Documentation / Guides
AI Agent Governance Guide
Secure and govern AI agents accessing your systems via Model Context Protocol (MCP)
Why Govern AI Agents?
AI agents are autonomous software entities that can read data, execute code, and make decisions. Without proper governance, they pose significant security risks:
Risks Without Governance
- • Unrestricted data access and exfiltration
- • Uncontrolled code execution
- • No audit trail of agent actions
- • Agents acting outside their intended scope
- • Credential theft and lateral movement
Benefits of Governance
- • Policy-based access control for agents
- • Real-time action monitoring and alerting
- • Comprehensive audit logs
- • Just-in-time permissions
- • Automatic threat detection and response
What is Model Context Protocol (MCP)?
MCP is an open protocol by Anthropic that standardizes how AI agents interact with external tools, data sources, and APIs. TigerIdentity acts as an MCP gateway, intercepting and authorizing all agent requests.
Learn more about MCP →1
Register Your AI Agent
Create an identity for each agent
Each AI agent is treated as a non-human identity (NHI) in TigerIdentity with its own attributes and capabilities.
Register via API
POST /v1/principals
Content-Type: application/json
{
"type": "ai_agent",
"name": "customer-support-agent",
"description": "Agent that helps with customer support tickets",
"attributes": {
"agent_type": "assistant",
"model": "claude-3-5-sonnet",
"provider": "anthropic",
"department": "customer_success",
"risk_level": "medium",
"capabilities": [
"read_customer_data",
"create_tickets",
"send_emails"
]
},
"relationships": {
"owner": "user_alice", // Person responsible for this agent
"team": "customer-success"
},
"metadata": {
"created_by": "user_alice",
"purpose": "Automate L1 support responses"
}
}
# Response
{
"principal_id": "agent_cust_support_001",
"api_key": "ti_agent_a1b2c3d4e5f6...", // Use for authentication
"created_at": "2026-02-05T14:30:00Z"
}Agent Types & Risk Levels
| Agent Type | Risk Level | Example Use Cases |
|---|---|---|
| Assistant | Low | Read-only data queries, report generation |
| Automation | Medium | Workflow automation, ticket management |
| Autonomous | High | Self-directed tasks, code deployment |
2
Configure MCP Gateway
Route agent requests through TigerIdentity
Deploy the TigerIdentity MCP Gateway as a proxy between your agents and backend systems.
Gateway Configuration
# config/mcp-gateway.yaml
apiVersion: v1
kind: MCPGateway
metadata:
name: production-mcp-gateway
spec:
# Gateway endpoint
endpoint: https://mcp.tigeridentity.company.com
port: 8443
# Authentication
authentication:
type: api_key
header: X-Agent-API-Key
validate_against: tigeridentity
# MCP servers (backends that agents can access)
servers:
- name: customer-database
type: database
endpoint: postgresql://prod-customer-db:5432
protocol: mcp
resources:
- type: customer_data
operations: [read, search]
- name: ticketing-system
type: api
endpoint: https://tickets.company.com/api
protocol: mcp
resources:
- type: ticket
operations: [read, create, update]
- name: email-service
type: api
endpoint: https://email.company.com/api
protocol: mcp
resources:
- type: email
operations: [send]
# Policy enforcement
authorization:
enabled: true
policy_engine: tigeridentity
default_decision: deny
# Monitoring
monitoring:
enabled: true
log_level: info
audit_all_requests: true
# Alert on suspicious patterns
alerts:
- name: excessive-data-access
condition: requests_per_minute > 100
action: rate_limit
- name: unauthorized-action
condition: decision == "deny"
action: alert_security_team
# Rate limiting
rate_limits:
- principal_type: ai_agent
limit: 1000
window: 1m
- principal_type: ai_agent
risk_level: high
limit: 100
window: 1mDeploy Gateway
# Deploy via Kubernetes
kubectl apply -f config/mcp-gateway.yaml
# Or Docker
docker run -d \
--name tigeridentity-mcp-gateway \
-p 8443:8443 \
-v $(pwd)/config:/config \
-e TIGERIDENTITY_API_KEY=$TI_API_KEY \
tigeridentity/mcp-gateway:latest
# Verify gateway is running
curl https://mcp.tigeridentity.company.com/health
{
"status": "healthy",
"version": "1.0.0",
"servers_configured": 3
}Architecture
AI Agent→MCP Gateway→TigerIdentity (authz)→Backend System
All agent requests are intercepted, authorized by policies, logged, and then proxied to backends.
