Notifications
Clear all
Topic starter
08/06/2026 4:40 pm
TL;DR: Anthropic and OpenAI’s enterprise guidance shows that production AI agents succeed with simple composable patterns, layered guardrails, and explicit tool-risk controls, while enterprise teams still struggle with evaluation, security, and delegation across systems, according to WorkOS’s analysis of the two guides. The deeper issue is that traditional IAM assumes stable, reviewable access, but agentic systems can act, branch, and delegate within one session.
NHIMG editorial — based on content published by WorkOS: Enterprise AI Agent Playbook: What Anthropic and OpenAI Reveal About Building Production-Ready Systems
Questions worth separating out
Q: How should security teams govern AI agents that can take actions across multiple systems?
A: Security teams should govern AI agents as delegated identities with explicit tool scope, session visibility, and audit requirements.
Q: Why do AI agents complicate existing IAM controls?
A: AI agents complicate IAM because they do not behave like stable human users or fixed service accounts.
Q: What breaks when organisations treat agent workflows like ordinary automation?
A: What breaks is the assumption that the workflow is fully predetermined and therefore safe to govern with simple rules.
Practitioner guidance
- Inventory agent workflows by decision boundary Document where the agent makes a choice, where it calls a tool, and where it hands work to another component.
- Classify tools by blast radius Separate read-only data tools from write-capable action tools and from orchestration tools that can trigger downstream agents.
- Bind agent access to explicit delegation records Require each agent session to carry a recorded delegation context that states who authorised it, what systems it may reach, and when that authority expires.
What's in the full article
WorkOS's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step examples of prompt chaining, routing, parallelization, orchestrator-workers, and evaluator-optimizer in enterprise settings.
- Detailed discussion of agent tool classes, including the specific risk trade-offs of read, write, and orchestration tools.
- Implementation notes on MCP authentication and enterprise integration patterns for teams deploying agent workflows.
- WorkOS's examples of how its own MCP-related tooling fits into deployment workflows for teams using Vercel and Cloudflare.
👉 Read WorkOS’s analysis of enterprise AI agent playbooks and MCP security →
AI agent production patterns: what IAM teams need to watch?
Explore further
08/06/2026 6:26 pm
Enterprise AI agents collapse the assumption that access is stable long enough to govern through normal IAM cadences. The article shows agents taking actions on behalf of users across multiple systems, which means access can be acquired, used, and re-used inside a single workflow. That breaks the governance premise behind periodic access review and static entitlement reasoning. The implication is that identity programmes must stop assuming agent access behaves like human access.
A few things that frame the scale:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
A question worth separating out:
Q: Who is accountable when an AI agent makes the wrong decision in production?
A: Accountability should remain with the organisation that authorised the delegation, not with the model itself. Practically, that means the business owner, security owner, and platform owner all need clear responsibility for scope, monitoring, and remediation. If no one can state who approved the agent’s authority, the governance model is incomplete.
👉 Read our full editorial: Enterprise AI agent playbooks expose the real production gap
