People running agents in production: how do you control what they're actually allowed to do?

Reddit r/AI_Agents News

Summary

A developer seeks advice on how to control and bound AI agents' actions in production environments, particularly when they interact with real systems like databases and customer data, asking about current practices and whether this is a known headache.

Been building agents that call real tools (not just chat), and the part I keep tripping on isn't the model, it's bounding what the agent is allowed to do once it can touch real systems: refunds, writes to a DB, sending emails, hitting customer data. Curious how people are handling this in prod right now: Broad service token and hope? Static OAuth scopes granted once? Per-call checks you wrote yourself? Human-in-the-loop for anything risky? Nothing yet / not a problem at your scale? And the flip side: if someone asked you to prove exactly what every agent did and why it was allowed to, could you? Or is that not on anyone's radar yet? Mostly trying to figure out if this is a real headache or if I'm overthinking it. If an agent ever did something it shouldn't have, I'd genuinely love to hear what happened.
Original Article

Similar Articles