Terry KS Keeper Security has introduced Keeper Workflow within its KeeperPAM platform, enabling organisations to enforce structured, approval-based access controls and time-limited checkout policies for privileged resources. The release directly addresses the growing security risks posed by AI agents operating as identities within enterprise infrastructure.
SINGAPORE, 13 MAY 2026 – Keeper Security, known for its zero-trust and zero-knowledge Privileged Access Management (PAM) platform, has announced the availability of Keeper Workflow within KeeperPAM, giving organisations a structured framework to control how privileged access is requested, approved, and used across the enterprise.
The launch comes at a pivotal moment for enterprise security. As AI agents shift from experimental tools to core infrastructure components, each one introduces a new identity, a new attack surface, and fresh compliance obligations. Keeper Workflow is designed to address this directly by embedding approval-based controls into the heart of the KeeperPAM platform, helping organisations move away from ad hoc access management toward a scalable model that eliminates standing privilege entirely.
Darren Guccione, CEO and Co-founder of Keeper Security, described the release as a practical application of zero-trust principles in an AI-driven environment. He noted that AI is no longer merely a productivity aid but a permanent layer of modern enterprise technology, and that the new workflow capability is built to define precisely when and whether any identity, human or machine, is permitted to act within enterprise infrastructure.
Keeper Workflow introduces three core capabilities. The first is an enhanced access control mechanism that requires administrator or designated approver sign-off before a user can establish a connection or tunnel to a privileged resource, with optional Multi-Factor Authentication requirements applied after approval is granted. The second is a vault approval notification system, through which users can submit access requests directly from the Keeper Vault or via the Keeper Commander CLI, while approvers receive and act on those requests through web, desktop, or mobile interfaces. Third-party integrations with Slack, Microsoft Teams, Jira, and ServiceNow allow security teams to manage approvals within their existing tools. The third capability is single-user-mode and time-limited enforcement, which restricts access to a protected resource to one user at a time for a defined period, with automatic credential rotation once access expires.
Craig Lurey, CTO and Co-founder of Keeper Security, highlighted that the solution was built to deliver governance without compromising the platform’s zero-knowledge architecture, making it straightforward to deploy and operate at scale.
The workflow capability is aimed primarily at IT administrators and security teams operating in highly regulated sectors including financial services, healthcare, and government, where manual oversight of privileged accounts has become increasingly impractical. Specific use cases include requiring formal approval before accessing compliance-governed systems, restricting critical infrastructure to a single authorised user within a defined time window, and applying consistent access policies where concurrent access to business-critical systems presents organisational risk.
Keeper Workflow is available now with the release of Vault 17.6 within KeeperPAM. More information is available at KeeperSecurity.com.