There's a second buyer question hiding inside "best AI agent observability tool," and it's a different one: not "how do I see what my agents are doing," but "how do I know how many AI agents exist across my company, and how do I stop the ones that go wrong?" That's a GRC and enterprise-risk question more than a developer-tooling one, and the platforms built to answer it look nothing like LangSmith or Braintrust. This post covers that half of the market — enterprise AI governance platforms — separately from our companion post on the best AI agent observability tools, which covers LangSmith, Helicone, Arize Phoenix, Braintrust, and Langfuse.
Two platforms currently define this category alongside Waxell: Arthur AI, purpose-built around agent discovery and inventory, and ServiceNow AI Control Tower, an enterprise governance layer anchored to ServiceNow's CMDB. Both are genuinely capable, and both answer "what exists and who's accountable for it" better than any developer-first observability tool does. Neither, as of this writing, matches Waxell on pre-execution enforcement across the full range of what an agent does.
TL;DR: Arthur AI wins on org-wide agent discovery — a purpose-built inventory across clouds and frameworks. ServiceNow AI Control Tower wins on enterprise integration — governance mapped into a CMDB you may already run everything else through, plus a genuinely GA'd MCP payload-blocking mechanism for PII. Neither has shipped a pre-execution enforcement mechanism as broad as Waxell's: Arthur's governance model is guardrails-and-alerting, and ServiceNow's most-publicized enforcement feature — the agent kill switch — is still pending GA (expected August 2026). Waxell enforces 50+ policy categories before each agent step runs, available today.
The three platforms
Arthur AI
Best for: Enterprises that don't know how many agents they're running and need to find out first
Arthur markets itself as an Agent Discovery & Governance (ADG) platform, and discovery is genuinely its strongest capability. It uses four techniques together — OpenTelemetry telemetry scanning, MCP server monitoring, network-layer traffic analysis, and API-driven discovery against cloud providers like AWS Bedrock and Google Cloud Vertex AI — to catch "shadow agents" deployed without going through governance channels, regardless of whether they arrived via internal dev teams, vendor tools, or existing software that quietly added agentic features. Agents caught this way but not yet assigned an owner are surfaced as "unregistered," a genuinely useful triage signal.
On top of discovery, Arthur layers governance: customizable guardrails for PII, toxicity, hallucination, and prompt injection; use-case-specific evaluators; continuous evaluation; and real-time monitoring with configurable alerts — what Arthur itself calls "policy enforcement that scales to thousands of agents." That's an accurate description of a detection-and-alert model, but it's a different mechanism than gating a specific agent step before it executes; nothing in Arthur's own published materials describes synchronous, pre-execution blocking the way a runtime enforcement layer does. Arthur's free tier is real, too — the open-source Arthur Evals Engine ships PII, sensitive-data, and custom LLM/regex rules at no cost, alongside a $0/mo hosted Free plan and a $60/mo Premium tier.
Best fit: Enterprises whose most urgent problem is visibility — shadow agents proliferating across multiple clouds and frameworks with no central inventory.
Not the right fit: Teams that need pre-execution blocking of a specific tool call or data retrieval, not just detection and alerting after the fact.
ServiceNow AI Control Tower
Best for: Enterprises already running significant operations through ServiceNow's CMDB
AI Control Tower organizes governance around five pillars — Discover, Observe, Govern, Secure, Measure — anchored to ServiceNow's CMDB and Context Engine, two decades of enterprise operational data ServiceNow frames as a moat standalone tools can't replicate. Discovery spans 30+ enterprise connectors (AWS, Google Cloud, Azure, SAP, Oracle, Workday) plus newer connectors for Databricks, Snowflake, and Hugging Face, extending to non-human identities and OT/IoT devices. Governance runs risk assessment across agents, models, datasets, and prompts, with pre-built compliance content packs for the EU AI Act and several U.S. state AI laws.
The enforcement picture is genuinely split, and worth being precise about. Live today: ServiceNow's AI Gateway can block MCP payloads containing detected PII in real time, before the payload reaches the requesting agent — a real, GA'd, pre-execution enforcement mechanism, confirmed in ServiceNow's June 2026 release notes. Not yet live: the Veza-powered agent kill switch — real-time shutdown when an agent goes off-script or exceeds its permissions — which was announced at Knowledge 2026 in May 2026, entered Innovation Lab that month, and has a stated general availability date of August 2026, still pending as of this post. The rest of the Secure pillar (deviation detection, output screening, policy violation detection) is a detection-and-flagging model, similar to Arthur's, not real-time blocking.
Best fit: Organizations already deep in ServiceNow that want AI governance mapped into the same CMDB, asset lifecycle, and compliance program as the rest of IT.
Not the right fit: Teams that aren't already ServiceNow customers (adopting the platform just for AI governance is a heavy lift), or that need enforcement broader than MCP-layer PII blocking before August 2026.
