Full Report
Runtime governance for securing the agentic enterprise
Analysis Summary
# Best Practices: Runtime Governance for the Agentic Enterprise
## Overview
These practices address the shift from deterministic software to autonomous AI agents. As AI models become a "runtime tier," traditional static access controls (based on predictable code paths) are no longer sufficient. These recommendations focus on externalizing security logic into a unified **Agentic Identity Fabric** to manage non-deterministic behavior and machine-speed decision-making.
---
## Key Recommendations
### Immediate Actions
1. **Inventory AI Runtimes:** Identify where LLMs are being used as decision engines or "agents" within existing application stacks.
2. **Externalize Identity:** Cease embedding authentication and authorization logic within individual AI applications; move these functions to a shared infrastructure layer.
3. **Implement Token-Based API Security:** Ensure all tools and APIs accessible to agents are protected by robust token validation (moving the perimeter to the token).
### Short-term Improvements (1-3 months)
1. **Establish an Identity Fabric:** Deploy identity middleware that can handle delegation, allowing agents to act on behalf of users without sharing credentials.
2. **Define Behavioral Boundaries:** Move beyond "can this user access this data" to "should this agent perform this specific action" based on the agent's current objective.
3. **Enhanced Observability:** Implement logging that captures the "reasoning" or execution path of the LLM to provide an audit trail for non-deterministic actions.
### Long-term Strategy (3+ months)
1. **Transition to Intent-Based Governance:** Develop policies that govern the *intent* of an agent rather than just its resource permissions.
2. **Multi-Agent Orchestration Policy:** Build a centralized policy engine that governs interactions between different agents, especially those crossing organizational boundaries.
3. **Continuous Policy Evolution:** Shift to dynamic authorization models that adapt to the context of the agent’s reasoning at runtime.
---
## Implementation Guidance
### For Small Organizations
- Use cloud-native IAM tools and managed AI services that support standard federation (OIDC/SAML).
- Focus on the "Least Privilege" principle for all API keys provided to LLMs.
### For Medium Organizations
- Implement a centralized identity provider (IdP) to unify fragmented identity stores.
- Deploy an API Gateway to serve as an enforcement point for all agent-initiated tool calls.
### For Large Enterprises
- Invest in an **Agentic Identity Fabric**: a sophisticated middleware layer capable of complex delegation and runtime policy enforcement.
- Establish a "Governance Control Plane" that separates policy definition from the AI execution environment.
---
## Configuration Examples
While specific code is not provided in the text, the following architectural configuration is recommended:
- **Architecture:** Distributed enforcement points (PEP) connected to a central Policy Decision Point (PDP).
- **Execution Path Governance:**
- `Identity` -> `Agent Assertion` -> `Policy Check (Intent vs. Boundary)` -> `Capability Access`.
---
## Compliance Alignment
- **NIST AI RMF (Risk Management Framework):** Aligning with governance and map-measure-manage functions for AI risks.
- **NIST SP 800-207 (Zero Trust Architecture):** Treating every agent request as a new access request that must be verified.
- **ISO/IEC 42001 (AI Management System):** Supporting the governance requirements for automated decision-making.
---
## Common Pitfalls to Avoid
- **Predictability Bias:** Assuming security code review of the base prompt is enough (LLM behavior is non-deterministic).
- **Identity Fragmentation:** Allowing each AI project to create its own siloed identity store or bot-user credentials.
- **Hard-coded Guardrails:** Trying to bake security logic directly into the AI prompt or code instead of using an externalized governance layer.
- **Ignoring Delegation:** Failing to track the chain of authority when an agent spawns sub-agents to complete a task.
---
## Resources
- **Broadcom Agentic Identity Fabric:** [https://docs.broadcom.com/doc/broadcom-agentic-identity-fabric] (Whitepaper on securing the AI enterprise)
- **Identity as the Control Plane:** [https://www.security.com/product-insights/repatriating-iam-part-1]
- **Shared Infrastructure Principles:** Refer to Netegrity/SiteMinder architectural patterns for externalized policy.