Skip to main content

Agent Controls

Beyond Which Tool, to How It Behaves

Discovery tells you which AI tools are in use. Agent controls go a level deeper, to how those agents behave. AI agents do things a human user would not, so the risky behaviors worth watching are different from what an EDR is designed to catch.

Cerbera AI gives you a view per user and per agent, with the alerts raised for each, so you can see both the systems in use and how they are configured.

Personal Account Usage

One of the most common findings is the use of non-enterprise accounts, on Claude Code, on ChatGPT, and elsewhere. People reach for their personal account because it is the path of least resistance, and it creates real problems:

  • No offboarding control. When the employee leaves, there is no way to delete the company data in those personal cloud sessions or be sure access is revoked.
  • No policy reach. You cannot apply the security settings you have configured org-wide to an account you do not administer.

Cerbera AI detects personal account usage so you can require enterprise accounts instead.

Risky Behaviors

Cerbera AI can flag and block behaviors that are dangerous in an agent context:

BehaviorWhy it matters
Agent runs SSH commandsAn agent opening remote shells is rarely intended and is high risk.
Access to .env filesEnvironment files hold secrets the agent should not read or transmit.
Intrusive clientsClients such as RMS or OpenClaw are generally not recommended in a professional environment.
Connecting to sensitive resourcesAn agent reaching a production database may warrant its own rule.

An EDR is designed around human usage and may not stop an agent from connecting to, say, a managed Postgres. With Cerbera AI you can define rules for exactly these agent behaviors and ensure usage stays reasonable.

Supply Chain (Roadmap)

Coding agents change the supply-chain picture. Claude Code and similar tools constantly pull open-source packages to run just-in-time scripts. Those packages never pass through a CI/CD pipeline, so there is no filter on them.

Cerbera is exploring analysis of this pattern: when an agent downloads many packages for a one-off script, checking whether those packages carry known vulnerabilities. This is on the roadmap rather than available today.

note

Agent controls are expressed as rules. Start them in monitor mode, confirm the behavior is what you think it is, then promote to block.

Next Steps