For two decades, controlling infrastructure access meant controlling credentials. A vault decides who gets a key, brokers the connection, and records the session.
That was the right boundary for an era of known humans reaching known systems. It is the wrong boundary now. The damage happens in the actions taken after the credential is granted, the destructive command, the out-of-band change, the sensitive field leaving a query, and a vault sits beside the session where it cannot see or stop any of them.
AI agents make this sharper, acting on production with credentials they inherit from engineers and multiplying live identities faster than door-level control can track. This paper shows where credential brokering ends, how runtime governance reads and gates each action inline, and how the two run together with no rip-and-replace. It includes four anonymized failure modes from the field and a side-by-side of where each model places the control point.
Open source
Save the open-source gateway for agent data access
Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.