Nudge Security released AI agent discovery capabilities on March 24, giving security teams the ability to find, inventory, and govern AI agents that employees build across enterprise platforms without IT approval. The product discovers agents running inside Microsoft Copilot Studio, Salesforce Agentforce, ServiceNow, n8n, Tines, Workato, ChatGPT, and Gemini for Google Workspace, according to the company’s press release.

The core problem Nudge Security is targeting: employees are building AI agents inside platforms they already use for work, granting those agents broad access to corporate data, file systems, and internal tools, often with no security review. According to a SailPoint survey cited by Help Net Security, 80% of organizations report that their AI agents have performed unintended actions, including accessing unauthorized systems and sharing inappropriate data.

What the Tool Does

For each discovered agent, the product maps four things: what platform it runs on, who created it, what data and systems it can access, and what permissions it holds, according to Nudge Security’s product blog post. Security teams can then set approval statuses, assign technical owners, and send automated “nudges” to agent creators asking them to justify access or remediate risks.

The risk detection layer flags specific configurations: publicly accessible agents, hardcoded credentials, unauthenticated MCP server connections, high-risk third-party integrations, and orphaned agents whose creators have left the organization.

“The security teams that build a real inventory of their AI agents now, with actual risk visibility and clear accountability, will put their organizations in a fundamentally advantaged position,” said Russ Spitler, CEO and co-founder of Nudge Security, in the press release.

Why It Matters for Agent Deployments

The product launch signals an emerging market category: agentic AI governance. As enterprises deploy more autonomous agents through low-code platforms like Copilot Studio and Agentforce, the security gap widens between what employees can build and what IT can see. Nudge Security’s approach treats this as an extension of the “shadow IT” problem that plagued SaaS adoption over the past decade, applying the same discovery-and-governance playbook to AI agents specifically.

The timing is notable. SailPoint launched its own Shadow AI Remediation product on March 17, targeting unauthorized AI tool usage through browser-level monitoring. Nudge Security differentiates by going deeper into the agentic layer: rather than tracking which AI apps employees use, it inventories the agents those employees build and the permissions those agents hold.

The feature is available immediately as a research preview for existing Nudge Security customers and new trial users.