Insights | NextLink Labs

You Connected Everything to Agents. Can You Govern Any of It?

Written by Jordan Saunders | Jul 1, 2026 7:42:16 PM

If you run a mid-market company and your teams are wiring agents into everything right now, you have probably felt a little uneasy about it. You are handing autonomous software access to your systems, your data, and your credentials, faster than you can put any real control around it. That feeling is not paranoia. It is you paying attention.

Here is the reality most leaders have not said out loud yet. Agents are already inside your company. Your developers are running coding agents. Your operations, finance, and marketing people are starting to point agents at their own tools and data. Almost all of it runs through the same new plumbing — a protocol called MCP that lets an agent reach out and call outside tools — and almost none of it is governed. The debate about whether to use agents is over. You are using them. The only open question is whether you govern them or just tell yourself you do.

And the thing that makes an agent useful is the exact thing that should worry you. Autonomy is the point. You want it reaching into systems and acting on its own, because that is where the leverage is. But an agent authenticated as one of your developers, sitting on a laptop, holding production credentials, free to call whatever tool it likes, is quietly the least-governed compute in your entire company. Nobody set it up that way on purpose. It happened one useful tool at a time.

Most AI Governance Is Theater

So people go looking for AI governance, and here I want to be blunt. Most of what gets sold under that name is theater. It shows up in two flavors.

The policy document. A well-written PDF that lays out what agents are and are not allowed to do. That is advice, not enforcement, and an agent does not read your wiki. Writing the rule down and making the rule true are two different jobs, and only one of them protects you.

 

The gateway. A filter on the traffic between the agent and the tools or models it talks to. This one is better, because it is real software doing real work. But it governs the network — the wire between the agent and the outside world. It does not govern the runtime — the actual machine where the agent is reading files, holding secrets, and executing code. You have watched the hallway and left the rooms open.

 

Neither one can answer the three questions your security lead, your auditor, or your cyber insurer will eventually ask.

 
What did the agent touch?
 
What credentials did it use?
 
Where did the data go?

If the honest answer is a shrug, you do not have governance. You have hope.

Governance Has to Move to the Runtime

That is why governance has to move down to the runtime — to the place the agent actually executes. Enforce, do not advise. In practice that means a handful of things working together.

 
The agent runs inside an isolated environment instead of loose on the machine.
 
Secrets get injected so the agent can use a credential without ever actually holding it.
 
Only sanctioned tools are reachable, and everything else is off by default.
 
Network and filesystem access is scoped down to what the job needs.
 
Every action the agent takes gets logged where your security team already looks — not in some separate console nobody opens.

That is the layer Docker is betting on with its AI governance work, and I think it is the right one, because it is the only layer that can see what the agent is doing instead of what you asked it to do.

The Tool Is the Easy Twenty Percent

Now the part most vendors will not tell you. This kind of tooling is infrastructure, not a finished security program. Buying it does not govern your agents any more than buying a lock installs itself on your door. Someone still has to decide the actual policy, wire it into your identity and audit systems, and keep running it as agent use spreads across the company. That is the real work, and it is the part almost nobody is staffed for. The tool is the easy twenty percent. The program around it is the other eighty.

Governance Is Not the Brake

I want to be clear about why this matters, because it is not about fear. The goal was never to slow your teams down. Fear pushes companies toward the worst possible move here, which is doing nothing and letting agents pile up ungoverned because stopping them felt impossible. Governance is not the brake. It is what lets you take your foot off the brake. Once you can actually see and control what your agents do, you get to say yes to them on purpose, at scale, with your eyes open, instead of hoping the useful thing never turns into the expensive thing.

This is the gap we help mid-market companies close at NextLink, and it is why we partnered with Docker to do it at the runtime layer rather than the policy layer. We design the policy model, deploy it, connect it to the tooling you already run, and stand up the program around it. If any of this is landing a little too close to home, that is worth a conversation.

So, founder to founder. If you are connecting everything to agents and you cannot answer those three questions today, you do not have an AI strategy. You have exposure. The good news is that the answer exists now, it works, and there is nothing exotic about it. It is mostly a matter of deciding to do the work before something out there decides it for you.