For the first time, AI agents on employee workstations and endpoints can be discovered and governed with access policies and elevation controls
, /PRNewswire/ — Keeper Security, the leading zero-trust and zero-knowledge identity security and Privileged Access Management (PAM) platform, today announces agentic AI governance for Keeper Endpoint Privilege Manager, which launched earlier this year. The feature extends policy enforcement to AI agents and establishes Keeper as the governance layer for both human and non-human identities across employee workstations and enterprise endpoints. Keeper Endpoint Privilege Manager delivers agentic AI security at the endpoint, governing every agent action as it happens regardless of whether the agent uses Model Context Protocol (MCP), a direct API, local tool or any other path. Competing approaches govern only at the MCP layer, with all non-MCP actions that agents take falling outside of security policy.
Gartner predicts that by 2028, an average global Fortune 500 enterprise will have more than 150,000 AI agents in use, up from fewer than 15 in 2025. Yet according to IBM’s 2025 Cost of a Data Breach report, 63% of organizations lack AI governance policies entirely, and among those that experienced an AI-related breach, 97% lacked proper AI access controls. The governance infrastructure has not kept pace with adoption.
The reason is architectural. Other AI agent governance solutions operate at the MCP layer, governing only the tool calls an agent routes through an MCP server. Keeper instead enforces governance from the same installed endpoint agent that already mediates human privilege requests, observing the AI agent where it actually executes: on the machine itself. Keeper can govern what actions an agent is taking on the local device including: spawning child processes, writing directly to the filesystem, invoking a local shell, elevating privileges through the OS or accessing sensitive files.
Because Keeper’s solution operates at the operating system level, it evaluates every action an AI agent attempts against the same policy engine – with the same identity, approval and audit framework that governs human users. The result is full attribution, enforcement and a single unified audit trail across both human and non-human principals on every endpoint.
“AI agents are not assistants; they are principals,” said Darren Guccione, CEO and Co-founder of Keeper Security. “Every agent running on an endpoint has an identity, requests access and takes actions on behalf of your organization. If you are not governing them with the same rigor you apply to your human workforce, you have blind spots that adversaries will find before you do. Keeper closes that gap today.”
Detecting What Is Already Running
Keeper Endpoint Privilege Manager identifies both known and unknown AI agents on managed endpoints. Known agents, including GitHub Copilot, Cursor, Claude Code and Amazon Q, are recognized through a signed catalog of agent identities combined with a proprietary AI likelihood score that classifies applications and traces their origin.
Agents outside the known catalog are caught by Keeper Endpoint Privilege Manager’s proprietary AI detection algorithm. Every application on a managed endpoint receives a zero-to-100 score, and any application that crosses the configurable threshold falls under agentic AI policies the moment it runs, with no signature update or manual classification required. Administrators tune the threshold per policy and can pin known agents to defined groups for targeted control.
Governance Policies Built on Familiar Controls
Agentic AI governance in Keeper Endpoint Privilege Manager is built on three new policy types, using the existing controls available to Endpoint Privilege Manager policies plus a new approval control that routes agentic actions to end users for review:
- Agentic AI Policy controls who can run agents on an endpoint.
- Agentic Access Policy controls what those agents may do on a user’s behalf, including access to sensitive files, executables and commands.
- Agentic Privilege Elevation Policy controls how agents request administrative elevation.
“AI agents operate with an alarming level of autonomy, creating an urgent security gap that organizations are scrambling to close,” said Craig Lurey, CTO and Co-founder of Keeper Security. “This update stops the emerging threat of autonomous AI in its tracks, allowing enterprises to adopt cutting-edge AI agents without opening the floodgates to catastrophic risk.”
A monitor-first lifecycle lets organizations observe agent behavior before enabling enforcement, and any action requiring human review is held at an approval gate until a designated approver reviews and approves.
A unified audit trail captures agent actions, policy decisions and approval outcomes, giving security and compliance teams a direct line from individual agent behavior to regulatory obligation. Keeper Endpoint Privilege Manager’s policy controls and audit trail provide the controls organizations need to operationalize National Institute of Standards and Technology (NIST) AI Risk Management Framework requirements directly at the endpoint.
This product release also includes a dashboard with AI agent visibility, a new workload view, dedicated agentic AI groupings and automatic agent updates with version control.
Availability
Agentic AI governance is available with Keeper Endpoint Privilege Manager, either standalone or as part of the KeeperPAM® platform. Current customers can contact their Keeper customer success team to enable the feature. New customers can request a demo at keepersecurity.com.
About Keeper Security
Keeper Security is the leading zero-trust and zero-knowledge identity security solution, trusted by millions of people and thousands of organizations globally. KeeperPAM® is Keeper’s privileged access management platform that unifies password and passkey management, secrets management, privileged session management and endpoint privilege management in a single cloud-native platform, protected with quantum-resistant encryption. KeeperAI delivers real-time, AI-native threat detection across every privileged session. As AI agents proliferate and identity becomes the defining attack surface, Keeper governs access for humans, machines, non-human identities and AI agents, serving as the unified control plane for access, compliance and visibility across the enterprise. For more information, visit keepersecurity.com.
Learn more: KeeperSecurity.com
Follow Keeper: Facebook Instagram LinkedIn X YouTube TikTok
Media Contact
Katherine Benfield
ICR for Keeper Security
[email protected]
SOURCE Keeper Security
