How does Credal create secure, scalable Actions?
Intro
Today, enterprises are looking to adopt AI agents to boost efficiency and help them retain a market edge. However, enterprises have complex permissions, governance, and observability problems that must be addressed to build a stable, safe organization. Credal’s mission is to help organizations—including those from highly-regulated industries—to layer security and governance into agentic workflows. With Credal, agentic workflows go from theory to practice.
Credal has three layers of security and governance. These are:
- Permissions Mirroring: Credal mirrors users’ existing permissions in SaaS systems.
- Human Approval: Credal enables Enterprises to enforce Human Approval on LLM actions.
- Audit: Credal maintains an audit trail of every action initiated, approved, and executed by an LLM on behalf of a user.
Today, let’s uncover how Credal’s building blocks, including Credal Actions and Credal Audit Trails, solve these enterprise challenges.
What are Credal Actions?
Credal Actions are pre-existing, well-defined actions for AI agents. These actions can be multi-source or directly integrated with a major SaaS tool or database. Examples of Credal Actions include:
Confluence
- Update page (Edit)
- Overwrite page (Edit)
Credal
- Create Agent (Write)
- Update Agent (Edit)
Google Drive
- Search Google Drive (Search)
- Create Google Doc (Write)
Gitlab
- Search Gitlab (Search)
Jira
- Get JIRA ticket details (Read)
Salesforce
- Get Salesforce data (Read)
- Create a new Salesforce Opportunity (Write)
Multi-source
- Search company knowledge (Search)
However, Actions aren’t just naked operations for agents to invoke. They also abide by Credal’s security tenets which make them suitable for production enterprise systems.
Permissions Mirroring
The first tenet of Credal’s security apparatus is permissions mirroring.
Today, enterprises have robust permissions in their SaaS systems, following a RBAC, ABAC, ReBAC, or a custom authorization framework. Because agentic workflows are built atop existing SaaS systems, and those systems have permissions built-in, Credal inherits existing permissions and enforces them on agents. In other words, users can only take Actions in Credal if they already have access to them outside of the Credal platform. For example, a user could only update a Confluence doc if they already had access to that doc.
Since all of an organization’s data sources use either org-wide credentials with user permissions (e.g. Slack) or user-level authentication (e.g. AWS S3), there would be no exceptions to this permissions model. The guardrails that already exist in the underlying systems remain the ultimate source of truth.
That said, there is an exception to this rule. Some systems, such as Looker and Snowflake, have an entity-based permissions system that is incompatible with an external RBAC or ReBAC design without additional safeguards. To address this, Credal allows organizations to create additional permissions atop these systems, closing the gap.
Additionally, Credal does need to extend a native permissions system for Actions, as Actions themselves are created in the Credal platform. For Actions, Credal features a straightforward permissions system:
- All users can create Actions
- All users can edit their own Actions
- They cannot edit Actions if they are not a “collaborator”. This means they did not create the Action nor were they added by the creator to collaborate on the Action.
- All users can publish their own Actions to specific Agents only
- Only Admins can publish an Action to any and all Agents in the org
- This means that an Action can be attached to any Agent. This is less of a security reason and more so to minimize noise
Between Credal’s native permissions for Actions and permissions mirroring for an Action’s underlying operation, Credal has the right authorization framework suited for enterprise needs.
Human Approval
Sometimes, humans need to manually approve of actions. This is ideal for actions that create non-trivial outcomes (e.g. issuing a new contract to a customer) or actions that deal with sensitive data (e.g. an ETL job of health data). It might also be used for more benign agentic workflows, like drafting a cold email. This approval process is called governance and is independent from an organization’s permissions structure.
Adding human approval is Credal is straightforward. Human approval can be added as the final step before any Action is actually executed. Often, these approvals create multi-user workflows, as the employee that invoked the agentic workflow might be separate from the approver (e.g. a C-suite or manager). In some cases, multiple approvals might be required or a minimum amount of approvals from a pool of users (e.g. engineering managers).
Human approval is optionally available to all Actions as a governance layer. Human approval can be added as a final step at the point of execution for any Action. Adding a checkpoint minimizes both human and LLM error. For example, we can add a Human Approval step to check if the user really intended to send this email, and if the email was correctly drafted by the LLM. Currently, Credal enables Action collaborators to optionally toggle this on as a requirement.
Future state is to automatically enforce human approval for edit / write Action types.
Audit
Organizations not only need to enforce strong security controls, but also monitor traffic and processes to flag any mistakes, inform future design decisions, and retain evidence in the case of a crisis. Credal makes observability easy with Credal Audit logs, where every Action is logged. These logs include the Action’s requester, approver, timestamp, and activity.
Credal Audit logs can inform both permissions and governance. Audit logs can reveal incorrectly set permissions in the underlying SaaS software or unexpected outcomes due to a poor permissions design. They also could inform what high-risk Actions should be subject to a manual human approval.
How do I get started with Credal Actions?
Credal Action makes it easy to supercharge your AI agents while following enterprise-grade security and governance protocols. To get started with Credal Actions, sign up for a demo or discover the Credal Actions documentation.
