IBM is integrating its AI governance tool watsonx.governance with Guardium AI Security — its tool for securing AI models, data, and their usage — to simplify and bolster AgentOps for enterprises.
AgentOps, short for agent operations and also otherwise known as agent development lifecycle management, is a growing area of focus for enterprises as agent sprawl becomes a key challenge, mostly driven by vendors lining up to offer enterprises tools to create AI agents for a plethora of different tasks.
“AgentOps is a new discipline with growing pains, and tool sprawl is one of them. Integrating agentic governance and security gives AI builders a unified perspective and controls. Integrating the two also makes it less likely for risks like shadow agents to proliferate,” said Heather Gentile, director of product for IBM watsonx.governance, risk, and compliance.
The way the integration works is that both products share information about AI assets, such as AI project inventory.
However, there is a catch. Enterprises who wish to take advantage of this integration will need to have both watsonx.governance and Guardium AI Security deployed, according to Vishal Kamat, VP of data security at IBM.
The integration will help enterprises by providing the “first” unified solution to manage both security and governance risks for AI use cases, especially agents, as they offer tremendous productivity benefits but can carry “steep consequences” when not properly governed or secured, said Dave Nicholson, chief research officer at The Futurum Group.
Nicholson said that he expects further integration of AI-focused governance and security products by vendors such as Microsoft, Google, and AWS.
“The rapid adoption of AI agents is creating pressure across the technology sector to bridge the traditional silos between security and governance teams, provide unified platforms rather than fragmented point solutions, and address the unique risks that autonomous AI systems present to organizations,” Nicholson added.
New capabilities in Guardium AI and watsonx.governance
As part of the integration, IBM is introducing new capabilities to Guardium AI Security through a collaboration with AllTrue.ai, a platform that focuses on risk and security management of AI systems, applications.
These new capabilities include automated penetration testing and agent discovery, which can be directly accessed from within IBM Guardium AI Security or watsonx.governance, Kamat said, adding that the new “capabilities are available through IBM product licensing.”
The collaboration with Alltrue.ai will also allow enterprises to gain specialized detection capabilities in cloud environments, code repositories, and embedded systems, IBM said, adding that once risks are identified, IBM Guardium AI Security can automatically trigger appropriate governance workflows from watsonx.governance.
This is becoming increasingly important as most enterprises are continuing to grow their AI ecosystem, which is decentralized, Nicholson said.
Recently, IBM released updates to IBM Guardium AI Security, which included automated red teaming to help enterprises detect and fix vulnerabilities and misconfigurations across AI use cases.
The integration with watsonx.governance will roll out throughout the remainder of the year, IBM said.
As part of the integration, watsonx.governance has been updated with new capabilities, including the ability to monitor and manage AI agents across their entire lifecycle.
“Evaluation nodes can be built directly into agents, allowing users to carefully monitor metrics like answer relevance, context relevance, and faithfulness – and help identify the root cause of poor performance,” IBM wrote in a blog post.
IBM is also planning to add capabilities, such as agent onboarding risk assessment, agent audit trails, and an agentic tool catalogue, by June 27. The company said it is adding Compliance Accelerators to watsonx.governance to provide enterprises with a quick way to identify obligations about their AI usage and ensure compliance with local regulations.
These Accelerators, which contain pre-loaded regulations, standards, and frameworks from around the globe and are available as an add-on, support key regulations like the EU AI Act, the US Federal Reserve’s SR 11-7, and New York City Local Law 144, along with global standards like ISO/IEC 42001 and frameworks like the NIST AI RMF.