Enterprises urged to build internal AI tool registries
Updated
Updated · O'Reilly Media · May 8
Enterprises urged to build internal AI tool registries
10 articles · Updated · O'Reilly Media · May 8
The report cites Gravitee data showing only 14.4% of teams have full security approval and 88% of organisations suffered an agent-related security incident this year.
It argues internal, not public, registries should centralise discovery, versioning, ownership and certification metadata so security teams can audit tools, cut duplication and apply consistent access controls.
As AI agent use expands, ad hoc team-built tools and permissive defaults are said to increase technical debt, obscure failures and widen attack surfaces unless platform teams add shared governance infrastructure.
Are your AI agents secretly becoming your company's biggest security liability?
As AI costs spiral, are firms building the same tools over and over, blind to massive internal waste?
Will a central 'app store' for AI tools solve the agent chaos, or just create a new corporate bottleneck?
The 2025-2026 AI Governance Emergency: How Tool Registries Combat a $4.8M Average Breach Cost
Overview
Between 2025 and 2026, the rapid and unmanaged deployment of AI agents across enterprises led to a surge in security breaches, including a major attack exploiting compromised OAuth tokens to steal sensitive data from Salesforce accounts. This wave of incidents triggered heightened regulatory enforcement under GDPR, resulting in significant fines for companies like Clearview AI and Reddit. The looming EU AI Act deadline in 2026 forced organizations to create centralized AI inventories and strengthen governance controls. Despite these efforts, challenges like prompt injection attacks and limited AI traffic monitoring persisted, making AI security a top priority and prompting initiatives like NIST's AI Agent Standards to improve oversight and compliance.