3
Define Agent Access Policies
Control what agents can do
Create fine-grained policies that specify which agents can access what resources and under what conditions.
Example: Customer Support Agent Policy
# policies/customer-support-agent.yaml
apiVersion: v1
kind: Policy
metadata:
name: customer-support-agent-access
description: "Access control for customer support AI agents"
spec:
# Who (principals)
principals:
type: ai_agent
attributes:
agent_type: assistant
department: customer_success
# Default deny
default_decision: deny
rules:
# Allow reading customer data
- name: read-customer-data
effect: allow
resources:
type: customer_data
sensitivity: [public, internal] # NOT confidential
actions: [read, search]
# Conditions
conditions:
# Only during business hours
- time_of_day in ['business_hours']
# Rate limit
- requests_per_hour < 500
# Data masking
data_masking:
enabled: true
fields: [ssn, credit_card, password]
# Allow creating tickets
- name: create-tickets
effect: allow
resources:
type: ticket
actions: [create, update]
conditions:
# Require human approval for high-priority tickets
- if ticket.priority == "high" then require_approval
approval:
approvers:
- type: role
role: support_manager
# Allow sending emails (with content filtering)
- name: send-emails
effect: allow
resources:
type: email
actions: [send]
conditions:
# Must include disclaimer
- email.body contains "[Automated Response]"
# Daily limit
- emails_sent_today < 100
# Content filtering
content_filtering:
enabled: true
block_patterns:
- "confidential"
- "password"
- regex: "\d{3}-\d{2}-\d{4}" # SSN pattern
# Deny access to PII
- name: block-pii-access
effect: deny
resources:
type: customer_data
sensitivity: confidential
actions: [read, write, delete]
# This rule takes precedence (explicit deny)
priority: 100Advanced Policy Patterns
Scoped Access
Limit agents to specific customer accounts
conditions: customer_id in agent.allowed_customersTime-Boxed Permissions
Grant temporary elevated access
session: max_duration: 1hHuman-in-the-Loop
Require approval for risky actions
effect: allow_with_approvalAnomaly Detection
Block unusual behavior patterns
conditions: behavior_score < 0.54
Monitor Agent Activity
Real-time visibility and alerts
Track all agent actions in real-time with comprehensive audit logging and dashboards.
Agent Activity Dashboard
Key Metrics
847
Requests (Last Hour)
98.2%
Approval Rate
3
Policy Violations
Query Agent Audit Logs
# Get all actions by a specific agent
GET /v1/audit/events?principal_id=agent_cust_support_001&limit=100
# Find denied requests
GET /v1/audit/events?principal_type=ai_agent&outcome=deny
# Search for specific resource access
GET /v1/audit/events?resource_type=customer_data&action=read
# Aggregate by agent
POST /v1/audit/events/aggregate
{
"group_by": ["principal_id", "outcome"],
"filters": [
{ "field": "principal_type", "operator": "eq", "value": "ai_agent" }
],
"time_range": { "start": "2026-02-05T00:00:00Z", "end": "2026-02-05T23:59:59Z" }
}
# Response
{
"groups": [
{
"principal_id": "agent_cust_support_001",
"outcome": "allow",
"count": 1523
},
{
"principal_id": "agent_cust_support_001",
"outcome": "deny",
"count": 12
}
]
}Real-Time Alerts
# alerts/agent-monitoring.yaml
alerts:
- name: agent-excessive-denials
condition: |
count(outcome == "deny") > 10
in last 5 minutes
for principal_type == "ai_agent"
severity: warning
actions:
- notify: security-team
- suspend_agent: true
- name: agent-pii-access-attempt
condition: |
resource.sensitivity == "confidential"
and action in ["read", "write"]
and principal_type == "ai_agent"
severity: critical
actions:
- notify: [security-team, dpo]
- revoke_agent_access: immediate
- name: agent-rate-limit-exceeded
condition: requests_per_minute > 200
severity: info
actions:
- rate_limit: true
- notify: agent_owner
- name: agent-unusual-behavior
condition: behavior_anomaly_score > 0.8
severity: high
actions:
- require_human_approval: true
- notify: security-teamBehavioral Anomaly Detection
TigerIdentity learns normal behavior patterns for each agent. Unusual activity triggers alerts:
- • Accessing resources outside typical scope
- • Sudden spike in request volume
- • Access patterns different from training data
- • Requests during unusual times
SDK Integration
Integrate TigerIdentity into your agent code to automatically enforce policies.
