AI agent orchestration and audit chains: are your controls ready?

TL;DR: As AI agents move into production, the governance gap is no longer model output but runtime action: identity per instance, chain-of-custody audit, and external policy enforcement are all missing in most stacks, according to Cerbos. The critical failure is that current controls assume access can be reviewed after the fact, while agents make and execute decisions before review exists.

NHIMG editorial — based on content published by Cerbos: runtime policy for AI agents and the governance gap they expose

Questions worth separating out

Q: What breaks when AI agents share one long-lived identity across instances?

A: Shared long-lived identity breaks containment, revocation, and accountability because the real unit of action is the agent instance, not the agent class.

Q: Why do AI agents complicate existing IAM and audit models?

A: AI agents complicate IAM because they can delegate, chain actions, and select tools at runtime, which means access decisions are no longer fixed at provisioning time.

Q: How can security teams tell whether agent runtime controls are actually working?

A: Look for evidence that policy decisions happen outside the agent, that tool calls fail closed when the policy service is unavailable, and that each action carries sponsor and purpose context.

Practitioner guidance

• Inventory all active agents and sub-agents Build a live register of agent instances, delegated assistants, and tool-connected workflows.
• Assign sponsor-tied lifecycle ownership Require every agent to have a named human sponsor whose status governs the agent’s continued operation.
• Externalise tool-call authorisation Place decisioning outside the agent’s reasoning loop so the policy engine evaluates each tool call before execution.

What's in the full article

Cerbos' full blog post covers the operational detail this post intentionally leaves for the source:

• A runtime policy engine pattern for agent-to-tool calls, including how external authorisation is separated from agent reasoning.
• A sponsor-tied lifecycle model for agent instances, with practical examples of what changes when ownership changes.
• A chain-of-custody audit approach that preserves original purpose, approval, and delegation context across sub-agents.
• Fail-closed testing considerations for policy-plane outages and what to verify before moving agents into production.

👉 Read Cerbos' analysis of runtime policy for AI agent orchestration →

AI agent orchestration and audit chains: are your controls ready?

Explore further

View Full Forum →  |  NHI Foundation Course →