Agent orchestration in software teams: what IAM and security should watch

TL;DR: AI coding has moved from autocomplete to chat agents, CI-integrated automation, and full agent orchestration, with enterprises now directing parallel agents through richer context rather than line-by-line coding, according to WorkOS' conversation with Augment Code CEO Matt McClernan. The governance problem is no longer just productivity; it is how identity, context, and cost controls hold up when software work is increasingly executed by agent-directed systems.

NHIMG editorial — based on content published by WorkOS: Augment Code CEO Matt McClernan on the shift from copilots to agent orchestration

Questions worth separating out

Q: How should security teams govern developer agents that can act across code, build, and deployment systems?

A: Security teams should separate the authority to request work from the authority to execute it, then scope each agent to the minimum repositories, tools, and pipeline stages needed for its task.

Q: Why does context retrieval change the risk profile of AI coding workflows?

A: Context retrieval changes the risk profile because an agent's behaviour depends on the files, tickets, and project history it can see.

Q: What breaks when parallel agents are allowed to scale without cost and quota controls?

A: Without cost and quota controls, parallel agents can multiply usage faster than approval and review processes can keep up.

Practitioner guidance

• Separate human intent from agent execution paths Define where a developer may initiate work and where an agent may continue autonomously without further human input.
• Review retrieval scope as a privileged control Inventory the documents, code, and project state each agent can retrieve, then limit that scope to the smallest workable set.
• Align cost controls with access governance Set quotas, spend alerts, and execution thresholds for parallel agent use so activity cannot scale beyond what the programme can approve and explain.

What's in the full article

WorkOS' full interview covers the operational detail this post intentionally leaves for the source:

• Direct quotes on how enterprises are structuring agent-led developer workflows across real organisations.
• Discussion of how retrieval and context layering affect model choice, task routing, and implementation decisions.
• The interview's view on where specialised models may fragment the market and why orchestration sits above them.
• The interview's budget discussion on why AI usage patterns break traditional forecasting models.

👉 Read WorkOS' interview on the shift from copilots to agent orchestration →

Agent orchestration in software teams: what IAM and security should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →