When you hire a junior engineer, they get a probation period, a code review process, and strict IAM boundaries. When people deploy an AI agent against their data, it usually gets a system prompt and a prayer.
Hoping the model behaves isn’t a security strategy. I learned this the hard way when an LLM tried to drop a table on my live ADX cluster. It didn't get to, because I stopped hoping and built a wall.
Instead of relying on semantic governance or prompt engineering, I enforce a hard boundary where reads pass and writes die at the door.
Here is the one governance pattern I use to lock down agents, and the three different ways I’ve built it.
The Pattern: One Identity, Strict Policy, Unforgeable Receipts






