystem, invoking a local shell, elevating privileges through the operating system, or accessing sensitive files.
Because the solution operates at the operating system level, it evaluates every action an AI agent attempts against the same policy engine, identity, approval and audit framework that governs human users, producing a single unified audit trail across both human and non-human principals.
Darren Guccione, CEO and Co-founder of Keeper Security, said AI agents function as principals rather than assistants, each with an identity that requests access and takes action on an organisation’s behalf, and said failing to govern them with the same rigour applied to human employees creates blind spots that adversaries will exploit.
Detecting known and unknown agents
Keeper Endpoint Privilege Manager identifies both known and unknown AI agents on managed endpoints. Known agents, including GitHub Copilot, Cursor, Claude Code and Amazon Q, are recognised through a signed catalog of agent identities combined with a proprietary AI likelihood score. Agents outside the known catalog are caught by a proprietary AI detection algorithm. Every application on a managed endpoint receives a zero-to-100 score, and any application crossing a configurable threshold falls under agentic AI policies immediately, without requiring a signature update or manual classification.
Policy framework and audit trail
Agentic AI governance is built on three new policy types layered onto Endpoint Privilege Manager’s existing controls, plus a new approval control that routes agentic actions to end users for review:
Agentic AI Policy controls who can run agents on an endpoint. Agentic Access Policy controls what agents may do on a user’s behalf, including access to sensitive files, executables and commands. Agentic Privilege Elevation Policy controls how agents request administrative elevation. Craig Lurey, CTO and Co-founder of Keeper Security, said AI agents operate with a level of autonomy that has created an urgent security gap, and said the update is designed to let enterprises adopt AI agents without exposing themselves to catastrophic risk.
A monitor-first lifecycle allows organisations to observe agent behaviour before enabling enforcement, with actions requiring human review held at an approval gate until a designated approver responds. A unified audit trail captures agent actions, policy decisions and approval outcomes, which the company says helps organisations operationalise NIST AI Risk Management Framework requirements at the endpoint.
The release also includes a dashboard with AI agent visibility, a new workload view, dedicated agentic AI groupings, and automatic agent updates with version control.
Availability
Agentic AI governance is available with Keeper Endpoint Privilege Manager, either standalone or as part of the KeeperPAM platform. Current customers can contact their Keeper customer success team to enable the feature, while new customers can request a demo at keepersecurity.com.
