SecureAuth's New Registry Aims to Tame the 'Wild West' of AI Agents

IRVINE, CA – April 29, 2026 – In a move to rein in the chaotic and increasingly perilous landscape of enterprise AI, identity security firm SecureAuth has opened its Agent Trust Registry to the public. The announcement of this industry-first, vendor-neutral directory for autonomous AI agents comes as businesses grapple with a stark reality: the rapid, often unsecured, deployment of AI agents is creating a new and formidable attack surface.

Recent industry reports paint a grim picture, with a staggering 88% of organizations reporting they have already experienced an AI agent-related security incident. This highlights a dangerous disconnect where the race to leverage AI for productivity is dramatically outpacing the implementation of necessary security and governance, leaving corporate networks vulnerable to unprecedented risks.

The New Frontier of Risk: Shadow Agents and Prompt Injection

The proliferation of autonomous AI agents has created a new 'Wild West' within enterprise environments. The core of the problem lies in a significant governance gap. According to Gravitee’s State of AI Agent Security 2026 Report, while over 80% of technical teams are actively using AI agents, a mere 14.4% of these powerful tools go live with full security and IT approval. This has led to the rise of “shadow AI agents”—unsanctioned, unmanaged autonomous workers operating deep within corporate networks, often with unclear ownership and no audit trail.

These agents are frequently granted excessive permissions, with some studies indicating that as many as 90% are over-permissioned, giving them far more access to sensitive data and systems than required. Compounding the issue is the fundamental architecture of the large language models that power them. The data layer and control layer are often intermingled, making them highly susceptible to a class of vulnerability known as prompt injection. Unlike traditional software exploits, prompt injection attacks manipulate an agent's instructions, effectively turning a trusted tool into an unwitting accomplice for data exfiltration or unauthorized actions. Malicious instructions can be embedded in documents, emails, or data feeds, hijacking agent behavior without triggering conventional security alerts.

“We’ve been giving rocket launchers to people who have never fired a gun,” said Geoff Mattson, CEO of SecureAuth, in the company's announcement. “That’s exactly the moment we’re in, and that’s why we’re opening our Agent Trust Registry to the public.”

A Sheriff for the Digital Frontier

SecureAuth's Agent Trust Registry is positioned as a foundational tool for bringing order to this chaos. Available immediately and free to the public, the registry acts as a centralized, vendor-neutral directory that evaluates widely used enterprise AI agents against a consistent security framework. The goal is to move beyond vendor-supplied marketing claims and provide security teams with objective, structured data before an agent is ever approved for use.

For each listed agent, the registry provides a detailed assessment, including its verified identity posture, a calculated trust score, and crucial governance metadata. It offers objective insights into the security posture and potential enterprise risk posed by the AI agents that employees are often already using without IT’s knowledge. Crucially, it also provides concrete, actionable recommendations for safe deployment, giving CISOs and their teams an independent assessment and a defensible path forward to determine what controls must be in place before an agent is allowed to operate in their environment.

Forging a Collaborative Defense

The decision to make the registry public and vendor-neutral signals a broader strategic vision. SecureAuth is aligning its initiative with community-driven efforts like Glasswing and Mythos, which champion open, collaborative defense against emerging AI threats. These initiatives are built on the understanding that the dynamic, fast-moving security challenges of agentic AI are too complex for any single vendor to solve alone.

Project Glasswing, for example, is a collaborative effort to proactively identify and mitigate risks in AI systems before they can be exploited by malicious actors. By providing a public ledger of verified agents, the Agent Trust Registry contributes directly to this goal of shared transparency. This collaborative approach is essential for building industry-wide standards and fostering collective stewardship over the AI ecosystem.

“In the spirit of Glasswing, Mythos, and other community-driven efforts, we believe the dynamic security concerns of agentic AI can only be addressed through shared transparency and collective stewardship,” Mattson stated. “No single vendor can solve this alone.”

Under the Hood: The Agentic Authority Platform

Backing the public-facing registry is Agentic Authority, SecureAuth’s unified platform and the industry’s first purpose-built solution for Agentic AI Security & Governance. This platform provides the technical underpinnings required to enforce the principles of trust and control outlined by the registry.

Agentic Authority addresses the core IAM problem by giving every AI agent instance its own unique cryptographic identity, allowing organizations to move beyond shared, insecure API keys. Its discovery engine is designed to find and catalog shadow agents across macOS, Windows, cloud, and SaaS environments without requiring code changes. Once an agent is identified, the platform enforces granular, per-action policies across every API call and delegation chain, ensuring agents adhere strictly to the principle of least privilege. Should an agent deviate from its expected behavior, the system can automatically quarantine it in seconds, mitigating potential damage.

By unifying endpoint, gateway, risk, and identity management for autonomous agents, the platform provides a new layer of enterprise security that has not previously existed. This integrated approach not only helps prevent breaches but also embeds compliance directly into the agent lifecycle, supporting major regulations like the EU AI Act and various financial standards. As Mattson concluded, “The question isn’t whether enterprises will adopt AI agents, they should, and they will. The question is whether they can do so with clarity and confidence. SecureAuth is building the trust and control layer that makes that possible.”