惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
D
DataBreaches.Net
S
Secure Thoughts
B
Blog
S
Schneier on Security
Y
Y Combinator Blog
P
Proofpoint News Feed
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
F
Full Disclosure
Engineering at Meta
Engineering at Meta
L
LangChain Blog
T
Threatpost
阮一峰的网络日志
阮一峰的网络日志
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The Hacker News
The Hacker News
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
Cyberwarzone
Cyberwarzone
T
The Exploit Database - CXSecurity.com
雷峰网
雷峰网
博客园 - 司徒正美
Help Net Security
Help Net Security
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
P
Privacy International News Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Vulnerabilities – Threatpost
Cisco Talos Blog
Cisco Talos Blog
L
LINUX DO - 热门话题
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Threat Research - Cisco Blogs
Recent Announcements
Recent Announcements
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
H
Heimdal Security Blog
Jina AI
Jina AI
C
Cisco Blogs
Attack and Defense Labs
Attack and Defense Labs
Microsoft Security Blog
Microsoft Security Blog
L
Lohrmann on Cybersecurity
aimingoo的专栏
aimingoo的专栏
D
Docker
I
Intezer
C
Check Point Blog
Cloudbric
Cloudbric
小众软件
小众软件
V2EX - 技术
V2EX - 技术

Aryaka

How Unified SASE Improves China Connectivity: Performance, Security, And Compliance | Aryaka Blog Why China Connectivity Remains A Major Enterprise Challenge For Global IT Teams | Aryaka Blog The Market Has Spoken (Twice): Why Enterprises Choose Aryaka For SD‑WAN And Unified SASE AI Performance Is A Network Problem, Not Just Compute From ZIP File To Crpx0 Ransomware: Anatomy Of A Multi-Stage Attack Aryaka AI-Ready Network: Why Your WAN Fails For AI Workloads AI Is Redefining Cybersecurity: How CISOs Can Stay Ahead In An AI‑Driven Threat Landscape | Aryaka Blog Aryaka Named Leader In G2 Spring 2026 For SD-WAN & Cloud Security Enterprise AI Agent Governance: Build, Deployment & Runtime Explained Is Your Outdated Network Holding Your Business Back? Why Modernization Matters For Cloud, Security, And IT Costs | Aryaka Blog Kernel In The Crosshairs: How The BlackSanta EDR-Killer Campaign Targets Recruitment Workflows | Aryaka Blog Addressing The “God Key” Challenge In Agentic AI For MCP Servers: Why You Need MCP-Aware, AI-Aware ZTNA | Why Browser Security Alone Will Not Protect Us In The Agentic AI Era Aryaka Modern Workplaces Need A New Meaning Of “Site”: How AI>Secure Uses Logical & Physical Sites For Consistent GenAI Security | Aryaka Blog How Modern Security Platforms Organize Rules | SASE & SSE Securing OpenClaw Agents From ClawHavoc Supply-Chain Attacks With AI-Driven Protection Securing OpenClaw: Why ZTNA Is Critical For Enterprise AI Agent Authentication
Governing Tens Of Thousands Of AI Agents: Why Policy Chaining Matters For Scalable Runtime Governance | Aryaka Blog
Srini Addepalli · 2026-03-19 · via Aryaka

Governing Tens of Thousands of AI Agents: Why Policy Chaining Matters

A new architectural challenge is emerging as enterprises adopt AI agents at scale.

It is no longer unusual for large organizations to plan for thousands or even tens of thousands of deployed agents across departments, applications, and workflows.

These agents may assist employees, automate operations, analyze documents, interact with enterprise systems, and coordinate complex workflows.

But once agents begin to proliferate across the enterprise, an important question arises:

How do you govern and secure interactions with tens of thousands of agents without creating an unmanageable policy system?

This challenge is often underestimated.

Why Agent Governance Becomes Complex

Even if many agents are built using the same underlying agent stack, they rarely behave the same way.

Different agents require different runtime validation and governance.

Consider a few examples.

HR Agents

An HR assistant interacting with employees may need to detect:

  • employee PII.
  • compensation information.
  • social security numbers.
  • internal HR policies

Prompts or responses containing such information may need to be redacted or blocked.

Developer Assistants

A developer productivity agent may allow:

  • source code
  • snippets
  • stack traces
  • debugging discussions

But it must detect:

  • API keys.
  • internal repositories.
  • proprietary code leakage

Finance Agents

Finance assistants may require strict checks for:

  • financial records
  • bank account numbers
  • tax identifiers

And may restrict external references entirely.

Customer Support Agents

Customer-facing assistants may require:

  • tone moderation
  • abuse detection
  • harassment filtering

Even if those checks are unnecessary for internal engineering assistants.

The Combinatorial Explosion Problem

Now consider a large enterprise environment.

An organization may have:

  • 10,000 agent instances
  • 20 user groups
  • multiple agent types
  • multiple validation categories

Each interaction may require different combinations of:

  • content category restrictions
  • content safety checks
  • tone validation
  • sensitive data detection
  • code detection
  • URL validation

Even if each agent only requires a few validation differences, the number of possible combinations quickly grows into tens of thousands of policy variations.

Without the right policy model, this becomes extremely difficult to manage.

AI>Secure: A Structured Runtime Governance Model

AI>Secure addresses this challenge using three building blocks:

  1. Validator Objects
  2. Inspection Objects
  3. Traffic Policies with Policy Chaining

This layered model allows enterprises to reuse validation logic while keeping runtime policies understandable.

Validator Objects

Validator objects represent individual validation capabilities.

Examples include:

  • content category filtering
  • content safety checks
  • tone validation
  • sensitive material detection
  • code detection
  • URL classification
  • prompt injection detection

Each validator can be tuned independently.

For example:

A Sensitive Data Validator for Finance may detect:

  • bank account numbers
  • tax identifiers

While a Sensitive Data Validator for Engineering may detect:

  • source code
  • API keys

Validator objects allow enterprises to define reusable building blocks.

Inspection Objects

Inspection objects combine multiple validators into reusable validation profiles.

They define which validators run at each inspection point.

Inspection points may include:

  • user prompts
  • model responses
  • file uploads
  • tool requests
  • tool results
  • file downloads

For example:

Finance Agent Inspection Object

Prompt inspection:

  • financial data detection
  • prompt injection detection
  • URL validation

Response inspection:

  • financial leakage detection
  • tone validation

Developer Agent Inspection Object

Prompt inspection:

  • code detection
  • source code policy enforcement

Response inspection:

  • API key detection
  • URL validation

Inspection objects allow enterprises to define standard validation profiles that can be reused across many agents.

Traffic Policies

Traffic policies determine when each inspection object should be applied.

Rules may match conditions such as:

  • user identity
  • user group
  • department
  • role
  • agent identity
  • agent type
  • device posture
  • network location

Each rule performs one of three actions:

  • ALLOW (with a specific inspection object)
  • DENY
  • JUMP (delegate evaluation to another rulebase)

Rules are evaluated using first-match semantics.

Policy Chaining

Instead of forcing all policies into one massive rule list, AI>Secure supports policy chaining.

Policy chaining allows one rulebase to delegate evaluation to another rulebase using a JUMP action.

This allows enterprises to organize policies modularly.

For example:

Top-level policy:

if user_group = Finance → JUMP finance-policy

if user_group = HR → JUMP hr-policy

else → DENY

Finance policy:

if agent_type = expense → JUMP finance-expense-policy

if agent_type = forecast → JUMP finance-forecast-policy

else → ALLOW finance-default-inspection

Expense policy:

if role = contractor → ALLOW strict-finance-inspection

if role = manager → ALLOW finance-manager-inspection

If a chained rulebase produces no match, evaluation returns to the parent rulebase.

This allows fallback policies to apply naturally.

Why Policy Chaining Works Well at Scale

Policy chaining provides several advantages for large enterprises.

Modular Policy Design

Policies can be organized by logical dimensions such as:

  • department
  • user group
  • agent type

Instead of maintaining one giant rulebase.

Reusable Rulebases

Rulebases can be reused across multiple parents.

For example, a contractor restrictions policy can be reused across many departments.

Deterministic Evaluation

Policies are evaluated along a single path using first-match semantics.

There is no ambiguity about which policy applies.

Easier Debugging

Each decision can be traced along the policy path:

root-policy → finance-policy → expense-policy → ALLOW

This makes troubleshooting far easier.

Why Not Use Hierarchical Policy Models?

Some systems use hierarchical policy inheritance, where multiple policies are applied and merged.

For example:

global policy

department policy

application policy

user policy

All policies contribute to the final decision.

While this model can be powerful, it also introduces challenges:

  • policies must be merged
  • pconflict resolution becomes complex
  • pdebugging becomes difficult
  • ppolicy behavior becomes less predictable

When many policies interact simultaneously, understanding why a decision occurred can become extremely difficult.

The Advantage of Policy Chaining

AI>Secure avoids these complexities by using policy chaining instead of policy merging.

With policy chaining:

  • ppolicies are evaluated sequentially
  • ponly one evaluation path is taken
  • p decisions are deterministic
  • p policy reuse remains possible through chained rulebases

This approach provides the flexibility enterprises need without introducing the complexity of hierarchical policy merging.

Scaling Runtime Governance for AI Agents

As enterprises deploy thousands of agents, runtime governance becomes a core architectural requirement.

The challenge is not just detecting unsafe content.

It is managing large-scale validation policies in a way that remains understandable and maintainable.

AI>Secure addresses this through:

  • p reusable validator objects
  • p reusable inspection profiles
  • p modular traffic policies
  • p policy chaining for scalable rule organization

Together, these capabilities allow enterprises to govern AI interactions at scale while keeping policy systems manageable.

The future of enterprise AI will not simply be about building agents.

It will be about governing thousands of agent interactions safely and predictably.

And doing that effectively requires the right runtime policy architecture.