On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents. The title alone marked a shift: AI agent oversight graduated from a platform feature to a standalone enterprise software category, complete with vendor classifications, mandatory capability requirements, and spending projections. Less than a month later, the RSA Conference in San Francisco has become a coming-out party for startups racing to fill that category. At least four companies launched dedicated agent security products in the past 48 hours.
The timing is not accidental. Enterprises adopted AI agents faster than anyone expected, security teams discovered they had no tools built for the problem, and now the market is scrambling to catch up.
The adoption numbers that forced Gartner’s hand
The scale of enterprise AI agent deployment became impossible to ignore in late 2025. Team8’s CISO Village Survey, published in November 2025, found that nearly 70% of enterprises already had AI agents running in production environments, with another 23% planning deployments in 2026. Two-thirds were building agents in-house, meaning security teams often had no visibility into what was being created or what permissions those agents held.
Microsoft reported that more than 80% of Fortune 500 companies were actively using agents in their organizations, according to Geordie AI’s press release citing the figure at RSA Conference. And the trajectory is accelerating: IDC projects 1.3 billion AI agents deployed globally by 2028, per Forbes.
Those numbers forced a reckoning. SailPoint’s AI agent adoption report found that 80% of organizations had already encountered unintended actions by their AI agents, including agents accessing systems without authorization and being tricked into revealing access credentials (23% of respondents reported the latter). Yet only 44% of organizations had policies in place to govern their agents.
The gap between deployment speed and governance readiness is what Gartner’s Market Guide is trying to address.
What Gartner actually defined
Gartner’s definition of guardian agents is deliberately broad: “Guardian agents supervise AI agents, helping ensure agent actions align with goals and boundaries.” The guide catalogs vendors across six segments, from risk and security specialists to AI content governance providers to business alignment optimizers.
Three mandatory capability areas anchor the framework, per The Hacker News’ analysis:
AI Visibility and Traceability requires that organizations can see and follow the actions of each AI agent across systems. Continuous Assurance and Evaluation demands mechanisms to verify agents remain secure from compromise and compliant in their actions over time, not just at deployment. Runtime Inspection and Enforcement means ensuring agent actions and outputs match defined intentions and governance policies while the agent is operating, not after the fact.
That last point is the critical distinction from traditional security tools. Firewalls, endpoint detection, and cloud security platforms were built to monitor human users and conventional software. AI agents chain tasks together, call external tools, carry context between systems, and make decisions in real time. Legacy security stacks have no model for that behavior.
Gartner projects spending on guardian agents will grow from less than 1% of agentic AI budgets today to 5–7% by 2028, according to SalesforceDevops.net’s analysis of the report. For an AI market expected to reach $632 billion in annual spending by 2028 (per IDC), even 5% implies a guardian agent market worth tens of billions.
RSA Conference 2026: the product launches
The theory became product in San Francisco this week.
Nudge Security announced AI agent discovery capabilities on March 24, targeting what it calls “shadow AI agents” — agents created by employees inside platforms like Microsoft Copilot Studio, Salesforce Agentforce, ServiceNow, and n8n without formal IT approval. The product discovers agents at the source of creation, inventories their permissions and data access, surfaces risks like hardcoded credentials and unauthenticated MCP connections, and engages the human creators directly to confirm purpose and justify use.
“The security teams that build a real inventory of their AI agents now, with actual risk visibility and clear accountability, will put their organizations in a fundamentally advantaged position,” said Russ Spitler, CEO and co-founder of Nudge Security, in the announcement.
The framing is significant. Nudge is positioning agent discovery as an extension of the shadow IT problem that defined the previous decade of SaaS security. Employees adopted Slack, Notion, and hundreds of other SaaS tools without IT approval. Now they are building AI agents on agentic platforms with the same speed and the same lack of oversight, except the agents have permissions to access corporate data and execute actions.
Geordie AI launched Beam, described as the first “AI Agent Remediation Suite” using “context engineering.” Rather than placing proxies or gateways in front of agents (which introduces latency and kills the business value of autonomous agents at scale, according to Geordie), Beam maps how an agent is configured and behaves in real time, then feeds contextual security policies back to the agent as a continuous feedback loop.
Geordie disclosed growth metrics alongside the launch: the number of secured agents on its platform increased 10x in under five months, and revenue rose tenfold in the past two months. The company was also named a representative vendor in the Gartner Market Guide for Guardian Agents and won the Black Hat Innovation Spotlight competition in London, per SecurityBrief UK.
