Where Agent Runtime Governance Fits
ARG in the Enterprise Stack
IAM Alone Is Not Enough
Identity and Access Management (IAM) answers a critical question: "Who is this, and what are they allowed to access?" It authenticates users, manages roles, and enforces access policies at the perimeter. Every organization needs IAM, and it remains the foundation of enterprise security.
But AI agents introduce a new class of challenge that IAM was never designed to solve.
When an autonomous agent acts on behalf of a user, IAM can verify the agent's identity — but it cannot evaluate why the agent is taking an action, what goal it is pursuing, or whether the chain of delegation from human to agent to sub-agent is valid. An agent with a valid API key can make thousands of decisions per minute, each potentially accessing sensitive resources, calling external APIs, or triggering real-world actions. IAM sees each call as an authenticated request. It has no mechanism to ask: "Should this agent be doing this right now, in this context, for this reason?"
Agent Runtime Governance: The Missing Layer
Agent Runtime Governance (ARG) is complementary to IAM — it does not replace it. Instead, ARG adds a purpose-built governance layer that sits between your AI agents and the resources they access, working alongside your existing identity infrastructure.
| Concern | IAM | Agent Runtime Governance |
|---|---|---|
| Identity | Who is this agent? | Who delegated authority to this agent? |
| Access | Can this role access this resource? | Should this agent access this resource right now, given its intent and goal? |
| Delegation | N/A | Is the chain from human → agent → sub-agent valid and within scope? |
| Intent | N/A | Why is this action being taken? Does the stated intent match the operation? |
| Goal | N/A | Is there an active, authorized objective that justifies this action? |
| Enforcement | Perimeter-level allow/deny | Per-request policy evaluation with credential injection — agents never see raw API keys |
| Audit | Login events, role changes | Every agent decision: intent, goal, delegation chain, policy matched, outcome |
How the Tiers Map to Governance Maturity
The diagram above shows Watchlight Beacon's three-tier architecture, each addressing a progressively deeper governance concern:
Tier 1: Discovery & Registry — "What's running?"
Before you can govern agents, you need to know they exist. wl-discover continuously scans your environment — Docker hosts, Kubernetes clusters, network ranges — to find AI agents and MCP servers. wl-registry catalogs them with trust state management, capability tracking, and lease-based TTL. This tier gives you visibility into your AI infrastructure and works alongside your existing IAM to provide a complete inventory of autonomous actors.
Tier 2: Authorization — "Who can do what, and why?"
wl-apdp (the Agentic Policy Decision Point) evaluates every agent action against fine-grained policies that go beyond traditional RBAC. Each authorization request includes context that IAM never sees: the agent's declared intent, the goal it is pursuing, and the full delegation chain from human to agent. Policies can permit or deny based on any combination of these dimensions. This tier integrates with your IAM — it trusts the identity your IAM provides, then adds the contextual governance layer on top.
Tier 3: Runtime Enforcement Proxy — "How do we enforce it transparently?"
wl-proxy sits in the request path between agents and upstream APIs (OpenAI, Anthropic, internal services). It evaluates policy on every call, injects credentials via wl-secrets-broker so agents never see raw API keys, and produces a complete audit trail. This tier makes governance invisible to the agent developer — no SDK changes, no code modifications. Your IAM continues to authenticate; ARG adds runtime enforcement, credential isolation, and decision-level auditing.
ARG and IAM: Better Together
Agent Runtime Governance is designed to integrate with your existing identity stack, not compete with it:
- IAM authenticates the agent → ARG evaluates whether the agent's action is appropriate in context
- IAM manages roles and permissions → ARG adds intent, goal, and delegation-aware policy evaluation
- IAM secures the perimeter → ARG governs every decision an agent makes inside the perimeter
- IAM logs access events → ARG logs the full decision context: what was attempted, why, under what authority, and what policy matched
Together, IAM and ARG provide defense in depth for AI agent ecosystems — identity at the gate, governance at runtime.