Securing the Agentic Control Plane
Vinay Patankar · 22 Mar, 2026 · Technology
The Cloud Security Alliance just launched a new foundation at RSA 2025. One mission: “Securing the Agentic Control Plane.”
That is not a panel topic. That is a 501(c)(3) with dedicated funding and a single mandate.
Three months ago, Forrester’s Leslie Joseph formally defined the Agent Control Plane as a distinct enterprise software category. In February, Forrester polled 47 vendors. 79% recognized it as a real, standalone product category. Evaluation questionnaires go out in April.
At RSA 2025, the pieces showed up everywhere. Geordie AI made the Innovation Sandbox finals with an agent security governance platform. Token Security made the finals with agent identity lifecycle management. Cisco extended Zero Trust Access to AI agents. Okta ships Auth for AI Agents in April. CrowdStrike paid $740M for SGNL to get dynamic agent authorization.
Everyone is building a piece of the control plane. Nobody has the whole thing.
The architecture has four layers: agent registry (what agents exist), policy enforcement (what they’re allowed to do), runtime monitoring (what they’re actually doing), and compliance reporting (proving it to auditors and boards).
That compliance reporting layer is exactly why healthcare AI agents need proof infrastructure before they need more autonomy.
Geordie AI does monitoring. Token Security does identity. Zenity does runtime detection. WitnessAI does usage visibility. Each one covers a layer. None spans all four.
This is structurally identical to what happened with cloud computing. AWS built CloudWatch for AWS. Azure built Monitor for Azure. GCP built Operations for GCP. None of them built tools to manage multi-cloud environments. Datadog did. Worth $20B+.
The same thing is happening with AI agents. Anthropic will build governance for Anthropic agents. OpenAI will build governance for OpenAI agents. Microsoft just priced Agent 365 at $15/user/month, and it only governs Microsoft agents.
The vendor-neutral governance layer that works across all of them does not exist yet.
Forrester is evaluating in April. CSA just formed a foundation. The Innovation Sandbox finalists are building fragments. The category is real. The race is open.
Who’s building the full stack?