Developed by CISOs and identity leaders, the AAM Framework offers a seven-pillar model and free maturity assessment to bring structure and accountability to AI agent governance
NEW YORK – Oasis Security, the identity security platform for the Agentic Access era, today launched the Agentic Access Management (AAM) Framework, a first-of-its-kind, practitioner-built model for governing the machine-to-machine access layer of enterprise AI. Created in collaboration with Sequoia Capital and leading CISOs, the framework provides clear, actionable guidance for securing AI agents and non-human identities, filling the gap between emerging identity standards and the operational realities of enterprise security.
Enterprises are rapidly adopting AI at scale, yet many still lack the structured governance needed to control the rising number of AI agents and non-human identities (NHIs). According to recent research, more than three-quarters of organizations now say they use AI in at least one business function (Source:mckinsey.com). The enterprise AI market itself is projected to grow from approximately $20.4 billion in 2024 to $28.4 billion in 2025, a nearly 39% year-on-year increase (Source: The Business Research Company).
“Our Fortune 500 customer data shows AI-agent adoption up 840× year-over-year, with Copilot agent creation alone growing 1,767%,” said Danny Brickman, CEO and Co-Founder of Oasis Security. “At this pace, AI agents will outnumber employees at many large enterprises by year-end 2025. The AAM Framework emerged directly from customer demand: a practical, governance-driven way to manage this new class of identities before they overwhelm existing IAM models.”
The risks are rising just as fast.
- 83% of enterprise data flowing into AI tools now goes to platforms labeled critical or high risk, and 34.8% of that data is sensitive (Cyberhaven 2025).
- Organizations without a formal AI strategy have only a 37% success rate in adoption vs. 80% for those with clear governance (Writer 2025).
- Despite ~14% YoY increases in AI spend, only 30% of tech-forward enterprises have achieved large-scale AI deployment (EPAM Systems 2025).
Built by security practitioners, the AAM Framework is vendor-neutral, practical, and immediately implementable. It offers an identity-first approach to AI security, addressing risk at the machine-to-machine access layer, where most future breaches are expected to occur.
“Agentic AI marks one of the most profound platform shifts since cloud computing,” said Caleb Tennis, CISO at Sequoia Capital. “Oasis is helping enterprises get ahead of that curve – not just by enabling AI adoption, but by giving security and identity teams a framework to govern it responsibly. The AAM Framework brings much-needed structure to one of the fastest-moving frontiers in enterprise technology.”
As organizations transition from AI pilots to full-scale deployment, unmanaged agentic access can quickly lead to credential sprawl, shadow AI, and compliance blind spots. The AAM Framework provides a timely structure to help enterprises maintain visibility, trust, and accountability across thousands of autonomous entities.
“The Maturity Assessment tool has been instrumental in pinpointing where to strengthen our program and how to engage leadership on next steps,” said Todd Dufour, SVP Identity and Access Management. “It reflects our commitment to adopting AI responsibly and building long-term resilience into our security strategy.”
To support adoption, Oasis Security is releasing an AAM Maturity Assessment, allowing organizations to benchmark current governance practices, identify gaps, and prioritize controls. The framework is coalition-ready, designed for endorsement by CISOs, security associations, and vendor ecosystems to build a shared foundation for secure AI adoption across industries.
To learn more about the Agentic Access Management Framework, visit the website here and read more in our blog here.
