Real-time monitoring and automated guardrail enforcement are the foundations of a significant expansion to OneTrust’s AI governance platform, aimed at organisations struggling to keep compliance controls pace with rapidly scaling AI deployments.

The US-based vendor has added three capabilities to its platform: AI Agent Detection and Inventory, a Policy Manager and Policy Library, and AI Guardrail Enforcement. The additions are designed to shift AI governance from periodic, point-in-time compliance reviews to continuous oversight across agents, models, and datasets.

The move reflects growing pressure on governance, risk, and compliance teams to account for AI systems that were not covered by traditional IT asset management. The introduction of agentic AI - autonomous systems that can take actions, access data, and interact with other systems with minimal human oversight - has exposed gaps in most organisations’ existing risk frameworks.

The EU AI Act, which began applying obligations to high-risk AI systems from August 2024, and the US National Institute of Standards and Technology (NIST) AI Risk Management Framework have both heightened demand for structured AI governance tooling.

Australia’s government has released voluntary AI Ethics Principles but has signalled interest in mandatory guardrails for high-risk applications, adding urgency for enterprises operating across jurisdictions.

What the New Capabilities Do

The Agent Detection and Inventory capability is designed to continuously discover and catalogue AI agents, models, and datasets across an organisation’s environment, capturing ownership, data access, and lineage information.

The intent is to eliminate blind spots in AI asset registers - a persistent problem as development teams adopt no-code and low-code AI tooling that can bypass traditional procurement or IT review processes.

The Policy Manager includes a library of pre-built policies aligned to frameworks including the NIST AI RMF and the EU AI Act. The platform translates those framework requirements into monitored controls, with evidence capture intended to support audit readiness. OneTrust claims that the system provides realtime visibility as AI systems evolve.

Guardrail Enforcement targets generative AI, traditional machine learning models, and agents. The system is described as inspecting AI systems continuously and automatically enforcing protections - such as blocking or limiting personal data exposure - when policy violations are detected.

Platform Integrations

The platform integrates with Amazon Bedrock, Amazon SageMaker, Azure AI Foundry, Azure OpenAI, Databricks Unity Catalog, and Google Vertex AI. This breadth of integration is significant for enterprise teams that run AI workloads across multiple cloud environments, a common scenario in large government agencies, financial institutions, and healthcare organisations.

OneTrust operates in a growing AI governance market that includes competitors such as ServiceNow, IBM OpenPages, and emerging specialist vendors. Gartner has flagged AI governance tooling as a priority area for 2025-26 as regulatory obligations across jurisdictions increase.

Australian enterprise technology teams, particularly those in regulated industries such as banking, insurance, and government, are facing increasing pressure to demonstrate auditable AI oversight - making continuous monitoring capabilities of direct relevance.

https://www.onetrust.com