Agent Controls
Beyond Which Tool, to How It Behaves
Discovery tells you which AI tools are in use. Agent controls go a level deeper, to how those agents behave. AI agents do things a human user would not, so the risky behaviors worth watching are different from what an EDR is designed to catch.
Cerbera AI gives you a view per user and per agent, with the alerts raised for each, so you can see both the systems in use and how they are configured.
Personal Account Usage
One of the most common findings is the use of non-enterprise accounts, on Claude Code, on ChatGPT, and elsewhere. People reach for their personal account because it is the path of least resistance, and it creates real problems:
- No offboarding control. When the employee leaves, there is no way to delete the company data in those personal cloud sessions or be sure access is revoked.
- No policy reach. You cannot apply the security settings you have configured org-wide to an account you do not administer.
Cerbera AI detects personal account usage so you can require enterprise accounts instead.
Risky Behaviors
Cerbera AI can flag and block behaviors that are dangerous in an agent context:
| Behavior | Why it matters |
|---|---|
| Agent runs SSH commands | An agent opening remote shells is rarely intended and is high risk. |
Access to .env files | Environment files hold secrets the agent should not read or transmit. |
| Intrusive clients | Clients such as RMS or OpenClaw are generally not recommended in a professional environment. |
| Connecting to sensitive resources | An agent reaching a production database may warrant its own rule. |
An EDR is designed around human usage and may not stop an agent from connecting to, say, a managed Postgres. With Cerbera AI you can define rules for exactly these agent behaviors and ensure usage stays reasonable.
Supply Chain (Roadmap)
Coding agents change the supply-chain picture. Claude Code and similar tools constantly pull open-source packages to run just-in-time scripts. Those packages never pass through a CI/CD pipeline, so there is no filter on them.
Cerbera is exploring analysis of this pattern: when an agent downloads many packages for a one-off script, checking whether those packages carry known vulnerabilities. This is on the roadmap rather than available today.
Agent controls are expressed as rules. Start them in monitor mode, confirm the behavior is what you think it is, then promote to block.