Python SDK Example
from tigeridentity import TigerIdentityClient, MCPGateway
# Initialize client
client = TigerIdentityClient(
api_key=os.environ["TIGERIDENTITY_API_KEY"],
principal_id="agent_cust_support_001"
)
# Initialize MCP gateway
mcp = MCPGateway(
endpoint="https://mcp.tigeridentity.company.com",
client=client
)
# Agent code
async def handle_customer_query(customer_id: str, query: str):
try:
# Access customer data through MCP gateway
# TigerIdentity automatically checks policies
customer = await mcp.call_tool(
server="customer-database",
tool="get_customer",
arguments={"customer_id": customer_id}
)
# Generate response using Claude
response = await anthropic.messages.create(
model="claude-3-5-sonnet-20241022",
messages=[{
"role": "user",
"content": f"Customer query: {query}\nCustomer info: {customer}"
}]
)
# Create ticket through MCP gateway
ticket = await mcp.call_tool(
server="ticketing-system",
tool="create_ticket",
arguments={
"customer_id": customer_id,
"description": query,
"priority": "medium"
}
)
return response.content[0].text
except TigerIdentityDenied as e:
# Access denied by policy
logger.error(f"Access denied: {e.reason}")
return "I don't have permission to access that information."
except TigerIdentityApprovalRequired as e:
# Action requires human approval
approval = await request_approval(
approvers=e.approvers,
reason=e.reason
)
if approval.approved:
# Retry with approval token
return await handle_customer_query(customer_id, query)
else:
return "This action requires approval that was not granted."TypeScript SDK Example
import { TigerIdentityClient, MCPGateway } from '@tigeridentity/sdk';
const client = new TigerIdentityClient({
apiKey: process.env.TIGERIDENTITY_API_KEY,
principalId: 'agent_cust_support_001'
});
const mcp = new MCPGateway({
endpoint: 'https://mcp.tigeridentity.company.com',
client
});
async function handleCustomerQuery(customerId: string, query: string) {
try {
// All MCP calls are automatically authorized
const customer = await mcp.callTool({
server: 'customer-database',
tool: 'get_customer',
arguments: { customer_id: customerId }
});
// Agent logic here...
} catch (error) {
if (error instanceof TigerIdentityDenied) {
console.error('Access denied:', error.reason);
}
}
}Best Practices
1
Principle of Least Privilege
Grant agents only the minimum permissions needed. Start restrictive and expand as needed.
2
Data Masking by Default
Mask PII (SSN, credit cards, passwords) in agent responses unless explicitly authorized.
3
Human-in-the-Loop for High-Risk Actions
Require approval for actions like deleting data, financial transactions, or modifying production systems.
4
Rate Limiting
Prevent runaway agents with per-agent rate limits. Typical: 1000 requests/minute.
5
Comprehensive Logging
Log every agent action with full context for compliance and security investigations.
6
Regular Policy Reviews
Review agent policies monthly. Remove unused permissions and tighten overly permissive rules.
Secure Your AI Agents
Start governing AI agents with TigerIdentity today