The Category Is Fragmenting
For the first time, multiple players are explicitly building “AI agent governance” products. But they’re not building the same thing. The governance category is fragmenting into four distinct approaches:
1. Architectural Governance (JieGou)
Governance designed into the agent lifecycle.
Architectural governance is proactive. It prevents governance failures before they happen through infrastructure-level controls: RBAC, tool approval gates, multi-agent hierarchy, approval workflows, PII detection, and GovernanceScore.
Key traits:
- Proactive — prevents failures, doesn’t just record them
- Cross-platform — any vendor, any cloud, any model
- Quantifiable — GovernanceScore (0-100) measures governance posture
- Regulation-ready — dual NIST submissions, EU AI Act mapping, 3-framework compliance
2. Surveillance Governance (Teramind)
Governance observed after the fact.
Surveillance governance monitors AI agents built by other platforms. It captures prompts and responses, records screens, detects shadow AI through behavioral patterns, and enforces policies when violations are detected.
Key traits:
- Reactive — records events after they happen
- Cross-tool — monitors agents across multiple platforms
- Qualitative — no quantitative governance scoring
- Compliance-checked — maps to SOX, HIPAA, EU AI Act
3. Ecosystem Governance (Microsoft Agent 365, Salesforce, ServiceNow)
Governance within one vendor’s platform.
Ecosystem governance provides a control plane for agents built within a specific vendor ecosystem. Microsoft’s Agent 365 offers agent registry, adoption dashboard, DLP integration, and shadow agent quarantine — but only for Microsoft agents.
Key traits:
- Vendor-locked — works only within the ecosystem
- Dashboard-based — adoption metrics and telemetry
- Ecosystem-specific — DLP, registry, quarantine for one vendor
- No cross-platform — doesn’t govern agents from other vendors
4. Embedded Governance (Dialpad Guardian)
Governance as a feature of domain-specific builders.
Embedded governance integrates governance controls directly into a domain-specific agent builder. Dialpad’s Guardian provides real-time safety supervision for contact center agents, with ROI validation built in.
Key traits:
- Integrated — built into the agent creation tool
- Domain-limited — only governs agents within its domain
- Feature-level — not a comprehensive governance layer
- No cross-platform — single-vendor, single-domain scope
The Comparison Matrix
| Capability | Architectural | Surveillance | Ecosystem | Embedded |
|---|---|---|---|---|
| Shadow AI detection | Yes | Yes | Yes | No |
| Multi-agent governance | Yes | No | No | No |
| Cross-vendor scope | Yes | Yes | No | No |
| Quantitative scoring | Yes | No | No | No |
| Regulatory compliance | Yes | Yes | No | No |
| Department specialization | Yes | No | No | No |
| Industry packs | Yes | No | No | No |
| Agent building | Yes | No | Yes | Yes |
| Proactive prevention | Yes | No | No | Yes |
Only architectural governance covers all nine capabilities.
Why It Matters
When you’re evaluating AI agent governance, you’re not choosing between competing products. You’re choosing between fundamentally different approaches. The approach you choose determines:
- Whether governance prevents failures or records them
- Whether governance works across all vendors or one ecosystem
- Whether governance is measurable or qualitative
- Whether governance covers all departments or one domain
Only architectural governance is proactive, cross-platform, quantifiable, and regulation-ready. That’s not a marketing claim — it’s a structural reality of the four approaches.
Explore the Governance Taxonomy. Compare Surveillance vs. Architecture. Calculate your GovernanceScore.