AI Governance Tools for Boards: What to Look For in 2026 and What None of Them Do Yet

What boards actually need from an AI governance tool

APRA's 30 April 2026 letter to industry was direct about what boards lack. Across a deep-dive review of major Australian banks, insurers, and superannuation trustees, it found:

• Many boards are still developing the technical literacy required to provide effective challenge on AI-related risks
• Boards have overrelied on vendor presentations and summaries without sufficient examination of key AI risks
• Identity and access management has not been extended to non-human actors such as AI agents
• The pace of AI adoption has outstripped the pace of governance maturity

The letter does not recommend a specific tool. What it describes, however, is an artefact, something that gives the board a clear, interrogable view of what AI is running in the organisation, who owns it, what it can access, and whether the entity is within its risk appetite.

That is a dashboard problem, not a security problem. And it is a problem almost none of the tools in the current market solve for the board specifically.

The market in 2026: four categories

The AI governance tools market in 2026 organises into four distinct categories, each with a different buyer and a different purpose.

1. Security and runtime protection platforms

These tools, Lakera (acquired by Check Point), Protect AI (acquired by Palo Alto Networks), CalypsoAI (acquired by F5), WitnessAI, Straiker, Noma Security, and others, are built for CISOs, security engineers, and ML engineers. They detect prompt injection, data leakage, and model manipulation in real time. They enforce guardrails at the inference layer. They test AI systems for adversarial vulnerabilities.

None of these tools are designed to be read by a board. Their outputs are technical: alert queues, detection logs, model scoring dashboards. The value they provide is defensive. The buyer is the security team.

2. AI governance and GRC platforms

Credo AI is the category leader in this space. It provides an AI registry (a central record of every AI system in operation), pre-built policy packs aligned to EU AI Act, NIST AI RMF, ISO 42001, and SOC 2, shadow AI discovery capabilities, and what it calls "audit-ready evidence." Holistic AI, IBM watsonx.governance, OneTrust AI Governance, ServiceNow AI Control Tower, and Vanta are adjacent players.

These tools are closer to what a board needs, but still require significant technical integration, are priced for large enterprise budgets (Credo AI is market-reported at US$30,000–150,000+ per year), and are primarily designed for GRC teams and compliance officers. The board-readable output is possible, but it requires the GRC team to build and maintain it.

3. Agent visibility and identity platforms

This category emerged in 2025–2026 as AI agents became mainstream. Microsoft Agent 365 (generally available May 2026), Oasis Security, Unosecur, Straiker Discover AI, and AppOmni Agent Inventory all provide some form of agent discovery, finding what AI agents are deployed, what tools and data they can access, and where access is excessive relative to intent.

Microsoft Agent 365 is the most significant player. It provides a genuine Agent Registry (a single source of truth for every agent deployed in a Microsoft environment), an Agent Map (a visualisation of how agents connect to users, data, and systems), and integration with Microsoft Entra for identity governance.

The limitation is significant: Microsoft Agent 365 is an IT admin control plane, not a board instrument. It lives inside the Microsoft 365 admin center, is Microsoft-ecosystem-only, is priced at USD$15 per user per month (approximately A$23 as of mid-2026), and is explicitly designed to help IT administrators govern agent access and policy, not to answer the questions APRA is asking boards.

4. MCP-specific gateways

With MCP (Model Context Protocol) becoming the de facto standard for how AI agents connect to external tools and data sources, a new category of MCP gateways has emerged. Runlayer (USD$11M seed, November 2025), Operant AI, Lasso Security, and Natoma (acquired by Snowflake) provide catalogues of MCP server connections, threat detection at the MCP layer, and RBAC controls over which agents can call which tools.

These are developer and platform engineering tools. They provide important underlying data, which agents connect to which MCP servers, what tools those servers expose, and whether connections comply with policy, but do not translate that data into board-readable risk or compliance language.

What a board-readable AI governance view needs to show

Synthesising APRA's letter, the CPS 230 and CPS 234 frameworks, ISO 42001 Clause 6.1 and 9, and the Australian Voluntary AI Safety Standard's 10 guardrails, a genuinely board-usable AI governance view needs to answer five questions in plain language:

1. What AI is running here? A complete inventory of every AI tool, agent, and model in operation, including shadow AI (tools adopted by staff outside formal procurement). Named against business unit, use case, and criticality. This is the minimum APRA expects: "an inventory of AI tooling and AI use cases."

