Contextual Policies in Omnigent: Using session state to better govern AI agents
Summary
Databricks' open-source meta-harness, Omnigent, introduces "contextual policies" to enhance AI agent governance beyond simple allow-list controls. These policies track session state, such as an agent's read history or accumulated spend, to dynamically decide if an action should proceed. This approach addresses new enterprise risks like prompt injection, where an agent's safety depends on prior actions. Unlike traditional guardrails that block actions entirely or cause user fatigue with constant approvals, contextual policies enable nuanced controls. Omnigent supports various coding agents like Claude Code and Codex, and frameworks such as OpenAI Agents SDK. Example policies include a Google Drive policy confining writes to agent-created documents, a risk score policy that tightens controls as sensitive material is handled, a cost policy with soft and hard spending caps, and intent-based authorization applying the Principle of Least Privilege.
Key takeaway
For MLOps Engineers or AI Security Engineers deploying agents, you should move beyond static allow-list controls. Implement contextual policies to dynamically manage agent risks and costs, preventing issues like prompt injection or budget overruns without user fatigue. Your agents can become both safer and more usable by adapting permissions based on session history, such as documents accessed or cumulative spend. Consider integrating Omnigent to apply these advanced governance models across your existing agent harnesses.
Key insights
AI agent governance is significantly improved by contextual policies that dynamically adapt based on session state.
Principles
- Agent safety requires context, not just static allow-lists.
- Least privilege can be enforced dynamically based on intent.
- User fatigue from constant approvals is a policy design flaw.
Method
Policies listen to agent events, update session-specific state variables, and return decisions (allow, deny, transform, ask user) based on current state and event.
In practice
- Confine agent writes to documents created within the current session.
- Implement dynamic risk scores to escalate approval requirements.
- Set soft and hard spending caps for agent model calls per session.
Topics
- AI Agent Governance
- Contextual Security
- Prompt Injection Mitigation
- Omnigent
- Policy Enforcement
- Cost Management
Code references
Best for: AI Architect, CTO, VP of Engineering/Data, AI Engineer, MLOps Engineer, AI Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Databricks.