Public preview - Governed AI worker planning materials are informational and support readiness conversations.

Security

Security boundaries for governed AI workers.

Scaled Agents™ frames security as a supporting trust layer inside the governed AI worker operating model: identity, least privilege, data minimization, human approval, evidence, monitoring, runtime authorization, and safe operating boundaries before AI-supported work becomes consequential action. Each AI worker should have a Passport-backed operating record for owner, purpose, scope, permissions, lifecycle state, evidence trail, review path, and escalation boundary.

Context

Define the security boundary before connecting AI workers.

Security planning should clarify what the AI worker may access, who owns the operating record, which actions require review, and what evidence must exist before the work moves closer to tools, systems, data, or external commitments.

Scaled Agents is a licensed, customer-managed AI Worker Control Plane for governing AI workers through ownership, approved scope, review gates, evidence, and lifecycle visibility.

  • Use the Passport record to define owner, purpose, scope, permissions, lifecycle state, review path, and escalation boundary.
  • Use Toll Gates when data movement, tool use, cost, autonomy, external communication, or consequential action needs review.
  • Use evidence and monitoring expectations to make approvals, exceptions, lifecycle changes, and operating decisions reconstructable.
  • Keep identity, security, cloud, SaaS, model-provider, workflow, API, and MCP-compatible controls connected around the governance model instead of treating any one tool as the control plane.

AI Security Architecture

Govern the AI worker lifecycle, not only the model lifecycle.

Scaled Agents™ organizes AI security architecture around governed AI worker records: Discover, Register, Classify, Assess, Approve, Deploy, Authorize, Monitor, Audit, and Improve. This lifecycle helps teams connect use cases, data boundaries, prompt and retrieval controls, Model & Provider Dependency Records, tool permissions, runtime decisions, monitoring, incident paths, and evidence without treating a draft record as approval.

Discover to classify

Capture the use case, owner, workflow, data classes, model/provider assumptions, tool needs, autonomy level, user group, and trust boundary before the AI worker moves toward operation.

Assess to approve

Review prompt behavior, RAG or vector sources, data lineage, connector permissions, threat themes, required Toll Gates, human approval, evidence gaps, and rollback or pause conditions.

Authorize to audit

Use Runtime Permit, Action Broker, Toll Gate, Human Review, Evidence Record, Workflow Event, and Audit Export records to show what was requested, checked, blocked, escalated, or approved for review.

Framework-theme mapping

Use NIST AI RMF and NIST CSF 2.0 as anchor lenses, then extend to ISO/IEC 42001, OWASP Agentic AI, MITRE ATLAS, CISA Secure-by-Design, EU AI Act, and ENISA themes where relevant.

Board and executive lens

Summarize posture, incident trajectory, exposure-adjusted monitoring, overdue reviews, blocked actions, and evidence gaps without converting dashboard signals into formal approval or assurance.

Schema before interface

Stabilize Passport fields and evidence records first, then expose reviewer fields in Passport Studio, then refine public messaging after the record model remains consistent.

This public summary supports readiness conversations and evidence organization. It does not certify compliance, validate security posture, approve production use, provide legal advice, or replace customer security, privacy, compliance, audit, and operational review.

Security Principles

Security is designed into the AI worker operating model.

Scaled Agents™ security guidance is centered on governed access, bounded autonomy, traceable decisions, and human accountability. The goal is to help teams understand what must be reviewed before AI workers interact with sensitive data, tools, systems, workflows, or external commitments. Security, identity, cloud, SaaS, model-provider, API, workflow, and MCP-compatible controls remain connected systems around this governance-planning model; public pages do not claim those controls are already implemented by Scaled Agents in a customer environment. These materials support education and preparation, not certification.

Identity and least privilege

AI workers should have defined identities, owners, scopes, permissions, lifecycle states, and review paths. Access should be limited to the reviewed purpose and removed when no longer needed.

Data minimization

Requests should use only the data needed for the reviewed purpose. Secrets, credentials, regulated data, and unrelated sensitive material should not be placed into public or preview workflows.

Evidence and monitoring

Material AI worker activity should leave reviewable evidence showing what was proposed, what was checked, what required approval, what can be summarized for customers, and what remains owner-only.

Runtime gates

Higher-risk requests should be evaluated before action against Passport scope, tool permission, data boundary metadata, cost and usage expectations, approval status, and evidence readiness.

Retrieval boundaries

Knowledge access should be planned so sensitive labels, chunk permissions, user attributes, and environment context are checked before retrieved context reaches an AI worker.

Pause and containment

Security planning should define who can pause, restrict, disable, revoke, contain, restart, or reapprove an AI worker when behavior or context leaves the reviewed boundary.

Cost and resource abuse

Resource consumption, repeated retries, unexpected tool chains, and cost anomalies should be treated as governance signals that may require evidence, human approval, or containment.