2. Who owns each system? Named ownership across the AI lifecycle, design, development, deployment, monitoring, and decommissioning. No orphaned agents. No systems where accountability is shared so broadly it effectively belongs to no one.

3. What can each agent access, and is that more than it should? A clear view of what data sources, systems, tools, and APIs each agent can reach, compared to its intended scope. Over-privilege, agents with access exceeding their stated purpose, is a specific finding APRA highlighted in the context of identity and access management for non-human actors.

4. Are we within risk appetite and compliant? A traffic-light (red/amber/green) status view mapped to the entity's relevant frameworks: CPS 230 (operational risk), CPS 234 (information security), ISO 42001 (AI management system), and the 10 guardrails. Trend over time. Overall maturity score.

5. Can we prove it to APRA or an auditor tomorrow? An audit-ready export, a timestamped, version-controlled evidence pack, that records the inventory, the findings, the risk ratings, and the remediation actions taken. This is the "records" requirement of Guardrail 10 and the evidence trail ISO 42001 Clause 9 requires.

The gap: no tool does all five for a board

The current market provides pieces of this picture. Credo AI covers inventory and compliance mapping but requires technical integration and GRC expertise to operate. Microsoft Agent 365 covers agent discovery and access visualisation but is an IT admin tool in a Microsoft-only environment. The MCP gateways provide granular access data but no board-language translation.

The translation layer, taking the technical data from agent registries, access graphs, and MCP gateway logs, and converting it into a board-readable risk and compliance view, is the genuine gap in the 2026 market.

What this means for Australian regulated entities

For entities regulated by APRA, banks, insurers, superannuation trustees, the priority in mid-2026 is not to select the most sophisticated AI governance platform. It is to have an artefact that demonstrates board-level oversight.

APRA has stated it will take stronger supervisory action where entities fall short. It has identified four specific failure areas, and three of them (governance maturity lagging adoption, supplier and agent access risk, and assurance not keeping pace with dynamic AI) map directly onto what a board-readable AI governance dashboard would address.

The practical path for most regulated entities in Australia is: - Begin with an AI inventory, a structured register of every AI tool and agent in use, with named ownership and a basic risk classification - Extend the inventory to include access scope, what can each agent reach, and is that access within the entity's intended design - Map findings to the applicable regulatory frameworks (CPS 230/234, ISO 42001, the 10 guardrails) and assign red/amber/green status - Present the output to the board in a format that enables effective challenge, not a vendor presentation, but a board-owned view of the entity's AI posture - Maintain the register with a defined refresh cadence, producing dated, version-controlled evidence for supervisory review

The tools to automate this at scale are emerging but not yet mature. For most Australian regulated entities in 2026, the pragmatic approach is an advisory-led structured assessment that produces a board-ready artefact, with automation added as the tooling matures and as connectors to Microsoft Agent 365, MCP gateways, and cloud IAM systems become standardised.

Questions boards should be asking

Drawing on APRA's specific findings, here are the questions a board should be able to answer, and that any credible AI governance tool or review process should help answer:

• Can we produce a complete inventory of AI tools and agents within 48 hours if APRA requests it?
• For each AI agent, is there a named owner accountable for its behaviour across its full lifecycle?
• Have we extended our identity and access management framework to cover non-human actors, specifically AI agents?
• Do we have evidence that the board has exercised effective challenge on AI risks, not just received vendor presentations?
• Are our existing change management and assurance processes adapted for the dynamic nature of AI systems, including model drift?
• Can we demonstrate to APRA's satisfaction that AI risk is not being treated as "just another technology risk"?
• Do we maintain dated, version-controlled records of our AI inventory, risk assessments, and oversight activities?

If the answer to any of these is "I'm not sure" or "the team would know," the board's oversight is insufficient by the standard APRA has now set explicitly.

The bottom line

The AI governance tools market in 2026 is real, growing, and increasingly well-funded, but it is built for technical and GRC buyers, not boards. The translation layer between technical agent-access data and board-readable AI risk posture is the genuine gap.

For Australian regulated entities, the most important first step is not tool selection. It is ensuring the board has a clear, interrogable, board-owned view of the entity's AI footprint, what is running, who owns it, what it can access, and whether it is within risk appetite. APRA has stated plainly that this is what it expects, and that it will enforce where entities fall short.

---

AIRiskAware monitors Australian and global AI regulation continuously. See our analysis of APRA's April 2026 AI letter, the AI inventory as a regulatory requirement, and the AI agent access control challenge for more on the specific obligations these tools need to address.