Vendor Watch

Every other entry in this archive claims visibility. This one claims enforcement. That is a meaningfully different proposition — if it holds under scrutiny. Most AI governance platforms produce dashboards. Guardian Agents, as described, are supposed to intervene: flagging drift, triggering remediation, generating contemporaneous audit records. The difference between a governance dashboard and a governance enforcement layer is exactly the difference regulators are beginning to demand in financial services, and it is the gap that SR 11-7 model risk expectations and EU AI Act Article 14 human oversight obligations are converging on.

The open question is whether the enforcement capability is real or marketing. Cognizant's disclosure that "more details on the control and intelligence layers are expected to be announced in the near future" is a caution flag — the press release is ahead of the product documentation. For compliance officers evaluating this for regulated-industry deployment, the test is whether Guardian Agent outputs are audit-ready evidence that satisfies an examiner, or telemetry dressed as compliance records. Those are not the same artifact.

The launch is technically sound and addresses a real gap. Existing OAuth2 and OIDC standards — the protocols Ory's entire stack is built on — were designed for delegated human authorization. The fact that a sophisticated IAM vendor needed to build a separate product for agent credential issuance is itself the story: the standards layer was not designed for machine-speed, machine-volume identity management.

Talos closes the credential lifecycle problem — issuance, scoping, revocation. It does not close the governance problem. A scoped, short-lived token tells you what an agent was permitted to do. It does not establish that a responsible human authorized this specific action at this specific moment. In regulated industries, examiners ask the second question. No IAM product answers it.

For product and compliance leaders at financial institutions: tools like Talos are necessary infrastructure. They are not a governance posture.

Microsoft is replaying the Azure Active Directory playbook: become the default governance layer before governance becomes a procurement category. The cross-cloud inventory capability — extending to AWS and Google — is the strategic move. Agent sprawl won't respect platform boundaries, and the vendor that owns the registry owns the conversation about what governance means.

The structural gap the product documentation doesn't resolve: Entra Agent ID is issued per agent acting on behalf of a licensed human user. Fully autonomous agents — those operating without a human in the loop — fall into an undefined licensing and governance zone. For financial services deployments where autonomous agents make decisions without contemporaneous human authorization, that gap is not cosmetic. It is the compliance question.

The governance-first bet is coherent. ServiceNow is building a position as the orchestration layer that governs AI agents across every platform, which is the right architectural argument for an enterprise that will inevitably run agents from multiple vendors. The Knowledge 2026 announcement compressed what typically requires two or three separate product cycles into a single event — that's either a sign of genuine platform velocity or a sign that product depth hasn't kept pace with product announcements.

The integration depth of the Veza and Armis acquisitions is the real test. Buying access governance and asset intelligence is the right structural move; the question is whether those capabilities genuinely extend AI Control Tower's enforcement reach or sit adjacent to it as loosely coupled modules. Dashboards that aggregate signals from Veza and Armis are not the same product as a unified enforcement layer. Regulated-industry buyers should pressure-test that distinction specifically.

The KPMG lineage is the most important fact about Cranium that its press materials underplay. Being incubated inside a Big Four firm gives it a distribution channel that purpose-built startups spend years building. Consulting-led enterprise AI governance procurement — where the advisory firm recommends the tool — is a real and fast-moving pattern, particularly in regulated industries where buyers want a single accountable partner for both advice and tooling.

The AIceberg acquisition appears to add model-level attack surface visibility — filling the gap between the IAM layer (who accesses the model) and the model layer (what the model itself does and exposes). That is a meaningful capability addition if it holds up under technical scrutiny. The open question is whether Cranium's roadmap is driven by genuine enterprise need or by what consulting engagements sell. Those are not always the same product.

Faster integration signaling than most acquisitions at this scale produce. Naming matters in enterprise sales — "Idira" gives the combined entity a clean go-to-market surface rather than the awkward "CyberArk, a Palo Alto Networks company" construction that typically follows large acquisitions. That is a meaningful operational signal about how seriously PANW is treating the integration.

The substance question remains open. Idira at launch is primarily a rebranding and capability extension of existing CyberArk infrastructure, with agentic controls layered on top. The differentiated capability — agent-to-agent communication security via Cortex AgentiX — has not shipped. Until it does, Idira is a strong PAM platform with agentic marketing. That is not a criticism; PAM with agentic controls is genuinely what most enterprises need today. It is not the complete picture PANW is positioning it as.

Okta's three-question framework is clean, memorable, and will likely become the default vocabulary for enterprise conversations about agent security — the same way "zero trust" became shorthand for a posture rather than a product. That's valuable market positioning regardless of whether Okta wins the procurement.

The independence positioning is the strategic bet: Okta as the neutral identity layer across any agent platform, avoiding lock-in to any single LLM or orchestration vendor. That is the right architectural argument for multi-vendor enterprise environments. The gap the framework doesn't close: "what can they do" answers the access question. It doesn't answer "what should they do" — the governance question that compliance frameworks actually enforce. The vocabulary is necessary. It is not sufficient.

The reframe is the interesting part. Shadow AI is typically treated as a data loss prevention problem. SailPoint is positioning it as an identity governance problem: who is using what, with what access, and is that usage consistent with their role. That framing is more defensible in regulated environments because it integrates into existing IGA workflows rather than requiring a separate DLP deployment.

The limitation is architectural. A browser extension is a shallow integration point. It captures what users do in a browser tab; it does not govern what agents do at the API layer, what models receive, or what outputs get routed downstream. For financial services firms with strict data residency and supervision requirements, browser-level visibility is a starting point, not a compliance posture.

The Linux Foundation transfer is the key signal. When Google moved A2A out of its own stewardship and into a vendor-neutral foundation, it converted a Google protocol into infrastructure. That is a deliberate move to reduce procurement friction for organizations that won't build on a Google-controlled standard. 150 organizations in production — not pilot — is a meaningful adoption data point, though "production" can mean a narrow workflow rather than enterprise-wide deployment.

Cryptographic agent cards in v1.2 are worth specific attention for regulated industries. A verifiable, cryptographically signed identity for an agent that is operating across organizational boundaries is the infrastructure primitive that audit trails in multi-agent workflows require. It does not solve the governance problem, but it is a necessary precondition for solving it.

This is the consolidation signal the market needed to read. A $25B bet that identity is the primary attack surface in the agentic era — and that privileged access management, not network perimeter defense, is the control plane that matters. The deal logic is sound: as non-human identities proliferate at machine speed, the organization that governs credentials governs the enterprise.

The risk is integration velocity. Large acquisitions routinely slow the roadmap they were meant to accelerate. CyberArk's renewal rates are high because enterprise PAM buyers are sticky — but stickiness and platform enthusiasm are different things. The Idira launch three months after close is a positive signal. Cortex AgentiX's ship date is the real test.