本文结构In This Post
为什么要把 Agent 当作主体Why Agents Must Be Treated as Principals
只把 Agent 视为 API Key 的做法,无法支持企业级问责。因为 API Key 不能描述“谁授权它这么做、在什么上下文下执行、执行后影响了哪些资源”。Treating agents as API keys is insufficient for enterprise accountability. Keys cannot describe who delegated authority, under what context execution happened, or which resources were impacted.
三个必须具备的控制点Three Mandatory Control Points
- 身份生命周期:可创建、可授权、可撤销。Lifecycle: create, authorize, and revoke.
- 委托边界:明确 Agent 代表谁、可执行哪些动作。Delegation boundaries: define who the agent represents and which actions are allowed.
- 调用归因:每次调用都可追溯到具体人或具体 Agent。Attribution: every call must trace back to a concrete human or agent identity.
落地路径:从低风险场景开始Rollout Path: Start with Low-Risk Scenarios
建议先把 Agent 纳入只读查询和内部知识检索等低风险流程,再逐步扩展到审批、写入和外部系统调用。这样可在控制风险的同时积累治理经验。Start by governing agents in low-risk read-only workflows such as internal retrieval, then gradually expand to approval, write operations, and external calls. This builds governance maturity while controlling risk.