HIPAA (43%), the NIST AI Risk Management Framework (37%), and SOC 2 or ISO 27001 (34%) are the frameworks that most influence enterprises' AI agent governance.

Responsibility for AI agent identity and access is fragmented: 28% of organizations assign primary ownership to security leads, 21% to development/engineering, 19% to IT, and 9% to IAM teams.