The Shadow Workspace: Governing AI Agents You Didn’t Know Were Coding

0
4

By Peter Davies, International Government, Coder

Recently, the conversation inside regulated enterprises has moved fast as organisations navigate the shift from AI-assisted software development to purely agentic development. The focus is increasingly on platforms and that means an expansion of the ‘builder’ population beyond credentialed engineers to analysts, domain specialists, and operators. More software platform builders mean more IT environments. More environments mean more surface area. And when autonomous AI coding agents are introduced, with their access to repositories, ability to generate code and execute tasks without continuous human direction, this creates a security problem that most governance frameworks have not yet addressed. While there are already risks to AI-assisted coding, AI coding agents represent a categorically different order of risks.

These agents can access repositories outside their intended scope, generate verbose outputs that inadvertently surface sensitive context, and escalate privileges in ways no human developer would, simply because their optimisation function does not include the threat model a trained engineer carries. It’s what practitioners call ‘The lethal trifecta of agent risk’, which refers to accessing private data, the ability to communicate externally, and exposure to untrusted context through prompt injection. This is already informing how regulated enterprises, which must comply with strict government guidelines, are approaching AI deployment. 

Join The European Business Briefing

New subscribers this quarter are entered into a draw to win a Rolex Submariner. Join 40,000+ founders, investors and executives who read EBM every day.

Subscribe

The governance challenge 

What does this challenge look like in practice? Take the example of a major European bank in fourteen jurisdictions, each with distinct data residency requirements, national implementations of NIS2, and regulatory expectations from the EBA, FINMA, or PRA. Or a UK defence contractor operating on networks that must meet OFFICIAL-SENSITIVE controls, with supply chain obligations extending to tier-two and tier-three partners who may be running AI coding tools on unmanaged laptops. 

The question for such organisations is: if an AI agent took an action in your development environment today, could you reconstruct exactly what it did, why, and who authorised it?

For most organisations, the honest answer is no. The reason is because the infrastructure to answer that question simply does not yet exist in most environments.

Human in the loop 

Regulated enterprises cannot have a human reviewing every line of AI-generated code, so they must move oversight to the policy and boundary level, not the task level. This means audit logs that capture every agent action, toolchain constraints that prevent a coding assistant working on a customer-facing application, sandboxed execution environments where agent-generated code runs in isolation before it touches anything live. 

The transition from human in the loop to human on the loop is about making accountability scalable across environments that span continents, classification levels, and regulatory regimes simultaneously. No single centralised platform can serve everyone. What the market needs are shared baselines, and increasingly, regulatory frameworks, such as DORA and NIS2 are supplying exactly that.

The aim is for regulatory frameworks to set minimum standards for auditability, access control, and incident reporting.  Enterprises deploy on their own infrastructure and use their own toolchains but produce logs and controls compatible with regulatory expectations. What has been missing is the operational infrastructure that makes those directives enforceable at the speed development actually moves.

Compliance that moves with the workspace

When a workspace template defines what an AI agent can and cannot do (what repositories it can access, what actions it can take, what external communications are permitted, and what boundaries it must respect), that governance is structural and doesn’t depend on a developer remembering to apply a policy checklist before spinning up a session. A workspace that meets DORA incident reporting requirements on a standard corporate network works identically in a restricted partner environment, because the controls are embedded in the template, not held in a separate policy document that depends on developer discipline to apply.

This is the governance challenge that platform-level infrastructure closes. Centralised visibility and control over what every AI agent does, without requiring security teams to be present in every session. Full audit trails from workspace creation, not reconstructed after an incident. Agent boundaries that prevent the blast radius of a single compromised session from cascading across the environment.

Taking action

Governance infrastructure is a current and critical requirement. The platform builder population is already expanding with AI coding tools already in development workflows, approved or otherwise. Autonomous agents are already being piloted in engineering teams that have not yet resolved the governance question. The window to get ahead of it is narrowing.

The practical starting point is the same whether the organisation is a UK government department or a Tier 1 bank in Frankfurt: 

  • Move development workloads off local machines into governed, self-hosted cloud environments where source code, credentials, and agent actions never touch an endpoint the organisation does not control.
  • Govern every AI model call and agent action with a centralised audit layer that logs, attributes, and makes observable what AI is doing in the development environment before regulators or incident responders ask the question.
  • Define agent boundaries in the platform itself, not in policy documents that rely on developer discipline, so that what an agent is allowed to do is structural.

The factory has already given way to the framework, and the agents are already operating. The regulatory frameworks that will govern what happens next are already in force. What remains is building the infrastructure that makes governance operational before the scale of AI-augmented development outpaces the organisation’s ability to oversee it.

LEAVE A REPLY

Please enter your comment!
Please enter your name here