Platform · Agents & Copilots

Treat every agent
like an employee.

An agent is an actor. It needs an identity, a manager, a job description, a budget, and a way out. AI Warden gives every agent a system principal rooted in your IdP, a scoped permission set, a behavioural baseline, and a kill-switch the on-call can hit at 3am.

Talk to an engineer Request demo access

Identity

No more shared API keys.
Every agent is its own principal.

AI Warden mints a system principal for every agent. It federates to your enterprise IdP — Keycloak, Okta, Entra ID, Auth0 — so the agent shows up in your usual identity reports, participates in your usual access reviews, and is off-boarded with the usual leaver process.

  • OIDC client_credentials · long-lived PAT · short-lived workload tokens
  • Federated to your IdP — agents appear in IGA / IAM tooling alongside humans
  • One principal per agent — never one principal per team
  • Provenance baked into every audit event: principal_kind=system, via=oidc-m2m

Agent · sp-92ab

name
credit-risk-summariser
owner
risk-platform · alex.k
idp
keycloak · realm=enterprise
auth
oidc client_credentials
created
2026-03-14
last seen
12s ago
status
active

Scope

Least privilege, expressed in YAML.

An agent gets exactly the models, the MCP methods, and the connectors it needs — nothing more. Scope changes are a versioned policy edit with a four-eyes approval. The diff is in the audit log.

  • Allow-list models, regions, MCP methods, connector verbs
  • Inherit team and product defaults; override per-agent only when justified
  • Time-boxed grants — auto-revoke after the experiment window
  • Policy review surfaced in dashboard “over-privileged agents” report

Behaviour

A baseline for every agent.
Anomalies surface fast.

Each agent develops a behavioural fingerprint — method mix, prompt shape, output size, time-of-day curve, error rates. The warden scores every call against the baseline. A jailbroken or hijacked agent looks different to a working one within minutes.

  • Per-agent baseline learned over a configurable window (default 7 days)
  • Anomaly score per request; auto-pause on ≥3σ sustained deviation
  • Common signals: prompt length spikes, off-pattern tool use, output entropy shift
  • Page the owner before the spend or blast-radius gets out of hand

sp-3c0d · anomaly score

prompt len
0.4σ
tool mix
1.6σ
output size
3.4σ
error rate
2.7σ

⚠ Auto-paused 14:02 UTC · paged owner

Budget

Spend caps with teeth.

Every agent has a hard monthly cap and a soft warning threshold. Hit 80% — the owner gets a heads-up. Hit 100% — the agent is paused. No surprise £200k OpenAI bills. No silent churn through your committed-use credits.

  • Caps per agent, per team, per product, per tenant — the lowest applicable cap wins
  • Spend attributed to tokens, model, region — not a single “OpenAI” line item
  • Reserved-capacity routing first; spot vendors as overflow
  • Forecast by linear & seasonal model — alert before the cap not after

Spend · sp-92ab · this month

$1,420 / $3,000

Forecast end-of-month: $2,610 · within budget

Off-boarding

Pause it. Revoke it. Forget it.

An agent should be as easy to remove as it was to deploy. One click pauses traffic. Confirm and the principal is rotated in your IdP, every PAT is revoked, every connector is unbound. The audit trail stays.

Pause

Single click. The warden returns 503 to all calls from this principal. Reversible. Used for triage during an incident.

Revoke

Pause + IdP credential rotation + PAT mass-revoke + connector unbind. Two-key confirmation. Reversible only by re-onboarding.

Decommission

Revoke + archive scope & baseline + freeze logs at retention=indefinite. The agent is gone; the record stays.

Agent registry

Every agent in your enterprise, in one place.

agentownerscopespendstate
credit-risk-summariserrisk-platform2 models · 2 mcp$1,420 / $3,000active
customer-ops-triagecustomer-ops1 model · 3 mcp$8,210 / $12,000active
research-explorerresearch4 models · 1 mcp$612 / $1,500active
copilot-eng-prdevex2 models · 2 mcp$3,940 / $5,000over 80%
internal-search-botknowledge1 model · 1 mcp$210 / $1,000active
experimental-dataopsdata-platform3 models · 4 mcp$0 / $0paused · anomaly

From shadow agents to governed agents

Take the agent inventory.

A two-week pilot: discover every agent already running, mint principals for the ones you keep, retire the rest. End-state: a registry your CISO and your CFO both believe.

Start the pilot Read — the shadow-AI brief