How-to GuidesIntegration Guide

Connecting Agent Platforms

AI Agent Security discovers and assesses agents by connecting to the platforms where those agents run. You add each connection in the portal, under the AI Integrations page, and choose the platforms you use.

The product reads agent configuration and activity to build an inventory and assess posture; it does not create or change agents on the connected platform. Connection methods vary by platform: a cloud role, an OAuth authorization, or an API key. Once a platform is connected, discovery runs and builds the inventory. Most platforms are discovered continuously; some run on scheduled scans.

The exact permission names, OAuth scopes, role names, and step-by-step screens are shown on each platform’s setup page in the portal, which is the authoritative and most current source. Use the sections below as the high-level model for what each connection involves.

Amazon Bedrock and Bedrock AgentCore

A single connection covers both Bedrock Agents and AgentCore.

  1. Method: a read-only AWS IAM role. The portal provides a CloudFormation template that creates the role in your account. Access is cross-account through AWS STS AssumeRole with a pre-filled external ID, so there are no access keys or credentials to store or rotate.
  2. Setup: copy the CloudFormation template from the AI Integrations page, deploy it in your AWS account to create the role, copy the Role ARN from the stack output, then enter the Role ARN and your AWS region back in the portal.
  3. Permissions granted: read-only access to list and read Bedrock agents, action groups, knowledge bases and aliases, plus CloudWatch metrics and CloudTrail events for usage and activity.
  4. What is discovered: agents and their action groups, connected knowledge bases, aliases, the model in use, and recent usage and activity.

Google Cloud

  1. Method: read-only access to Google Cloud’s agent registry, granted through Workload Identity Federation so that no service-account keys are stored.
  2. Permissions granted: a viewer-level role on the agent registry.
  3. What is discovered: agents registered in the Google Cloud agent registry, with the metadata the registry exposes. Note that agents deployed outside the registry are not discovered at this point in time.

Microsoft Copilot Studio

  1. Method: a one-time Microsoft admin consent through an OAuth flow. You are redirected to Microsoft Entra and approve read-only permissions for the application to read your tenant’s Power Platform data. No credentials are stored; the authorization is used only to obtain scoped access tokens at scan time.
  2. How discovery runs: scans run across your Power Platform environments through the Dataverse API and the Power Apps BAP API. You can grant access to all environments or restrict scanning to specific environments.
  3. What is discovered: Copilot Studio bots and their metadata, including owners, editors, and authentication configuration; active connectors and the external services they reach, such as Salesforce; the channels where bots are published; conversation sessions and activity logs; and AI plugins and system users.

Salesforce Agentforce

  1. Method: OAuth authorization. You authorize a read-only connection to your Salesforce org; there are no long-lived credentials to manage by hand.
  2. What is discovered: Agentforce agents, their actions and tools, and configuration.

n8n

  1. Method: an n8n API key entered in the portal.
  2. What is discovered: agents built on n8n’s native AI Agent nodes, and their configuration.

Relevance AI

  1. Method: an API key, scoped per project. Add one key for each Relevance AI project you want to connect.
  2. What is discovered: the agents and tools within each connected project.

Notes

  1. All of the above are discovery and posture connections and are for discovery. Runtime protection is a separate capability, integrated through the Guard API, and is not configured through these platform connections. We will be launching native integrations for policy enforcement and runtime protection for select platforms soon.
  2. Discovery depth varies by platform because it depends on what each platform’s APIs expose. Where a platform surfaces less detail, that is a property of the platform rather than of the assessment.