What We’re Announcing at RSAC 2026: Discovery Across Every Layer, and Control Over What Agents Can Do

At RSAC 2026, Astrix is announcing a four-method AI agent discovery architecture and a real-time policy engine for agent enforcement. This post explains why discovery alone isn’t enough, how the four methods work together to surface every agent across the enterprise stack, and what it means to move from visibility to control.

Most enterprises significantly underestimate how many AI agents are running in their environment. Those agents operate without security review, under shared credentials, with no named owner — and with real access to production systems. Governance programs weren’t built for this. Review cycles measured in weeks can’t keep pace with agents deployed in minutes. By the time a review completes, an agent may already be running in production with access to critical systems and no security review on record.

But visibility alone doesn’t close the risk. Knowing an agent exists tells you nothing about what it’s permitted to do, or whether that permission should exist at all. These are the two key gaps in AI agent security today: knowing what AI agents you have in your system and how they are operating.

Why a new approach to discovery is required

To get an inventory of AI agents operating in an organization, pulling a registry from within the AI platforms like Microsoft Copilot, Salesforce Agentforce, or Amazon Bedrock results in an incomplete list.

Agents built on developer frameworks, running locally in IDEs like Cursor, or deployed on homegrown infrastructure, don’t appear in any platform registry. They authenticate using non-human identities (NHIs) and access enterprise systems through those credentials, independent of any platform registration. 

If your discovery method starts and ends with platform integrations, these types of agents are invisible to you. And invisible agents don’t just read. They write, delete, and execute, with the same access as any registered agent and no record that they exist.

At RSAC 2026, Astrix is announcing capabilities that address both gaps: a four-method discovery architecture that surfaces every agent across the enterprise stack, and a real-time policy engine that controls what each one is allowed to do.

Four methods, single inventory

Astrix’s discovery architecture is built around where agents actually leave traces, not just where they’re registered.

AI Platform Integrations cover the sanctioned layer: every registered agent and MCP server across Microsoft Copilot, Amazon Bedrock, Google Vertex, OpenAI, Salesforce Agentforce, and others across all major categories of agentic infrastructure.

NHI Fingerprinting is where shadow agents surface. Every agent that touches an enterprise system authenticates using a non-human identity. Astrix monitors the NHI layer across cloud infrastructure, identity providers, SaaS platforms, and DevOps tools. When credential usage signals agent activity, Astrix identifies the agent behind it and maps how it’s gaining access, including admin-privileged access to critical resources. The identity layer is the definitive record of what an agent can reach. It’s also where you shut down unauthorized access, independent of any platform.

Sensor Telemetry extends discovery to endpoints. Astrix reads from EDRs including CrowdStrike, SentinelOne, and Microsoft Defender, network sensors including FortiGate, browser extensions, and others, reaching agents and MCP servers that never communicate with a platform integration, including locally-running agents on managed devices. No additional deployment required. Astrix reads from sensors already in your environment.

Bring Your Own Service (BYOS) handles the long tail: proprietary, homegrown, or non-standard services that don’t map to any named integration. No agent falls outside the inventory.

All four sources feed into a single platform view. Every discovered agent and MCP server is mapped to the NHIs it operates under, the credentials it holds, the resources it can reach, and the human owner accountable for it. Risk is scored automatically and prioritized by access scope and blast radius.

Discovery doesn’t stop at the initial inventory. Astrix monitors agent behavior, detecting anomalous access patterns, unauthorized actions, and credential misuse as they happen.

From discovery to enforcement with Agent Control Plane

A complete inventory matters. But knowing an agent exists and knowing what it’s allowed to do are different problems.

Agent Policies, also announced today, give security teams direct control over what agents are permitted to do: allow, flag, and block rules scoped by user, department, platform, and resource type, evaluated before an action executes. A default policy ensures unrecognized agent activity is always flagged.

Finding every agent and controlling what each one can do: that is what a functional agent security program looks like in 2026.

A complete agent inventory and real-time policy controls are also the prerequisites for AI productivity at scale. Without knowing what agents are running and governing what they can do, there’s no basis for deciding which ones to trust, which to expand, or how to build on isolated deployments across the organization. Learn more about Astrix AI agent Policies here.

If you’re at RSAC 2026, come find us at Booth #4225 to see the latest platform innovations in action, or book a demo here.