Version: v1.1.0
This page is explanatory. It does not change TealTiger v1.1.0 contracts.
Security vs Governance for AI Agents
Why this distinction matters
As systems move from chatbots to autonomous agents, teams often mix up two separate needs:- Security hardening — preventing compromise and unsafe configurations
- Runtime governance — deciding what an agent is allowed to do, deterministically, with audit evidence
Security hardening (what it is)
Security hardening is about reducing the chance that an agent environment is compromised or misconfigured. Typical security hardening controls include:- configuration audits (detect risky defaults)
- gateway/network hardening (bind to localhost, strong auth)
- credential hygiene (detect exposed tokens/keys)
- plugin/skill supply-chain checks
- sandbox and permission lockdown
Security hardening is necessary, but it does not answer: “Should this action be allowed right now?”
Runtime governance (what it is)
Runtime governance is about making each action policy-controlled with a deterministic decision boundary. TealTiger provides:- Decision (ALLOW/DENY/REDACT/TRANSFORM/DEGRADE/REQUIRE_APPROVAL)
- Reason codes (why a decision happened)
- Risk scores (quantified signal across domains)
- Audit events (evidence)
- Modes (REPORT_ONLY/MONITOR/ENFORCE) for safe rollout
How they work together
A mature agent deployment uses both layers:- Security hardening reduces compromise and misconfiguration
- TealTiger governance constrains legitimate-but-risky behavior and provides evidence
- Hardening prevents an exposed gateway and weak auth.
- Governance prevents a “helpful” agent from bulk-exporting data or burning budget in loops.
What TealTiger is NOT
- Not a CVE patching system for third-party agent runtimes
- Not a malware scanner for plugins/skills
- Not a full sandbox/containment system
Related reading
- /concepts/decision-model
- /policy/reason-codes
- /policy/risk-scores
- /audit/audit-event-schema
- /architecture/enforcement-flow
- /integrations/openclaw