Zapier strengthens AI governance across platform

Zapier has announced a raft of governance updates to strengthen compliance and security for IT and security teams using its platform. It has added new controls, been governed, and been updated to the open beta SDK. The updates cover its MCP, which includes a curated menu of pre-built actions and is best used for chat agents. Updates to the SDK cover the coding agents, and developers can access it in any API call within their code, which Zapier authenticates.

The update addresses a gap highlighted by the January Zapier report. The ultimate enterprise AI governance report found that while 75% of practitioners agree their organisations have clearly documented AI governance expectations, 69% find it difficult to translate those expectations into concrete implementation decisions.

Furthermore, it states, “93% of leaders say AI initiatives in their organisations fail to reach production at least occasionally due to governance constraints.”

In addition, 94% of leaders agree that AI governance must shift from a set of policies and approvals to a continuously operating system embedded in how AI is built and run. In a rare alignment with leaders, 94% of practitioners agreed that future AI governance should be enforced primarily through systems and guardrails rather than manual reviews and approvals.

Brian Alvey, CTO of WordPress, echoed these findings, saying, “When governance is layered on top of how people actually work, instead of embedded into the systems they use, it inevitably breaks down at scale.”

As a result, Zapier aims to support these views with this update. Wade Foster, Co-Founder and CEO of Zapier, commented, “Building has gotten very easy, very fast. And for most organizations, new ideas are already outrunning the guardrails around them. If Building is everywhere, governance has to be everywhere too.”

What are the new governance controls?

Customers using the Enterprise plans can now take advantage of the additional governance provided with managed apps. Enterprise admins can designate specific apps as admin-managed, centralising control over how app connections are created, shared, and deleted. This ensures sensitive credentials stay with the company and prevents unauthorised access to critical business systems.

Once an app is marked as managed, administrators can set access rights of various types for it. They include:

• App Access Controls: Decide which apps your team can access. Allow or block by workspace, team, or user, enforced across the Editor, Agents, and MCP.
• Action Restrictions: Then control what they can do inside each app. Ex. A sales rep can read and update contacts in HubSpot, but never delete them.
• Managed App Connections + Domain Restrictions: Manage how team members connect to apps in your account. With company-owned connections, you don’t risk data flowing through personal accounts or workflows breaking when someone leaves.

There are several other features that Zapier announced with this release. Zapier now supports Bring Your Own (AI) Model (BYOM). Customers need an Amazon Bedrock, and they can select Claude and Cohere models if they are enabled in that AWS Bedrock account. Admins can route Zapier’s Agents and knowledge processing to these.

These new features are also supported by log Streaming and Asset history. It means administrators can review and understand what happened, including what went wrong if something failed.

Logs can be streamed directly into Datadog, Splunk, or an existing SIEM, enabling security teams to investigate where they already work. Log streams are currently available only for Zap events. Forms, Chatbots, Agents, and Tables events are not yet supported. Admins can also access and export Asset history for further analysis.

Other new features

In addition, Zapier also announced that Workspaces will be generally available by the end of Q2. Zapier Workspaces provide dedicated, organised environments for teams to create, manage, and secure automated workflows (Zaps) in one place.

They allow businesses to delegate, share app connections, and manage permissions. Thus, making it easier to collaborate on automation projects, separate tasks by department (like Marketing or Sales), and maintain security through IT-defined controls.

Zapier agents are now generally available and support Enterprise MCP. These agents enable organisations to connect business processes across data silos, completing them across different systems of record. These agents now have the same level of governance and control as other Zapier functions.

The Zapier SDK is now in open beta, enabling organisations to connect every app and workflow from within the Zapier catalogue. The SDK delivers governed access without the need for OAUTH controls or token management. It connects more than 30,000 actions across 9,000 applications, of which 3,000 support raw API Access.

Enterprise Times: What does this mean?

With this announcement, Zapier has added a layer of governance to its Integration Platform-as-a-Service solution. It continues its evolution towards a governed intelligence collaboration platform, adding a layer of governance, deeper integration and a fully supported SDK. It will be interesting to see how it expands these features next. Currently, it supports AWS Bedrock and a small set of AI models. Which solutions will it now expand?

The post Zapier strengthens AI governance across platform appeared first on Enterprise Times.