Keeper ships agentic AI governance at the endpoint
Keeper Security extended agentic AI governance to Keeper Endpoint Privilege Manager on July 7, 2026, enforcing the same OS-level policy framework the company already applies to human users.
Keeper Security on July 7, 2026 extended agentic AI governance to Keeper Endpoint Privilege Manager, the privileged access management tool the company launched earlier this year. The new feature enforces the same policy framework around AI agents that Keeper already applies to human users on the endpoint, and it ships with the framing that agents are principals on the network, not assistants to one, per the Keeper Security announcement.
Keeper's pitch is that governance at the Model Context Protocol layer is not enough, because the agent's actions on the local machine are what matter for security and audit, and that is exactly where Keeper's existing endpoint agent already lives. The headline framing from the company is the architectural argument. Competing agent governance tools govern the tool calls an agent routes through an MCP server. Keeper instead governs the agent where it actually executes, on the operating system of the endpoint itself. The same agent that mediates human privilege requests observes the AI agent's actions on the machine, evaluates them against the policy engine, and records them in the same unified audit trail that runs for human users. The agent can be enforced regardless of whether it uses MCP, a direct API, a local tool, or any other path. Keeper's argument is that the OS is the only layer where you can govern actions like spawning child processes, writing to the filesystem, invoking a local shell, elevating privileges, or reading sensitive files, all of which fall outside any MCP-only governance scheme. The architectural bet is that governance layers added above the OS will leak because the agent can always do things on the machine that bypass the MCP server entirely, particularly when the developer has given the agent direct shell access.
Where the endpoint layer beats MCP-only governance
Keeper's announcement leans hard on two statistics from named research sources. Gartner predicts that the average global Fortune 500 enterprise will run more than 150,000 AI agents by 2028, up from fewer than 15 in 2025. That is a 10,000x growth curve over three years, and it lands before most enterprise governance programs have even finished their first AI inventory. IBM's 2025 Cost of a Data Breach report found that 63 percent of organizations lack AI governance policies entirely, and among those that experienced an AI-related breach, 97 percent lacked proper AI access controls. The framing is that adoption has outpaced governance by a factor of roughly 10,000, and the breach data shows what happens when the policy infrastructure is not there to keep up.
The detection model in Keeper Endpoint Privilege Manager combines a signed catalog of known agent identities with what Keeper calls a proprietary AI likelihood score. Known agents like GitHub Copilot, Cursor, Claude Code, and Amazon Q are recognized out of the catalog. Unknown agents are classified by tracing the application's origin and running it through the likelihood score, which is the detection path that enterprise IT teams will care about most because the unknown-agent problem is the same one described in Shadow agents: enterprise IT can't see what runs at the API layer, where IT teams have no inventory of what their developers are actually running. Keeper is positioning its agent as the inventory layer for the endpoint side of that same problem, and the unified audit trail means a security team can correlate a file write to the agent identity that caused it without needing a separate agent-monitoring tool.
The principals-not-assistants framing in context
The quote at the top of the release is from Darren Guccione, Keeper's CEO and Co-founder, and it sets the conceptual frame for the announcement: "AI agents are not assistants; they are principals. Every agent running on an endpoint has an identity, requests access and takes actions on behalf of your organization. If you are not governing them with the same rigor you apply to your human workforce, you have blind spots that adversaries will find before you do. Keeper closes that gap today." The principals-not-assistants framing lines up with the broader agent identity story that has been building in the industry across 2026, including Entrust's CIO framing that agents are the new first-class identity, the Linux Foundation's Agent Name Service launch, Cisco's multiagent Policy Studio architecture, and the agent-identity arguments that have shown up in the Enterprise AI Governance Checklist for 2026. Keeper is now adding the endpoint privilege layer to that same argument, with a specific claim about who governs what, and the architectural commitment to OS-level enforcement is what differentiates the announcement from a feature add.
For enterprise teams evaluating agent governance stacks, the announcement is a useful data point on a question that has been open all year: where in the agent execution stack does governance actually belong. The MCP-only school argues that the model-to-tool boundary is the natural chokepoint because it is the layer where agents announce intent, and a tool call policy engine can block or allow each call before it reaches the system. The OS-level school argues that the chokepoint is too leaky because agents can act on the machine in ways the MCP layer cannot see, particularly when those actions involve direct filesystem writes, shell invocation, or local privilege escalation, and any governance that lives above the OS will miss the most consequential actions. Keeper is making the case that the OS is the right answer, and the announcement is a vote for that architectural position rather than for Keeper's product alone. The right enterprise playbook for 2026 is probably to govern both layers, with MCP-side policy for tool call intent and OS-side policy for execution and audit, because the threat model is different at each layer and the agent that is well-behaved at MCP can still exfiltrate data through a direct filesystem write.
What to watch for over the next quarter
The next milestone to watch is how Keeper's OS-level enforcement lands with the enterprise customer base that is already running Endpoint Privilege Manager for human privilege mediation. The product's existing footprint gives it a deployment advantage that pure-play agent governance startups do not have, because the agent is already on the endpoint and the policy infrastructure is already in place. The question is whether the policy engine can scale to thousands of agents per endpoint without the kind of latency hit that would push developers to disable it, and whether the AI likelihood score can keep up with new agent binaries shipped by the developer community. The second signal to watch is whether competitors in the privileged access management space respond with their own OS-level enforcement stories, or whether they stay at the MCP layer and cede the endpoint argument to Keeper, and that response will determine whether the OS-level school becomes the industry consensus or remains a single-vendor position. The third signal is the IBM and Gartner data in 2027: if the 63 percent governance gap closes meaningfully, the OS-level enforcement story will have moved from architectural argument to procurement decision, and if it does not close, the OS-level enforcement story will be remembered as the right answer at the wrong moment.
Weekly newsletter
Get a weekly summary of our most popular articles
Every week we send one email with a summary of the most popular articles on AIntelligenceHub so you can stay up-to-date on the latest AI trends and topics.
Comments
Every comment is reviewed before it appears on the site.
Related articles
Nscale lands a $900M revolving credit facility for AI buildout
Nscale closed a $900M revolving credit facility led by J.P. Morgan, Goldman Sachs, and Morgan Stanley. The revolver funds AI data center expansion across the US, Europe, and APAC for the Nvidia-backed UK operator.
Couchbase ships an AI Data Plane for production agent memory
Couchbase launched its AI Data Plane today, framing the product as the operational data layer for production AI agents, with Agent Memory, an Agent Catalog, an MCP server, and Iceberg federation.
Radware adds Claude Code protection and agent compliance reports
Radware extends Agentic AI Protection to cover Anthropic's Claude Code on developer endpoints, with audit-ready reports mapped to ISO 42001, the EU AI Act, and the NIST AI Risk Management Framework.