Agentsecurity

A diagram showing a production agent surrounded by task scope, identity, tool boundaries, evals, observability, approvals, and rollback

The agent control plane is the product

A production AI agent is only as good as the control plane around it: scope, identity, tool boundaries, evals, observability, approvals, and rollback. Better prompts do not replace that operating model.

A diagram contrasting an agent that runs under a human login with an agent that runs as a named, scoped, non-human identity

Give the agent its own identity, not your credentials

When an agent runs under your personal login, the audit trail cannot tell your actions from the agent’s. Give it a scoped, named identity so you can watch it, revoke it, and explain it.

A left-to-right flow showing task and scope, shadow mode where the agent plans but writes nothing, human review of the plan, and execution where writes happen

Run the agent in shadow mode before it changes anything

The agent’s diff is the most expensive way to learn what it was planning to do. Run it once in shadow mode, where it produces a complete plan but executes nothing, and review the plan before you let it touch anything.

A left-to-right flow showing approved scope, scope expansion, stop and request, human approval, and a run record entry

A new permission means a new approval

A Claude Code run that widens scope after a one-time approval is working under an authorization you never gave. A new permission should mean a stop, a request, and a logged human approval, not a footnote in the summary.

A diagram showing an AI agent connecting through an MCP server to business systems, with scope, credentials, approvals, logs, and stop rules as controls

Your MCP server is part of the security boundary

MCP servers are not harmless connectors once agents use them to reach tickets, data, APIs, deployment tools, or RAG systems. Treat them as part of the security boundary.

A diagram showing delivery and control loops meeting at one release decision for production AI agents

Production AI agents need two loops

A production AI agent rollout fails when engineering proves the patch and security has to reconstruct the authority later. Run the delivery loop and the control loop together.

A diagram showing one control record connecting Claude Code delivery evidence with enterprise AI agent authority evidence

One control record for Claude Code and enterprise agents

Claude Code teams need delivery evidence. Enterprise AI agent teams need authority evidence. One small control record can connect both without turning every agent run into a governance ceremony.

A diagram showing an AI agent workflow with a stop rule before human approval

Give the agent a stop rule before you give it autonomy

Claude Code and enterprise AI agents need more than permissions. Teams need explicit stop rules that tell the agent when to pause, collect evidence, and hand control back to a human.

A diagram showing an AI agent delegation policy from task contract to rollback

Before you buy the agent platform, write the delegation policy

AI agent platforms do not decide your risk appetite. Before teams wire Claude Code, MCP, RAG, workflow tools, and release automation into production work, they need a clear delegation policy.

A diagram showing an agent pull request control record from task contract to release gate

If the agent opens a PR, keep a control record

Agent generated pull requests need more than a clean diff. Teams need a control record that captures scope, tools, tests, review evidence, rollback, and owner approval.