SOCRadar unveiled an AI Agent Marketplace at RSA, combining identity intelligence and threat detection agents in a browse-and-deploy model targeting identity-driven cyberattacks. Wayfound, which focuses on business alignment rather than security (ensuring agents accomplish their intended business outcomes rather than confidently executing the wrong task at scale), was named as a representative vendor in the Gartner guide’s Business Alignment and Outcome Optimizers category.
The threat data driving urgency
The product launches are responding to threat data that security teams find alarming.
CrowdStrike’s 2026 Global Threat Report, published February 24, 2026, found that adversaries exploited legitimate GenAI tools at more than 90 organizations in 2025 by injecting malicious prompts to generate commands for stealing credentials and cryptocurrency. AI-enabled adversaries increased their activity by 89% year-over-year. Attackers also exploited vulnerabilities in AI development platforms to establish persistence and deploy ransomware, and published malicious AI servers impersonating trusted services to intercept sensitive data.
“Adversaries are moving from initial access to lateral movement in minutes. AI is compressing the time between intent and execution while turning enterprise AI systems into targets,” said Adam Meyers, head of counter adversary operations at CrowdStrike, in the report.
Gartner’s own data, cited in Geordie’s press release, puts it at 74% of security leaders identifying AI agents as a completely new attack vector in their organizations.
The combination is what makes the moment distinctive: agents are already deployed at scale (70% of enterprises), they are already causing unintended actions (80% of organizations), adversaries are already targeting them (90+ organizations compromised via prompt injection), and security leaders overwhelmingly see them as a new attack surface (74%). Four data points from four independent sources all pointing in the same direction.
Six architectural approaches, no consensus
One of the most revealing elements of Gartner’s Market Guide is that it identifies six distinct architectural approaches to guardian agents, per The Hacker News. This is not a market that has converged on a standard.
Some vendors are building standalone oversight platforms that sit independently of any agent provider. Others are embedding guardian capabilities inside the agent platforms themselves (Microsoft, Salesforce, and Oracle all include governance features in their agentic products). A third approach wraps agents in proxy layers that inspect traffic in transit. Others are focused purely on identity and access management for non-human entities.
Each approach involves tradeoffs. Embedded platform controls stop at the provider’s own boundaries — a guardian agent inside Salesforce Agentforce cannot govern an agent built in Microsoft Copilot Studio or a custom n8n workflow. Standalone platforms have cross-provider visibility but require separate deployment and integration work. Proxy-based approaches add latency. Identity-focused solutions govern who the agent is but not what it does once authenticated.
Gartner’s emphasis on cross-platform independence is notable. The report argues that only a neutral, independent guardian layer can enforce policy across providers — an implicit challenge to the hyperscalers who want agent governance to be a native platform feature rather than an independent product category.
What this means for enterprises deploying agents
The practical implications separate into near-term and medium-term.
In the near term, the guardian agent category creates a new budget line item for CISOs. The Gartner Market Guide is the kind of document that procurement teams and boards use to justify spending. Security teams that have been arguing internally for agent governance investment now have analyst coverage to point to.
The discovery problem is the most immediate. Nudge Security’s product launch today addresses the question enterprises need answered first: where are the agents, who made them, and what can they access? Organizations that deployed Microsoft Copilot Studio, Salesforce Agentforce, or open-source orchestration tools like n8n in the past year likely have agents running that no security team has reviewed.
In the medium term, the category faces the same question every new security market encounters: consolidation versus fragmentation. Will guardian agents become a standalone product category that sustains dozens of independent vendors? Or will the hyperscalers absorb the functionality into their platforms the way they absorbed CASB (cloud access security broker) capabilities a decade ago?
Gartner’s projection of 5–7% of agentic AI budgets by 2028 suggests the firm believes the category is durable. But that projection depends on enterprises actually running multi-vendor agent environments, which creates the need for independent oversight. If most organizations end up standardizing on a single agent platform from Microsoft, Google, or Salesforce, the case for standalone guardian agents weakens.
The 90-day timeline
The speed of category formation is itself the story. On February 5, 2026, Gartner published its top cybersecurity trends for 2026, naming agentic AI security oversight as Trend #1. Twenty days later, on February 25, the firm published its first-ever Market Guide for Guardian Agents, formally recognizing the category. Within a week, vendors like PlainID and NeuralTrust were issuing press releases claiming representative vendor status. By late March, RSA Conference became the staging ground for product launches explicitly built to fill the category.
Enterprise software categories typically take years to crystallize. Identity governance took the better part of a decade. CASB took five years from first product to Gartner Magic Quadrant. The guardian agent category went from “cybersecurity trend” to “standalone market with named vendors, mandatory capabilities, and spending projections” in under 90 days.
Whether that pace reflects genuine market need or analyst-driven hype will become clearer by the end of 2026, when the first generation of guardian agent deployments produces measurable results — or doesn’t.