Omada A/S, the Copenhagen‑based specialist in AI‑driven Identity Governance and Administration (IGA), announced a new add‑on to its flagship platform: Omada Agent Governance. The solution is aimed at the growing class of non‑human identities that power everything from large language model (LLM) assistants to autonomous process bots. By treating these AI agents like any other user in an organization’s identity fabric, Omada hopes to close a compliance and risk gap that has emerged alongside the rapid adoption of generative AI tools.
AI agents are now a “digital employee” class
Enterprise IT departments have spent the last decade building out identity and access management (IAM) controls for human users. Today, those same controls are being stretched to cover software agents that can log into cloud services, read and write data, and even trigger downstream workflows without direct human oversight. According to recent analyst surveys, more than 70 % of large enterprises have deployed at least one AI‑driven automation in production, and many expect the number to double within the next 12 months.
The challenge, however, is visibility. While traditional IAM solutions can enumerate user accounts and enforce policies, they often lack the ability to discover and catalog AI agents that are created on the fly by LLM‑based copilots, RPA tools, or custom micro‑services. Without that inventory, security teams cannot answer four fundamental questions:
- What AI agents exist in the environment?
- Who is accountable for each agent?
- What resources can the agents reach?
- What is the associated risk profile?
Omada’s CEO, Jakob H. Kraglund, summed up the dilemma in a statement released with the product launch:
“Every major technology shift creates a governance gap, and AI agents are no exception. Organizations are moving quickly to adopt AI. However, most cannot answer four fundamental questions: What AI agents do I have? Who is accountable for them? What can they reach? And what is the risk? Omada Agent Governance is built to answer exactly these questions.”
How Agent Governance fits into an existing IGA stack
Omada Agent Governance is not a stand‑alone product; it is an extension that plugs into the company’s broader IGA platform. The architecture leverages the same policy engine, analytics pipeline, and compliance reporting modules that already manage human identities. By doing so, it promises a “single pane of glass” for both people and bots, reducing the operational friction that typically accompanies a separate AI‑specific security tool.
Key technical capabilities highlighted by Omada include:
- Comprehensive discovery across major cloud providers, allowing the system to surface AI‑driven service accounts, API keys, and container‑based agents that have been provisioned manually or via code.
- Ownership assignment that links each discovered agent to a responsible team or individual, thereby preventing orphaned or unmanaged bots from lingering in production.
- Access‑dependency mapping which visualizes how an agent’s permissions intersect with data stores, compute resources, and downstream services.
- Risk scoring that juxtaposes granted privileges against actual usage patterns, flagging over‑privileged agents for remediation.
- Regulatory alignment with frameworks such as the EU AI Act, NIST AI Risk Management Framework (RMF), ISO 42001, OWASP recommendations, and the MITRE ATLAS model‑risk taxonomy.
The vendor says the module can be layered on top of any existing IGA or broader IAM investment, preserving prior configuration while adding the agent‑specific lenses.
Why enterprises should care
From a risk‑management perspective, uncontrolled AI agents represent a new attack surface. An orphaned service account with broad storage permissions can be hijacked to exfiltrate data, while a mis‑configured LLM assistant may inadvertently expose proprietary prompts or internal knowledge bases. Moreover, regulators are beginning to scrutinize the governance of autonomous systems. The EU AI Act, for instance, mandates that high‑risk AI deployments be subject to “adequate risk management and transparency measures,” a requirement that naturally extends to the identities that run those models.
By providing visibility and accountability, Omada Agent Governance could help enterprises:
- Reduce audit friction: Consistent evidence of who owns each AI agent and what it can do aligns with internal audit checklists and external regulatory reviews.
- Cut remediation time: Automated alerts when an agent’s actual behavior diverges from its declared permissions enable security teams to act before a breach materializes.
- Streamline cloud cost management: Identifying unused or under‑utilized agents helps finance and DevOps groups eliminate wasteful resources.
- Support secure AI adoption: Teams can safely experiment with new generative AI tools knowing that any resulting service accounts will be automatically tracked and governed.
Market context and competitive landscape
Omada is not the first vendor to address AI‑specific identity concerns. Companies such as CyberArk, SailPoint, and Okta have introduced “machine identity” modules that focus on certificates, API keys, and secret management. However, those offerings typically stop short of treating AI agents as full‑fledged identities that require lifecycle governance, entitlement reviews, and risk scoring.
Omada’s approach differentiates itself by embedding AI agent governance within a broader IGA framework rather than treating it as a peripheral add‑on. This could appeal to large enterprises that have already standardized on Omada’s platform for human identity management and are looking for a seamless way to extend those controls.
Analysts note that the market for AI‑specific security tools is still nascent, with venture capital funding pouring into niche startups focused on model‑level protection, prompt injection detection, and data provenance. As the ecosystem matures, integration points between IAM, MLOps, and AI governance will become a critical factor for vendors seeking to stay relevant.
Potential limitations and questions
While the announcement is promising, several practical considerations remain unanswered:
- Scope of cloud coverage – Omada lists “major cloud platforms” but does not specify which providers (e.g., AWS, Azure, GCP, Alibaba) are fully supported at launch.
- Agent definition granularity – It is unclear whether the system can differentiate between a short‑lived inference request token and a long‑lived autonomous bot, a distinction that could affect risk scoring.
- Performance impact – Real‑time discovery and dependency mapping across thousands of agents may introduce latency in large, multi‑region deployments.
- Pricing model – No details were provided on licensing, whether the module is sold per agent, per user, or as a flat add‑on to existing Omada contracts.
Enterprises evaluating the solution will likely need to run pilot projects to validate coverage, performance, and cost before committing to a production rollout.
Looking ahead
Omada’s Agent Governance arrives at a moment when the line between “human user” and “software actor” is blurring. As generative AI tools become embedded in everyday business processes—from customer‑service chatbots to automated code generation—organizations will need more than just secret‑management vaults. They will require a governance layer that can answer who is responsible for a bot, what it can do, and whether that aligns with policy and regulation.
If Omada can deliver on its promise of unified visibility and risk‑aware controls without imposing excessive operational overhead, it could set a new baseline for AI‑agent security. For now, the product is a noteworthy addition to the growing toolbox of enterprises seeking to tame the governance gap created by the AI wave.
Power Tomorrow’s Intelligence — Build It with TechEdgeAI












