The following is an actionable eight-step plan one can ask teams to implement and report against:
Eight controls, three pillars: govern agentic systems at the boundary. Source: Protegrity
Constrain capabilities
These steps help define identity and limit capabilities.
1. Identity and scope: Make agents real users with narrow jobs
Today, agents run under vague, over-privileged service identities. The fix is straightforward: treat each agent as a non-human principal with the same discipline applied to employees.
Every agent should run as the requesting user in the correct tenant, with permissions constrained to that user’s role and geography. Prohibit cross-tenant on-behalf-of shortcuts. Anything high-impact should require explicit human approval with a recorded rationale. That is how Google’s Secure AI Framework (SAIF) and NIST AI’s access-control guidance are meant to be applied in practice.
The CEO question: Can we show, today, a list of our agents and exactly what each is allowed to do?
... continue reading