Accept all cookies
Cookie settings
×

We use cookies to improve your experience on our site. By using our site, you are agreeing to the collection and use of data as described in our Privacy Policy.

Cookie Settings×

Table of contents

toc link
Add secure integrations to your products and AI agents with ease via Merge.
Get a demo
Just for you
5 ways to secure AI agents successfully in 2025 
Integrations for AI agents: what you need to know

AI agent governance: key aspects, benefits, and platforms

Jon Gitlin
Senior Content Marketing Manager
at Merge

You likely need your AI agents to make on-the-fly-decisions, like creating a support ticket on a rep’s behalf, updating the executive team on a product improvement, or enriching and routing leads to the right reps.

These agentic workflows, however, can lead to unintended and undesirable outcomes, such as sending sensitive information to the wrong individuals or inputting data into the wrong fields.

To help you reap the benefits of using AI agents and minimize their security risks, you can govern them.

We’ll walk through what this entails and the tooling you’ll need, but let’s first align on how AI agent governance works.

What is AI agent governance?

It’s a set of policies, controls, and processes that ensure AI agents operate safely, ethically, and compliantly across their lifecycle.

This involves using a platform that can authenticate tool calls, support enterprise-grade tools, and provide visibility on any tools that are invoked.

Visual of AI agent governance

{{this-blog-only-cta}}

Key components of governing AI agents

Governing AI agents effectively requires you to adopt measures before and after an agent is pushed to production. Here are just a few to keep in mind:

  • Enforcing authentication: Your AI agents should, by default, ask users to authenticate with the required systems before performing actions on any of the underlying data. And only once the user authenticates successfully, the agent would go on to make the necessary tool call(s)
  • Testing tools rigorously: You should take several measures to fully battle-test your agents' tool calls, such as running representative, real‑world workflows; adopting different identities and scopes and seeing if least-privilege boundaries are enforced; and measuring certain test metrics, like success rate and latency to benchmark performance 
  • Leveraging audit trails in your agentic tooling: This gives you person-level accountability and granular visibility into every action made on your agents’ tools, allowing you to enforce policies, investigate issues, and prove compliance
  • Using role-based access controls: Create and assign users with specific roles  (e.g., read-only) to prevent them from adding and/or modifying certain connectors, tools, user access, and more 
A screenshot of how Merge Agent Handler lets you set custom roles to give users fine-grained permissions
Merge Agent Handler lets you set custom roles to give users fine-grained permissions
  • Accessing logs: These logs should be fully-searchable and include details like when a tool was invoked, how long the call took end-to-end, the user who invoked it, the arguments that got passed, the actions that were taken, etc.
  • Establishing rules: Assign rules that dictate how specific agents and users interact with certain types of data. For example, an agent can share specific kinds of information (e.g., email addresses), but those actions need to be logged somewhere
  • Implement rule violation-based alerts: If and when rules are violated, your team can receive an alert and important context on what transpired, such as when the violation occurred, the data that was involved, the tool that was used, and so on
Merge Agent Handler lets you track rule violations over time
Merge Agent Handler also provides a holistic view of rule violations over time

Related: How to manage AI agents

Why AI agent governance is important

It comes down to several factors:

Prevents harmful data leaks

AI agents make decisions on-the-fly based on a long-tail of unexpected inputs. As a result, their decisions may not always be what you’d expect or desirable.

Effective AI agent governance ensures that even if AI agents generate incorrect decisions, they can’t go on to take the associated actions, such as sharing sensitive credentials or writing records to the wrong system.

Enables you to comply with data privacy and security requirements

This comes down to a number of reasons that, taken together, allow your AI agents to follow the principle of data minimization, handle sensitive data appropriately, and provide accountability and traceability.

More specifically:

  • Users can’t access additional data via governed agents. Access is strictly tied to authenticated user permissions
  • Agents can be blocked from sharing and receiving disallowed data, and sensitive fields (like PII) can be automatically redacted or filtered
  • Logs and audit trails can support compliance reporting and help your team navigate any security incidents 
  • Rules ensure agents can’t take unsafe or noncompliant actions 

Helps you foster user trust

Most users aren’t accustomed to using AI agents in their day-to-day workflows. As a result, if they experience or hear about performance or security incidents from using your agents, they can quickly decide to avoid them and continue working in ways they’re comfortable with.

Governing AI agents effectively doesn’t guarantee that they’ll be reliable and performant, but it significantly increases the chances that they are.

