Let agents do the work. ActPass holds the authority.
The model can propose a refund, a deploy, an email, or a repo change. ActPass decides whether it's allowed, needs approval, or must be blocked — with signed evidence your auditors can verify. Start with one protected workflow.
Refund agent with bounded autonomy
Risk: An agent reads tickets, touches payment records, and issues refunds — untrusted input, sensitive data, and money movement in one place.
ActPass: Small refunds auto-allow, medium require human approval, over-limit deny — every decision bound to a ticket, policy hash, and signed evidence event.
Read the deep dive: Why fintech will buy AI agent security firstCoding agents that cannot push risky changes
Risk: Claude Code and Codex can edit files, run shell commands, push branches, and read secrets.
ActPass: Govern Bash/Edit/Write via PreToolUse hooks; monitor → enforce; block secret-read + external-comms with the runtime Rule of Two.
Read the deep dive: Govern Claude Code and Codex from inside the chatMCP tool drift caught before it ships
Risk: A tool that was read-only yesterday can quietly gain delete, write, or payment powers tomorrow.
ActPass: Scan, baseline an actpass.lock, and fail the PR when a tool gains high-risk capability — drift becomes a reviewable code change, not a runtime surprise.
Read the deep dive: The friendly MCP tool that quietly reads your SSH keysn8n & workflow automation governance
Risk: Workflow nodes mutate tickets, CRM fields, payments, and customer data with no checkpoint.
ActPass: Add a preflight action before risky nodes, require approval for state changes, and record evidence after execution — across MCP, n8n, Slack, Teams, ServiceNow.
Read the deep dive: How to secure AI agents across MCP, n8n, Slack, Teams, ServiceNow, and compliance toolsWeb agents that read hostile HTML
Risk: An agent that browses the web or reads screenshots ingests attacker-controlled instructions straight into its context.
ActPass: Treat untrusted content as untrusted: classify the exposure, keep at most two of the three dangerous capabilities, and gate outward actions behind policy.
Read the deep dive: How to secure web agents that read hostile HTML and screenshotsRuntime Rule of Two enforcement
Risk: A session that has touched untrusted content AND sensitive data should not be allowed to communicate outward next.
ActPass: Accumulate capability "colors" across a session and block the call that would complete the lethal combination — deterministically, at runtime.
Read the deep dive: Your agent just read a file, hit an API, and got user input — now what?