What is an Agent Registry?

The shadow agent problem

Most enterprises do not know how many AI agents they have. Developers spin up agents for prototyping and never decommission them. Business users adopt AI tools that embed agents without IT approval. Partners and vendors deploy agents that interact with organisational systems. The result is an unknown population of agents operating without oversight.

These shadow agents create blind spots. They may access sensitive data with broad service account permissions. They generate no audit trail. They are not covered by governance policies. And when something goes wrong — a data leak, a compliance violation, an unexpected cost spike — there is no record of what the agent was, who deployed it, or what it was doing.

An agent registry solves this by requiring every agent to be registered before it can access organisational resources. Unregistered agents are blocked at the identity layer.

What an agent registry records

A comprehensive agent registry captures metadata across several categories.

Identity and ownership records the agent's unique identifier, its human owner or team, when it was created, and its current lifecycle status (development, staging, production, deprecated, decommissioned).

Capabilities records the agent's model provider and version, the tools it has access to, the data sources it can query, and any external APIs it can call.

Permissions records what the agent is authorised to do — expressed as scoped permissions that reference governance policies. This includes data access levels, spending limits, and escalation thresholds.

Governance posture records whether the agent has passed required reviews (security, compliance, data protection), what policies apply to it, and its current risk score.

Operational metadata records deployment environment, last activity timestamp, performance metrics, and cost data. This helps identify stale agents that should be decommissioned and active agents that need attention.

Manual vs automated registration

Agent registration can be manual, automated, or a combination of both.

Manual registration requires a human to fill in registry metadata when deploying a new agent. This is practical for a small number of agents but becomes a bottleneck at scale. It also depends on people remembering to register agents — which they often do not.

Automated registration integrates the registry into the agent deployment pipeline. When a CI/CD pipeline deploys a new agent, it automatically registers the agent with the registry, populating metadata from the deployment configuration. This is more reliable but requires pipeline integration work.

Discovery-based registration uses network monitoring and API gateway logs to detect unregistered agents that are already calling tools or accessing data. When an unknown agent is detected, it is flagged for review and registration. This is essential for identifying shadow agents.

The strongest approach combines all three: automated registration in the deployment pipeline, manual registration as a fallback, and continuous discovery to catch anything that slips through.

The registry as governance foundation

The agent registry is not just an inventory — it is the foundation for every other governance capability.

Policy enforcement depends on the registry to know which policies apply to which agents. When an agent attempts an action, the enforcement layer looks up the agent in the registry to determine its permissions, risk level, and applicable policies.

Cost attribution depends on the registry to map agent activity to teams and budgets. Without knowing which team owns an agent, costs cannot be allocated.

Audit trails depend on the registry to provide context for enforcement decisions. An audit record that says 'agent X was blocked from calling API Y' is only useful if the registry can tell you that agent X is a finance bot owned by the treasury team.

Lifecycle management depends on the registry to track agent status. When a model version is deprecated, the registry identifies all agents using that model so they can be updated or retired.

Incident response depends on the registry to scope the impact of a security event. If a tool is compromised, the registry shows which agents use that tool and their blast radius.

Agent registry vs AI inventory

An AI inventory is a broader concept that catalogues all AI assets in an organisation — models, datasets, applications, and agents. It is typically driven by compliance requirements like the EU AI Act, which mandates registration of high-risk AI systems.

An agent registry is a specialised component of the AI inventory focused specifically on autonomous agents. It captures agent-specific metadata (tools, permissions, runtime behaviour, escalation rules) that a general AI inventory may not track.

Organisations need both. The AI inventory satisfies regulatory requirements for a comprehensive catalogue of AI systems. The agent registry provides the operational detail needed to govern agents at runtime.

In practice, the agent registry often feeds data into the broader AI inventory, ensuring that agent-specific metadata is available for regulatory reporting while also serving its operational governance function.

Getting started with an agent registry

Building an agent registry starts with discovery. Audit your organisation to identify all existing AI agents — including those deployed by individual developers, embedded in third-party tools, and running in shadow IT environments. This initial inventory is often eye-opening.

Next, define the metadata schema. Decide what information must be recorded for every agent. Start with essentials — identity, owner, model, tools, deployment status — and expand over time.

Then, integrate registration into your deployment pipeline so new agents are registered automatically. Set a policy that unregistered agents cannot access production resources.

Finally, establish lifecycle reviews. The registry is only useful if it stays current. Set up periodic reviews to decommission stale agents, update metadata for active agents, and verify that governance posture remains accurate.

The registry will become one of your most valuable governance assets. It is the single source of truth that every other governance capability depends on.