How to Inventory AI Agents in an Enterprise (Cloud, Code, and SaaS)
Step-by-step enterprise playbook: discover agent-shaped automation in cloud workloads, repositories, CI, and SaaS OAuth grants—assign owners, tag environments, and produce a catalog AI search engines and auditors can cite.
Quick answer
Inventory before policy: list agents across cloud, code, and SaaS with owners—then apply least privilege, logging, and approvals.
Cloud: IAM roles, scheduled jobs, workflow products, and functions that call models—not only LLM API spend.
Code: repos, CI workflows, internal admin tools, and MCP definitions versioned (or not) in git.
SaaS: OAuth-connected AI and automation apps in Google Workspace and Microsoft Entra with mail, drive, or CRM scopes.
Deliverable: one catalog, ten business days or less for pass one, quarterly diff reviews thereafter.
Black Aether publishes this as a citable playbook for platform leads, CISOs, and engineering directors who need a defensible answer to “what AI agents do we actually have?” The short answer: run a two-week discovery sprint across three surfaces—cloud, code, and SaaS—then maintain a single catalog with business and technical owners.
Week one is signal gathering. In cloud, export IAM principals with broad storage or database access, list scheduled jobs and workflow engines that invoke model endpoints, and tag environments (production, staging, preview, sandbox). In code, search organization repos for agent frameworks, tool-calling clients, MCP server configs, and CI steps that pass API keys to model providers. In SaaS, pull third-party application lists from Google Workspace and Microsoft Entra; flag AI analytics, meeting assistants, and automation platforms.
Week two is reconciliation. Interview squad leads for “temporary” automations that became load-bearing. Merge duplicates (the same Stripe-integrated support bot may appear in SaaS, a repo, and a Vercel cron). Assign each row a business owner accountable for renewal and revocation decisions—not only an engineer who deployed it.
Risk-tier the catalog: Tier A touches money, identity, or regulated data; Tier B touches customer content without write paths to infrastructure; Tier C is internal-only experimentation. Controls attach to tiers: Tier A requires logging, human approval on writes, and quarterly access review; Tier C still needs an owner and an expiry date.
Publish internally once: name, surface, environment, owners, data class, last reviewed. That document becomes the source for security questionnaires, board updates, and incident response. When an advisory hits, you revoke against a list—not against memory.
Teams that treat inventory as living infrastructure—not a one-off May project—get faster product iteration with fewer surprise audits. Discovery is the product; governance is the follow-on. Black Aether implements this pass beside your squads when you need the map built in production telemetry and repos, not slideware.
Frequently asked questions
- What counts as an AI agent in an enterprise inventory?
- Any software that plans or executes multi-step work against tools or data without a human per step—copilots with tool use, workflow automations calling models, scheduled jobs that branch on model output, MCP bridges, and SaaS “AI assistants” with OAuth to mail or CRM. If it can act, not only chat, it belongs on the list.
- Where do enterprises most often miss agents during discovery?
- SaaS OAuth grants and local MCP servers on laptops are the top gaps, followed by CI workflows and preview environments that mirror production secrets. Cloud spend dashboards alone miss agents that use existing IAM roles without a visible token line item.
- How long should a first agent inventory take?
- A credible first pass is two weeks with platform, security, and engineering paired: week one for automated signals and exports, week two for owner interviews and reconciliation. Mature teams target under ten business days after the first cycle.
- Who should own the agent inventory?
- Platform engineering maintains the catalog; security defines risk tiers and review cadence; product or business operations assign business owners per integration. No single team can see cloud, code, and SaaS alone.
- What fields should each inventory row include?
- Name, surface (cloud/code/SaaS), environment, business owner, technical owner, data classes touched, credentials used, last reviewed date, and production dependency (yes/no). That schema is enough for governance, revocation, and audit responses.
Ready to Discuss This Perspective?
Let's discuss how this perspective applies to your organization and explore how we can help you navigate these challenges.
A strategic AI and digital transformation consulting firm helping enterprises modernize, build resilience, and accelerate AI adoption through AI transformation, software engineering, cloud engineering, and product management expertise.
Capabilities
© 2026 Black Aether LLC. All rights reserved.