Build the governance layer for AI agents

AI in the enterprise started in the chatbot era. The governance problem was simple: control which apps employees used and what data they uploaded. That era is over. The new world is one of autonomous agents — systems that don't just generate content, but take actions. They execute code, call tools, access enterprise systems, and mutate real-world state, often unattended with live credentials and minimal supervision.

This breaks the assumptions behind current AI governance. The core unit of risk is no longer the conversation — it is the action chain. Meanwhile, the assortment of agents across Salesforce, Copilot, coding tools, and dozens of embedded AI features has begun to resemble an opaque supply chain. 78% of employees already use unapproved AI tools. Shadow AI usage is up 156% since 2023. And only 18% of organizations have a governance framework in place.

Scaffolding does not last. RAG was built for 5,000-token models; today's agents search for their own information across 2 million tokens of context. Agents are increasingly composing barebones tools — CLIs, APIs, file systems — bypassing the structured interfaces we built for them. Building security boundaries around any single interface is a losing strategy. The focus must shift to the underlying primitives of execution.

The existing governance tools were built for a simpler era — fragmented across security, GRC, and observability, none seeing the full picture. What's needed is a unified control plane: full inventory of every agent, traces for every action, intelligent policy enforcement, and the analytical depth to govern AI usage at scale. That's what we're building at Forge — and we need people who want to build it with us.