We built a fully deterministic control layer for agents. Would love feedback. No pitch

*Introducing a Fully Deterministic Control Layer for Agents*

We've developed a control layer that sits directly in the execution path between agents and tools, allowing for real-time decision-making on actions taken by agents. This layer is designed to prevent potential security risks and provide a more granular level of control over agent behavior.

**Credential Starvation and Session-Based Risk Escalation**

Unlike traditional approaches that rely on long-lived access credentials, our control layer uses credential starvation to limit agent privileges. Agents operate with minimal privileges by default and only gain access to resources on a per-action basis, based on policy and context. This approach also incorporates session-based risk escalation, where behavior across the entire session is tracked to detect potential security risks. For example, a single database read may be allowed, but 20 sequential reads followed by an export would trigger a risk escalation.

**Targeted Interruption and Autonomy Zones**

Our control layer is designed to minimize the need for human intervention (HITL) in low-risk scenarios, allowing for automatic approvals or constrained actions. However, when higher-risk actions are detected, human approval is required. Autonomy zones are also established to reflect varying trust levels across different environments and actions. For instance, read-only internal data may have minimal restrictions, while external API writes or sensitive system access would have tighter controls.

**Granular Control and Audit Logging**

Our control layer provides per-tool, per-action control, allowing for a fine-grained evaluation of risk based on specific endpoints, parameters, frequency, and sequence. This approach is more effective in detecting potential security risks than blanket policies. Additionally, a hash-chained audit log is maintained, including near-misses, to provide a comprehensive record of all actions taken by agents.

We're interested in feedback on our approach and would welcome any suggestions or insights on how to improve our control layer.