The Governance of AI Agents: Managing the Future of IT

The field of AI is evolving rapidly, bringing forth a new generation of tools known as artificial intelligence (AI) agents. It is the new hype word and you have probably already read it somewhere else. In this article we will deep dive together in the concepts of agents, autonomous agents and multi-agentic systems. Let's start with some proper definitions, as at Corma we are scientists and engineers at heart.

An AI agent refers to a system or program capable of performing tasks on behalf of a user or another system, either autonomously by designing its workflow and utilising tools independently, or with human-in-the-loop oversight for critical decision-making or task execution. LangChain defines an AI agent as as a system that uses an LLM to decide the control flow of an application. In contrast, software refers to a set of instructions, data or programs used to operate computers and execute specific tasks. SaaS (Software as a Service) is a cloud model where providers host and manage applications, delivering access to users over the internet via multi-tenant architecture and subscription licensing. A licence is an official permission or permit to do, use, or own something, whereas an account is an arrangement with an organisation to keep a record of transactions or interactions. For example, an employee might have an account with Salesforce, through which the employer keeps precise records of the employee's customer interactions and sales activities. The employee would also have a licence provided by Salesforce to access and use specific parts of the Salesforce software.

While AI agents offer immense potential, they also introduce complex challenges in governance, compliance, and security. At the same time, traditional SaaS (Software as a Service) tools remain critical to business operations. Organizations now face the dual challenge of managing both traditional SaaS licences and these emerging AI agents effectively. This is where Corma steps in, offering a unified platform to map, centralise, and automate IT governance across all generations of digital systems.

To clarify the differences between automation, AI workflows, and AI agents—and help organizations choose the right approach for each use case—we’re including the following framework. This visual highlights key decision-making criteria and governance considerations for each solution.

Understanding the AI Agent Landscape

To effectively govern AI agents, it's essential to understand their diverse types.

Off-the-shelf agents cover a wide range of solutions, from general-purpose products like OpenAI’s agents to specialised, pre-built options available on platforms such as LangChain-which also offers a robust framework for building agents. However, there can be confusion between tools like Agno or CrewAI and what qualifies as an in-house agent: utilising these tools to build an agent does not necessarily mean it is not developed in-house.

‍

The Power of Multi-Agent Systems (MAS)

A Multi-Agent System (MAS) involves multiple autonomous agents interacting and collaborating to achieve complex objectives that exceed the capabilities of individual agents alone. In MAS:

• Each agent operates autonomously with specialised roles.
• Agents communicate and coordinate actions explicitly (direct messaging) or implicitly (through shared environments).
• MAS can involve cooperative interactions (agents working towards shared goals), competitive interactions (agents competing), or hierarchical arrangements where higher-level agents delegate tasks to lower-level ones.

Examples of MAS applications include:

• Smart Home Assistants: In a connected home, different AI agents (such as a thermostat, lighting controller, and security system) communicate and coordinate to optimise comfort, energy usage, and safety for the residents.
• Online Food Delivery Platforms: Multiple agents work together to process an order: recommendation agents suggest meals, payment agents handle transactions, and logistics agents coordinate delivery with restaurants and drivers.
• Personalised Healthcare Systems: Specialised medical agents collaborate by analysing patient data from different medical perspectives (diagnostics, medication management, rehabilitation) to create integrated treatment plans.

The Role of Corma in Managing SaaS and AI Agents

Corma provides a unified platform designed specifically to address governance challenges posed by both traditional SaaS tools and emerging AI agents. Our vision is to become the world's leading unified and automated IT platform for all businesses.

Here's how Corma helps:

1. Unified Oversight: Gain complete visibility into all SaaS applications and AI agents within your organisation, whether built in-house or purchased off-the-shelf.
2. Automated Licence Management: Track active licences across SaaS tools and AI agent usage, identify unused resources, and reduce software expenses accordingly.
3. Compliance Assurance: Ensure adherence to regulatory requirements through robust monitoring and reporting features for both software licences and autonomous agent deployments that function as an efficient Identity Access Management system.
4. Seamless Onboarding/Offboarding: Automate (de)provisioning workflows for employees interacting with SaaS applications and AI agents.
5. Risk Mitigation: Proactively detect unauthorized apps or rogue agents early through continuous monitoring, securing your entire IT environment.

As organizations increasingly adopt traditional SaaS tools alongside sophisticated AI agents, trust becomes fundamental for effective governance. Corma's approach combines automation with transparency by providing real-time insights into software usage patterns and agent behaviours.

A prime example is Skello, a fast-growing SaaS B2B HR software provider, which leveraged Corma to automate IT operations and optimise its software stack. By managing 556 SaaS applications and 14,000 licences, Skello was able to automate onboarding and offboarding for over dozens of employees, identify over 100 shadow IT apps, and save more than hundreds of hours annually (the equivalent of one full-time employee). These efficiencies enabled Skello to quickly recoup Corma’s costs, cutting unused licences and reducing expenses by over €2,000 per month on Notion alone. As their Lead Cloud & IT Manager put it, “Corma is a game changer for automating IT, for example our onboarding and offboarding processes. It's a big time-saver for our IT team and HR department.”