Essay
Agentic AI governance: platform, not policy
Lock agents down too tight and teams stop experimenting. Let them run too loose and you get the horror stories. The middle path: treat agent configuration like infrastructure, not policy.
Tried NemoClaw last night. Impressed. Then exhausted.
Nvidia’s sandbox version of OpenClaw has strong policy controls. Really strong. But configuring access for almost every tool and skill got tiring fast.
Due to security concerns, I hadn’t tried OpenClaw until now. But I’d been browsing its codebase for quite a while — learning the architecture ideas: agent skills, heartbeat scheduling, tool orchestration. Based on those, I built my own version on top of Claude Code. Honestly? It works better than the original would have. Not because I’m a better engineer (I’m not). But because I configured every skill, every tool, every scheduled task around how I actually work.
The out-of-box agent needed permission configuration on almost every interaction. Sandboxed file access. Restricted network calls. Secure? Absolutely. But the friction compounded fast.
The tension every enterprise will hit
This is the tension every enterprise is going to hit with agentic AI governance.
Lock agents down too tight and your teams stop experimenting. They’ll click through 12 permission dialogs, get frustrated, and go back to doing things manually. You’ve protected the org but killed the learning.
Let agents run too loose and you get the horror stories. Data leaks. Unintended actions. Agents emailing your CEO at 3am (not speaking from experience…).
The middle path: treat agent configuration like infrastructure, not policy
The middle path I’m pondering: give teams a well-built chassis — curated agent skills tied to the org’s context and workflows, scoped tool access, sensible defaults — and let them customise from there.
Control the platform. Trust the practitioner.
My scrappy Claude Code setup now queries our data warehouse, drafts executive summaries, and delivers them via email. All from a terminal. No permission dialogs. Because I scoped the guardrails once, not on every interaction.
Enterprise AI governance needs to think more like this. Less “block by default.” More “build the right sandbox and let people play.”
Originally shared on LinkedIn.