AI Harness EngineeringChapter 16 of 19

Part 8Safety, Guardrails, and Governance

16

Secure Agent Operations and Enterprise Governance

Sections in this chapter

  1. 1The governance perimeter
  2. 2Identity and authentication
  3. 3RBAC and delegated scopes
  4. 4Change management integration
  5. 5Audit and SIEM integration
  6. 6Approval workflows at scale
  7. 7Data residency and egress
  8. 8Vendor risk and third-party models
  9. 9Incident response integration
  10. 10The trust handoff: enterprise onboarding
  11. 11The governance scorecard

Key Takeaways

Insight

The interview version of this reframe: a senior interviewer will ask "how does your agent fit into an enterprise deployment?" They are not asking for a list of features. They are asking whether you

Interview Questions

1

Your agent is ready to deploy to a regulated enterprise customer. Walk me through the onboarding sequence.

Frame: the four-phase trust handoff — read-only, write-with-sync-approval, write-with-async-approval, unattended for specific Skills. Each phase has its acceptance criteria. Don't skip phases to accelerate; skipping is the most common cause of failed enterprise deployments.

2

Design the identity and authorization model for an enterprise agent.

Frame: SSO via SAML/OIDC, user is the principal end-to-end, agent-run tokens scoped to the intersection of user permissions, Skill scope, and runtime narrowing. No service accounts, no long-lived tokens. Step-up auth for destructive actions.

3

How does the agent integrate with the customer's existing change management?

Frame: two patterns — agent opens a CR through the existing system (ServiceNow, Jira) with the full context, or agent is invoked as a step in a governed pipeline that already has approval gates. Either way, the agent participates in, rather than bypasses, existing process.

4

An agent's action caused a production incident. Walk through the response.

Frame: standard incident-response pattern but with agent-specific steps. Pull the trace ID. Identify the principal (user). Identify the Skill version and model version. Check guardrail decisions. Check approval chain. Determine whether the failure was prompt-injection, model regression, guardrail gap, or h

5

What's the difference between a demo-quality agent and an enterprise-quality agent?

Frame: the governance scorecard. IdP, RBAC, audit, change management, approvals, residency, vendor contracts, incident response, evals, guardrails. A demo has the core capability; an enterprise agent has all ten integrations working.

6

A customer asks: `do you train on our inputs?' Give the complete answer.

Frame: model provider under enterprise agreement with no-training-on-inputs clause; logging retention at the provider configurable (typically 7-day or zero); encryption in transit and at rest; DPA in place; subprocessor list published and current; customer inputs never transit outside their declared region