SecureAuth launched the Agent Trust Registry on April 29, a free, publicly accessible directory that evaluates enterprise AI agents against a standardized security framework. Available at agents.secureauth.ai, the registry provides verified identity posture, trust scores, governance metadata, and deployment recommendations for each cataloged agent. It is, according to the company, the first vendor-neutral registry of its kind.
The Numbers Behind the Launch
The registry arrives alongside stark data from Gravitee’s State of AI Agent Security 2026 Report: 88% of enterprises have already experienced AI agent-related security incidents this year, and only 14.4% of agents go live with full security approval. The gap between deployment velocity and security readiness is not theoretical. It is measured and growing.
SecureAuth CEO Geoff Mattson framed the architectural root cause bluntly in the announcement: large language models intermingle their data and control layers, meaning malicious instructions embedded in documents, emails, or data feeds can hijack agent behavior through prompt injection. As agents gain broader access to enterprise datasets across Salesforce, HR systems, and internal file stores, the attack surface expands with each new integration.
How the Registry Works
The Agent Trust Registry provides CISOs with structured assessments before any agent is approved for enterprise use. For each agent, it surfaces identity credentials, behavioral risk profile, governance controls, and specific recommendations for safe deployment. The goal, according to Markets Insider, is to give security teams objective data on agents their employees are already using, often without IT’s knowledge.
Underpinning the registry is SecureAuth’s Agentic Authority platform, which assigns cryptographic identities to individual agent instances, discovers shadow agents across macOS, Windows, cloud, and SaaS environments without code changes, enforces per-action policy across API calls and delegation chains, and quarantines rogue behavior automatically. The platform is designed to support EU AI Act, SEC guidance, and financial regulatory standards.
The Shadow Agent Problem
The registry directly targets the “shadow AI” problem that has escalated throughout 2026. Employees deploy agents connected to enterprise systems without security review, and IT teams lack visibility into what those agents can access or do. Mattson compared the situation to “giving rocket launchers to people who have never fired a gun,” per the press release.
The 14.4% security approval figure from Gravitee means roughly six out of seven enterprise agents are operating without full security sign-off. For CISOs trying to enforce governance without blocking adoption entirely, a third-party trust registry offers a middle path: evaluate agents against consistent criteria rather than building bespoke assessments for each one. Whether enterprises adopt this specific registry or build their own, the category it defines (standardized agent trust assessment) is likely to become a procurement requirement as agent deployments scale.