TL;DR: AI coding has moved from autocomplete to chat agents, CI-integrated automation, and full agent orchestration, with enterprises now directing parallel agents through richer context rather than line-by-line coding, according to WorkOS' conversation with Augment Code CEO Matt McClernan. The governance problem is no longer just productivity; it is how identity, context, and cost controls hold up when software work is increasingly executed by agent-directed systems.
NHIMG editorial — based on content published by WorkOS: Augment Code CEO Matt McClernan on the shift from copilots to agent orchestration
Questions worth separating out
A: Security teams should separate the authority to request work from the authority to execute it, then scope each agent to the minimum repositories, tools, and pipeline stages needed for its task.
Q: Why does context retrieval change the risk profile of AI coding workflows?
A: Context retrieval changes the risk profile because an agent's behaviour depends on the files, tickets, and project history it can see.
Q: What breaks when parallel agents are allowed to scale without cost and quota controls?
A: Without cost and quota controls, parallel agents can multiply usage faster than approval and review processes can keep up.
Practitioner guidance
- Separate human intent from agent execution paths Define where a developer may initiate work and where an agent may continue autonomously without further human input.
- Review retrieval scope as a privileged control Inventory the documents, code, and project state each agent can retrieve, then limit that scope to the smallest workable set.
- Align cost controls with access governance Set quotas, spend alerts, and execution thresholds for parallel agent use so activity cannot scale beyond what the programme can approve and explain.
What's in the full article
WorkOS' full interview covers the operational detail this post intentionally leaves for the source:
- Direct quotes on how enterprises are structuring agent-led developer workflows across real organisations.
- Discussion of how retrieval and context layering affect model choice, task routing, and implementation decisions.
- The interview's view on where specialised models may fragment the market and why orchestration sits above them.
- The interview's budget discussion on why AI usage patterns break traditional forecasting models.
👉 Read WorkOS' interview on the shift from copilots to agent orchestration →
Agent orchestration in software teams: what IAM and security should watch?
Explore further
Agent orchestration turns software delivery into a delegated execution problem. The article is not really about coding speed, it is about who is allowed to direct work that is now executed by parallel systems. Once agents become the primary workers, identity governance has to cover the instruction layer, the retrieval layer, and the action layer together. Practitioners should stop treating this as a simple developer productivity story.
A few things that frame the scale:
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
A: IAM teams should treat supervision as a governed job function. That means recertifying whether a role still needs agent orchestration privileges, whether the holder can evaluate output critically, and whether their access is limited enough that mistakes cannot spread across systems. The control target is not typing speed, but accountable oversight.
👉 Read our full editorial: AI code workflows are shifting from copilots to agent orchestration