AI agent control plane gaps: are your runtime checks keeping up?

TL;DR: Control plane tools can discover, inventory, and assign ownership to AI agents, but they do not stop an agent from acting three months later when it independently calls tools or provisions infrastructure, according to 1Kosmos. The real governance gap is runtime authorization: existing identity models assume access is stable enough to review, but autonomous agents can create and use privileges inside a single session.

NHIMG editorial — based on content published by 1Kosmos: When Control Plane Tools Don't Stop AI Agents from Acting: The Execution Plane Gap

Questions worth separating out

Q: How should security teams govern AI agents that can call tools autonomously?

A: Security teams should govern autonomous agents at two layers.

Q: Why do control plane tools fail to prevent risky AI agent behaviour?

A: Control plane tools fail because they operate at identity registration, not at the moment of action.

Q: What breaks when AI agents rely on static API keys?

A: Static API keys create a long-lived trust window that outlives the decision that issued the key.

Practitioner guidance

• Separate inventory from enforcement Use control plane tools to register agents, assign owners, and manage lifecycle events, but do not assume those functions can prevent unsafe tool calls at runtime.
• Add execution-time policy checks to MCP paths Place policy enforcement at the Model Context Protocol layer so every tool request is evaluated before it reaches the target service.
• Replace static credentials with scoped verifiable credentials Bind agent credentials to a specific issuer, a single agent, a short validity window, and a narrowly defined action set.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step explanation of how the execution plane intercepts MCP tool calls before they reach the target system.
• Detailed description of verifiable credential fields, including issuer identity, validity window, and permitted scope.
• How CIBA-based approval flows work when an agent needs human authorisation for a high-risk action.
• The article's own compliance framing for GDPR Article 22, SOC 2, and OWASP Agentic Top 10 alignment.

👉 Read 1Kosmos's analysis of control plane and execution plane governance for AI agents →

AI agent control plane gaps: are your runtime checks keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →