The architecture of governable AI agents: Constrain first, observe always

AI agents have evolved beyond simple chatbots to autonomously manage complex tasks across various systems, raising critical security and governance challenges. The OWASP Top 10 for Agentic Applications outlines the most significant risks these systems face, such as goal hijacking and rogue agents, and emphasizes two foundational design principles: least agency and strong observability. Least agency involves limiting an agent's autonomy in decision-making and actions, requiring nuanced consideration of dimensions like scope, planning depth, delegation breadth, and action reversibility. Strong observability goes beyond logging to provide continuous, queryable insights into what agents are doing, why, and under whose authority, ensuring that every action is traceable and verifiable. These principles are interdependent; without observability, least agency becomes blind constraint, and without least agency, observability becomes unmanageable. Implementing these principles requires a robust identity infrastructure that assigns agents their own identities and enforces fine-grained, resource-scoped permissions, enabling a feedback loop where least agency informs observability and vice versa. The WorkOS platform offers solutions like RBAC and Fine-Grained Authorization to help implement these principles without building an entire infrastructure from scratch, addressing the vulnerabilities outlined in the OWASP framework.