Agent discovery

Overview

Agent Discovery helps you find and track service accounts, technical users, and system identities across your connected source systems. These "agents" are non-human identities that interact with your AI systems, and knowing what they are and what they can access is a basic governance requirement.

What counts as an agent

In this context, an agent is any non-human identity that interacts with your systems. Examples:

• Service accounts used by automation pipelines
• API keys or technical users from external integrations
• Bot accounts or scheduled job runners
• System identities with elevated permissions

Discovering agents

There are two ways agents get into the inventory:

Automatic discovery

1. Click Refresh to trigger a sync with your connected source systems.
2. The system queries each source and imports any new agents it finds.
3. New agents appear with a status of "Unreviewed" so you can review them before they are confirmed.

Manual registration

1. Click Add agent.
2. Enter the agent's name, type, and permissions.
3. Manually added agents are marked as such so you can distinguish them from auto-discovered ones.

Reviewing agents

Each discovered agent needs to be reviewed. The review status tells your team whether the agent has been vetted:

Click any agent row to open its details, where you can see the full permission set, source system, and last activity timestamp. From there you can update the review status.

Searching and filtering

The table supports filtering by name, source system, agent type, review status, and staleness. Stale agents are those that haven't been active recently, which may indicate they should be decommissioned.

Linking agents to models

You can link an agent to a model from the model inventory. This creates a traceable connection between the non-human identity and the AI system it interacts with, which is useful for risk assessments and access reviews.

Who can do what