Waxell
Best for: Production agent deployments that need pre-execution enforcement across a broad set of policies, available now
Waxell is built around runtime enforcement as the primary capability, not discovery or CMDB integration. Two-line SDK instrumentation covers any framework, and runtime governance policies evaluate before each agent step across 50+ categories — content, cost, safety, privacy, compliance, and rate limits — not scoped to a single mechanism like MCP-layer PII detection. Every decision is captured in a full execution trace, and Waxell's Signal & Domain capability governs what an agent is allowed to retrieve from a data source before that data reaches the model — a layer neither Arthur nor ServiceNow addresses in anything published.
What Waxell doesn't do is org-wide agent discovery at Arthur's scope, or CMDB-anchored asset lifecycle management at ServiceNow's depth. Those are real, different capabilities built for a different first question ("what exists") than the one Waxell answers ("what is it allowed to do, enforced before it happens").
Best fit: Teams that already know which agents matter and need policy enforced before a risky action executes — not detected afterward, not pending a future GA date.
Not the right fit: Enterprises whose primary, most urgent problem is org-wide shadow-agent discovery across an unknown footprint of clouds and frameworks — that's Arthur's or ServiceNow's Discover pillar, not Waxell's focus.
Master comparison table
| Capability | Arthur AI | ServiceNow AI Control Tower | Waxell |
|---|---|---|---|
| Org-wide agent/asset discovery | ✅ Core product pillar, 4 techniques | ✅ Core product pillar, 30+ connectors | ❌ Not the product's focus |
| MCP server visibility | ✅ Discovery signal only | ✅ Formal governed asset type, approval workflow | ✅ Governs tool calls, not just visibility |
| MCP payload blocking (real-time) | ❌ Not described | ✅ GA — blocks PII in MCP payloads | ✅ Native policy enforcement |
| Agent-level kill switch (halt mid-run) | ❌ Not described | ⚠️ Announced, GA expected August 2026 | ✅ Available today |
| Pre-execution enforcement across cost/rate/recursion policies | ❌ Not described as real-time blocking | ❌ Not described as real-time blocking | ✅ Core to Waxell Runtime |
| Data-retrieval-layer governance | ❌ Not addressed | ❌ Not addressed | ✅ Signal & Domain |
| PII detection & redaction | ✅ Built into free Evals Engine + guardrails | ✅ Via AI Gateway (MCP-scoped) | ✅ Native policy category |
| Compliance content packs / frameworks | ⚠️ SOC 2 listed | ✅ Pre-built (EU AI Act, state AI laws, NIST) | ⚠️ Frameworks mapped, not packaged as content |
| Developer-first SDK instrumentation | ❌ Enterprise platform | ❌ Enterprise platform, CMDB-based | ✅ Two-line SDK setup |
| Free tier | ✅ Free ($0/mo) + free open-source Evals Engine | ❌ "Contact Us for Pricing" | ✅ Free during beta |
| Pricing transparency | ✅ Published (Free/$60/Enterprise) | ❌ Opaque | ✅ Published |
| Requires existing platform investment | ❌ Standalone | ✅ Deep CMDB integration is the core value prop | ❌ Standalone |
How to choose
If your most urgent problem is not knowing how many agents exist: Arthur AI. Its four-technique discovery engine (OTel, MCP monitoring, network analysis, API discovery) is purpose-built for finding shadow agents across clouds and frameworks — genuinely the strongest capability in this comparison for that specific problem.
If you're already a large ServiceNow customer: ServiceNow AI Control Tower. Governance mapped into your existing CMDB and asset lifecycle is a real operational advantage if you're already there, and its AI Gateway's real-time PII blocking on MCP traffic is live today, not a roadmap promise.
If you need pre-execution policy enforcement broader than MCP-layer PII detection, available now: Waxell. Neither Arthur nor ServiceNow has shipped a mechanism that blocks an agent's next step across the same range of categories — cost, rate limits, recursion, arbitrary content policy — that Waxell enforces by default, and ServiceNow's most direct competing capability (the kill switch) isn't GA yet.
If you're waiting on ServiceNow's kill switch: it's expected in August 2026. If your compliance or security team needs enforcement before then, that's the gap Waxell fills today — and it's worth re-evaluating ServiceNow's capability once that date passes.
The realistic combination for a large, ServiceNow- or Arthur-invested enterprise: discovery and inventory from Arthur or ServiceNow to answer "what exists," Waxell layered on top for the agents that matter most to answer "what is it allowed to do" — enforced before the action runs, not logged afterward.
Scenario: an unregistered agent starts making unusually high-volume calls
Say a support agent nobody filed a ticket for gets caught by discovery — Arthur's OTel/network scanning or ServiceNow's Service Graph Connectors both catch this kind of thing within hours, and it's genuinely useful triage. A steward assigns an owner and turns on guardrails: PII detection, a toxicity check.