Scaled Agents™ Security

AI Agent Control Fabric

AI agents do more than generate responses. They use tools, access data, trigger workflows, write memory, and hand work to other systems. This page shows a governance-control concept for planning and review around those actions so teams can evaluate an AI worker against an owner, a Passport record, approved boundaries, lifecycle state, evidence trails, review path, escalation boundary, and a revocation path before consequential use.

The model generates intelligence. The preview control fabric shows how governed action can be reviewed.

Control outcomes

  • Clear ownership
  • Governed access
  • Human oversight
  • Traceable evidence
  • Revocation path
Scaled Agents Customer-Managed Control Boundary diagram showing AI worker onboarding, Agent Passport assessment, Discovery Gateway, runtime governance, customer enterprise applications, optional Governance Intelligence SLM, and external connectors outside the customer-managed environment.
Identity, approved scope, tool boundaries, data limits, human approval, evidence, auditability, and revocation controls around AI worker activity.

Agent Passport

A preview governance record for each AI worker, including owner, purpose, scope, permissions, lifecycle state, control references, evidence summary, approval state, exception state, and review status. The Passport concept defines reviewed authority boundaries; customer implementation still requires environment-specific controls and validation.

Agent Registry

A preview inventory model for proposed, reviewed, active, restricted, suspended, and retired agents with risk tier, access boundary, model/provider summary, tool permissions, data classification, and human owner.

Evidence Stamps

Structured evidence records and example review markers for approvals, reviews, policy checks, access decisions, and runtime-governance planning.

Policy Toll Gates

Human review checkpoints and planned automated checkpoints that can be configured before agents perform sensitive, high-impact, or regulated actions.

AI Worker Security

Security review follows the work, not only the tool.

An AI worker may draft, recommend, route, call tools, or support workflows. Security review should consider the requested action, data class, target system, authority boundary, human review requirement, rollback path, and audit evidence.

Security review signals
  • New data source, connector, tool, system, or workflow target.
  • Expanded authority, automation, or external action.
  • Customer-impacting, regulated, legal, financial, HR, security, or production-adjacent work.
  • Missing owner, missing evidence, missing approval, or stale review status.

Runtime Security Controls

Security posture has to follow the action path.

For governed AI workers, the security question is not only whether a model is allowed. It is whether this AI worker, with this identity, owner, Passport scope, data boundary, tool permission, cost expectation, evidence set, and approval state should be allowed to perform a proposed action in a reviewed customer implementation.

Nonhuman identity

Plan for each AI worker to have an operating identity, owner, workload identity assumptions, approved authority roles, and revocation path. A Passport reference is not a credential or access grant.

Data boundary metadata

Use classifications, approved sources, destination classes, chunk-level permission metadata, redaction status, retention posture, and connector boundaries so sensitive context does not move without review.

Deny-by-default retrieval

Plan retrieval so unauthorized users receive no restricted context, instead of relying on a model to redact or refuse after sensitive context has already been assembled.

Forbidden-recall testing

Use canary-style validation scenarios to confirm restricted knowledge is not returned for unauthorized test users. Any positive recall should route to remediation before wider use.

Algorithmic audit evidence

Preserve policy version, behavior profile version, model/provider reference, tool reference, decision trace, review path, drift signal, containment status, and closure notes where applicable.

Model route governance

Track model-route scorecard evidence, eval queue status, human review, rollback route, and total task cost per successful outcome before any future route promotion. This is governance support, not live provider routing or production approval.

Persuasion risk governance

Require process evidence for persuasive, executive-framed, BEC-style, voice/video-confirmed, or multi-channel requests before payment, access, external communication, credential, or workflow-change action.

These controls are public-safe readiness expectations. They do not claim live enforcement, automated incident containment, automated budget blocking, fraud prevention, deepfake detection, security certification, or production authorization.

Operating Review

Recurring operating reviews support day-to-day security visibility.

A recurring operating review gives teams a governed view of AI workers: what remains within reviewed scope, what needs review, what changed, and what evidence is available for accountability.

This is a high-level operating-review pattern, not a separate product claim. Public materials describe the purpose only. Internal review methods, scoring, thresholds, prompts, customer records, and security-sensitive control details remain private.

Boundaries

What this page does and does not claim.

What it covers

High-level security posture, least privilege, identity-centric access, data boundaries, human approval, evidence, and readiness expectations for governed AI workers.

What remains customer-specific

Identity, access control, tenant isolation, logging, secure artifact storage, production controls, and deployment architecture must be reviewed for each customer environment. Users should seek qualified legal review and qualified expert review before relying on customer-specific security, privacy, or compliance documents.

What is not claimed

No legal advice, regulatory conclusion, compliance accreditation, security attestation, formal audit opinion, production use, or customer risk acceptance is claimed.

Public preview - Materials support readiness planning and do not authorize production use.