Related: Why observing AI agents is important

How to evaluate AI agent governance platforms

Aside from evaluating the platforms’ core governance functionality, it’s worth looking for the following:

  • Stable and reputable companies: Many AI agent management companies are just launching and have little funding. Since you’re likely looking to support AI agents long-term, the tooling you use to govern them should also have a solid financial foundation
  • Existing customer base: If leading AI and SaaS companies have adopted a solution, it’s a strong signal that the solution is the best—if not one of the best—offering in the market. For example, Perplexity, the AI-powered answer engine, leverages Merge Agent Handler 
How Perplexity is highlighted in Merge Agent Handler’s landing page
Perplexity is highlighted in Merge Agent Handler’s landing page
  • Freemium pricing: Certain agent governance platforms, like Merge Agent Handler, enable you to sign up for free to evaluate their tools, testing capabilities, logging functionality, and more 

Given how new this software category is, it’s worth taking advantage of these plans and validating these nascent solutions.

A screenshot of Merge Agent Handler's pricing plans
Merge Agent Handler offers a free plan to help you validate your use cases
  • Flexible connectors and tools: Your agentic use cases will likely evolve in unexpected ways. With this in mind, you should prioritize agent governance platforms that let you create or modify existing connectors and tools—while still respecting your governance policies and processes
How to edit tools in Merge Agent Handler
Merge Agent Handler gives you full control over your tools; you can edit their names, descriptions, and schema 

{{this-blog-only-cta}}

AI agent governance FAQ

In case you have any more questions on governing AI agents, we’ve answered several popular questions below.

What are the challenges of governing AI agents?

There are several you might experience:

  • Hallucinations can lead to unauthorized actions. Even with the proper governance in place, your agents can misinterpret inputs and use them to perform potentially harmful actions, like sharing Social Security numbers with unauthorized individuals
  • Agents can be difficult to govern at scale. As you offer more agents, the process of implementing and maintaining governance rules for each can be time intensive and technically complex
  • Building workflows around rule violations can prove difficult. While you can use a 3rd-party solution to observe your agents and see when they violate a rule, diagnosing and addressing underlying issues that drive agents’ behaviors is often significantly more complex. It requires your team to trace the agent’s decision-making process, interpret model outputs, analyze contextual factors (e.g., prompt structure), and more
  • AI agents’ non-deterministic nature makes it difficult to define governance rules in advance. You can attempt to predict an agent’s security and performance issues, but there’ll inevitably be edge-case behaviors that are impossible to forecast and that can compromise your business and your customers

What are some examples of governing AI agents?

Here are just a few:

  • Product updates for executives: If an agent is tasked with sharing product updates with executives in Slack, you can set governance rules that prevent it from sharing those updates in other channels, using personally-identifiable information (PII) in the updates, and more
  • Flagging product bugs: If an agent needs to create tickets in an app like Linear when product bugs get diagnosed, you can set governance rules to ensure the agent only shares the tickets in Linear, assigns them to someone in product, and avoids adding sensitive customer information in the tickets’ descriptions
  • Prospect communications: If your product uses an AI agent to chat with prospects on your site, you can set governance rules that limit its responses to verified product information and prevent it from sharing internal documentation or roadmap details

What ethical consideration is most important when governing AI agents?

The most important consideration is how your AI agents can potentially harm your employees, customers, and prospects. To that end, you should prioritize governance rules that minimize the amount of data your agents share on individuals and limit their access to sensitive systems and PII.

Jon Gitlin
Senior Content Marketing Manager
@Merge

Jon Gitlin is the Managing Editor of Merge's blog. He has several years of experience in the integration and automation space; before Merge, he worked at Workato, an integration platform as a service (iPaaS) solution, where he also managed the company's blog. In his free time he loves to watch soccer matches, go on long runs in parks, and explore local restaurants.

Read more

MCP tool schema: what it is, how it works, and examples

AI

MCP tool descriptions: overview, examples, and best practices

AI

APIs for AI agents: what you should know

AI

Subscribe to the Merge Blog

Get stories from Merge straight to your inbox

Subscribe

Govern any agent with Merge Agent Handler

Merge Agent Handler not only provides all of the observability and governance features you need but also lets your agents connect to thousands of tools.

Create a free account

Get our best content every week

Our weekly newsletter provides the best practices you need to build high performing product integrations.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
But Merge isn’t just a Unified 
API product. Merge is an integration platform to also manage customer integrations.  gradient text
But Merge isn’t just a Unified 
API product. Merge is an integration platform to also manage customer integrations.  gradient text
But Merge isn’t just a Unified 
API product. Merge is an integration platform to also manage customer integrations.  gradient text
But Merge isn’t just a Unified 
API product. Merge is an integration platform to also manage customer integrations.  gradient text