Portal26 has added an Agent Management Platform (AMP) to its portfolio that automatically discovers and analyzes artificial intelligence (AI) agent behavior, including interactions with AI models, volume of tool calls, and systems being accessed, to assess risk levels.
Company CEO Arti Raman said once IT and cybersecurity teams are armed with those insights it then becomes possible to use the company’s governance platform to align agentic AI applications with existing governance and compliance policies.
AMP extends an AI Value Realization platform that measures the impact AI agents have on workflow and productivity within the context of the amount of tokens being consumed to achieve that goal.
Collectively, those capabilities provide the framework organizations need to successfully operationalize AI agents, said Raman.
At the core of those capabilities is a forensic AI vault that Portal26 created to house and analyze granular agent tracing data. That telemetry data is then surfaced via a set of dashboards that are then used to track the impact AI agents are having on any given workflow, noted Raman.
It’s not clear to what degree organizations are investing in ways to govern agentic AI workflows, but the issue will undoubtedly come to a head in 2026 as costs start to rise. Each time an AI agent is deployed the number of tokens being consumed starts to steadily increase. In fact, many organizations are already throttling back AI agents to reduce the total number of tokens that, in the absence of any controls, might otherwise be consumed.
The challenge is that many of the AI agents being deployed are exacerbating long-standing shadow IT issues. Before there can be a means to apply governance policies to AI agents, there first needs to be a method to discover their presence within, for example, a software-as-a-service (SaaS) application environment.
Ultimately, it’s not a question of if governance will be applied to agentic workflows as much as it is how soon. It’s all but certain there will be a rash of incidents involving AI agents that for one reason or another were able to access sensitive data in a way that created some type of leak. More troubling still, it’s already been shown multiple times over that AI agents are susceptible to malicious prompt injection attacks that can be used to instruct them to exfiltrate data or, worse yet, compromise an entire business workflow. The only way to prevent those incidents is to make sure there are a set of governance policies that prevent an AI agent from carrying out a malicious instruction in the first place.
Each organization will need to determine when it will come to a reckoning with the AI agents that are being rolled out, but the one thing that is certain is auditors will soon be asking some difficult questions that could lead to any number of fines being levied. The issue, of course, is that the cost of those levies could easily wind up wiping out the value of any of the productivity gains that might otherwise have been achieved.
