TL;DR: As LLM work shifts from prompt engineering to context engineering and now harness engineering, the runtime around the model is becoming the real control surface, with policy, memory, orchestration, observability, and auditability determining whether agents can operate safely in production. That makes identity, authorization, and evidentiary controls central to agent governance, not optional add-ons.
NHIMG editorial — based on content published by Drata: Watching the discipline of building with LLMs reinvent itself, in real time, for the third time in three years
Questions worth separating out
Q: How should security teams govern agent actions inside a harnessed runtime?
A: Security teams should treat the harness as the enforcement point for authorization, state, and audit.
Q: Why do agent harnesses create new IAM and PAM requirements?
A: Agent harnesses create new IAM and PAM requirements because they turn delegated action into a runtime decision.
Q: What do security teams get wrong about memory in agent systems?
A: Security teams often treat memory as if a vector store were enough.
Practitioner guidance
- Define agent identity binding rules Bind every agent run to three runtime fields: the agent instance, the sponsoring human or workflow, and the tenant boundary.
- Move policy checks before execution Require pre-action authorization for tool use, data access, and external calls.
- Separate retrieval from governed state Do not rely on a vector store as a substitute for memory.
What's in the full article
Drata's full article covers the operational detail this post intentionally leaves for the source:
- How the harness layers map to actual implementation choices across orchestration, policy, memory, and observability.
- The specific examples and references behind the eight-layer harness model discussed in the article.
- The GRC-native design patterns Drata uses to think about evidence, authorization, and reversibility in agent workflows.
👉 Read Drata's analysis of harness engineering and agent runtime design →
Harness engineering and agent runtimes: what teams need to know?
Explore further
Harness engineering is really a privilege governance problem in disguise. The article shows that the interesting decisions are no longer about prompt quality, but about what the runtime allows an agent to do. That is an IAM and PAM problem at the boundary of model, tool, and tenant. Once the harness decides tool access and action scope, it becomes the practical enforcement point for least privilege, exception handling, and delegated authority. The practitioner conclusion is straightforward: if the harness is ungoverned, the agent is ungoverned.
A question worth separating out:
Q: How can organisations make agent decisions auditable for compliance?
A: Organisations need an evidentiary record, not just operational logs. That means capturing who or what acted, the policy version in effect, the evidence used, the tool calls made, and the resulting decision. When that information is tied together, auditors can reconstruct the action chain without relying on informal explanations later.
👉 Read our full editorial: Harness engineering is redefining how LLM systems are built