Now the agent starts making a much higher volume of tool calls than expected — not malicious, just an upstream data change putting it into a retry loop. Arthur's alerting will likely flag the anomaly for review. ServiceNow's deviation-detection and policy-violation capabilities will similarly flag and log it — real signal, but not a stop. ServiceNow's kill switch, which could shut the agent down in real time, isn't generally available yet. A budget or rate-limit policy enforced pre-execution — the kind Waxell applies as a default policy category — halts that loop at the threshold, automatically, the same day it's configured, regardless of which discovery platform first caught the agent.
How Waxell handles this natively: Waxell's governance plane evaluates every declared policy against an agent's next step before that step executes — budget ceilings, PII exposure, rate limits, recursion depth — with no CMDB rollout or AI Steward approval workflow required to turn it on. Start free — two-line setup, enforcement live from the first run.
The best AI agent governance platform in 2026 depends on which problem you're solving first. If it's "we don't know what's running," Arthur AI or ServiceNow's Discover pillar answers that better than Waxell does. If it's "we know what's running and need to stop it from doing something risky before it happens," neither Arthur's guardrail-and-alert model nor ServiceNow's partially-pending enforcement matches what Waxell ships today.
Frequently Asked Questions
What is the best AI agent governance platform in 2026?
It depends on the problem. For org-wide agent discovery across an unknown footprint of clouds and frameworks, Arthur AI's four-technique discovery engine is the strongest option in this comparison. For governance mapped into an existing enterprise CMDB and asset lifecycle, ServiceNow AI Control Tower is the natural fit for organizations already running ServiceNow. For pre-execution policy enforcement across a broad set of categories — cost, rate limits, PII, recursion, arbitrary content policy — available today rather than pending a future GA date, Waxell is the only platform in this comparison built around that as a core capability from the start.
Is ServiceNow AI Control Tower's kill switch available yet?
Not as of this writing. It was announced at ServiceNow's Knowledge 2026 event in May 2026, entered ServiceNow's Innovation Lab that month, and ServiceNow's own press release states general availability is expected in August 2026. Until then, ServiceNow's shipped Secure-pillar capabilities detect and flag issues — including via a genuinely GA'd real-time PII-blocking mechanism scoped to MCP payloads — but the broader agent-level kill switch itself isn't live yet.
Does Arthur AI or ServiceNow enforce anything before an agent's action executes?
Yes, in one narrow but real case: ServiceNow's AI Gateway can block MCP payloads containing detected PII in real time, before the payload reaches the requesting agent — confirmed generally available as of ServiceNow's June 2026 release. Beyond that specific mechanism, both platforms' governance models center on guardrails, evaluators, and alerting — detecting and flagging issues rather than blocking a broader range of agent actions before they happen. Waxell's pre-execution enforcement spans a wider set of policy categories by default.
Can I use Arthur AI or ServiceNow AI Control Tower alongside Waxell?
Yes, and for enterprises with a large or unknown agent footprint, this is often the more realistic setup than picking one. Arthur's or ServiceNow's discovery capabilities answer "what agents exist across our organization" at a scope Waxell doesn't try to replicate. Waxell's pre-execution enforcement then applies to the agents that matter most once they're identified — filling the gap between "we know this agent exists" and "this specific risky action was stopped before it ran."
How is this different from the observability-tools comparison?
This post covers enterprise GRC and governance platforms — Arthur AI and ServiceNow AI Control Tower — built around organization-wide AI discovery, risk assessment, and compliance workflow, typically adopted top-down by security or risk teams. Our companion post on the best AI agent observability tools covers a different category: developer-first tracing, evaluation, and debugging platforms (LangSmith, Helicone, Arize Phoenix, Braintrust, Langfuse), typically adopted bottom-up by engineering teams. Waxell appears in both comparisons because it spans both — observability through SDK instrumentation, governance through pre-execution policy enforcement.
Sources
- arthur.ai/pricing — read live via Chrome, 2026-07-13
- arthur.ai/discover-and-govern-agents — read live via Chrome, 2026-07-13
- arthur.ai/column/how-to-find-inventory-and-govern-every-agent-in-your-enterprise — read live via Chrome, 2026-07-13
- ServiceNow Newsroom — AI Control Tower expansion press release, May 5, 2026 — read live via Chrome, 2026-07-13
- ServiceNow Community — AI Control Tower: What's new in the June 2026 release — read live via Chrome, 2026-07-13
- servicenow.com/products/ai-control-tower.html — read live via Chrome, 2026-07-13
- NIST, Artificial Intelligence Risk Management Framework (AI RMF 1.0) (2023) — https://doi.org/10.6028/NIST.AI.100-1
Top comments (0)