Give AI agents real work, not unchecked power.
I build the control layer that decides what your AI agents are allowed to do in production, before they act.
Once an agent can issue a refund or message a customer, a prompt asking it to behave is not a control. I put the decision outside the model: every action is checked against policy before it runs, high-risk ones wait for a human, and all of it is logged. So you can ship agents into real operations and prove exactly what they can and cannot do.
No pitch. We pressure-test an agent you're building and whether it's safe to ship. You decide if a paid audit is worth it.
▎A line in a prompt is a suggestion.
A model can be talked out of a suggestion. So the controls that stop a bad action live outside the model, not in the prompt.
Least-privilege by default.
Every agent only sees what it needs. Documented permission matrix. No high-risk action runs without approval.
Every action logged.
Tool calls, inputs, outputs, approvers. Stored in your infrastructure. Exportable for compliance review.
Approval gates on anything risky.
Customer-facing messages, writes to production, irreversible actions. Your team approves. Always.
▎What every agent I build will and won't do.
- ✕Delete or permanently destroy data, files, repos, tickets, records, or accounts
- ✕Send customer-facing messages (email, chat, SMS, support reply) without human approval
- ✕Execute financial transactions (payments, refunds, transfers, contract signing)
- ✕Write to production systems without scoped permissions and a rollback plan
- ✕Access secrets or credentials except through approved vault patterns (1Password, Doppler, AWS Secrets Manager)
- ✕Bypass existing approval workflows that humans rely on
- ✕Take irreversible actions without a human-in-the-loop gate
- ✕Use customer PII outside the boundaries set by your data classification
- ✓A documented permission matrix (who can do what)
- ✓Scoped, least-privilege credentials for every tool it can reach
- ✓Audit logs for every tool call (exportable, queryable)
- ✓Human-approval gates on customer-facing or high-blast-radius actions
- ✓Eval suite for known failure modes
- ✓Rollback or undo plan for any state-changing operation
- ✓A kill switch to disable any tool without a redeploy
- ✓Failure-mode visibility (agent refuses unsafe requests and says why)
▎How an agent fits inside your infrastructure
▎Every outbound call is routed, logged, and governed by policy.
See it running: the governed agent demoAgent Readiness Audit
I take an agent you're building or already running and pressure-test whether it's safe to put into production: what it can touch, what could go wrong, and what has to be true before your security team signs off. You get the gaps and the plan to close them. No commitment beyond the week.
- →Action and access map: everything the agent can do and reach
- →Blast-radius review: what breaks if it acts wrong, and where
- →Permission matrix and data-classification draft
- →Prioritized governance gaps with a plan to close each one
- →30-minute readout call
Who you're working with
I'm Sarthak, an engineer based in New Delhi. I build production AI agent systems for US tech companies, focused on the unglamorous parts most AI consultants skip: permissions, audit trails, evals, and rollback. If you can't show your security team how an agent works, you can't ship it.
For the last two years, I've worked on AI training and agent systems via Turing, IgniteTech, and G2i, on projects for OpenAI, Anthropic, Meta, and others. That work taught me what production-grade AI systems require beyond the demo. Now I'm bringing that into agent builds for US tech companies that need agents doing real work, with control over what they can do and proof of what they did.
▎Common questions
▸Isn't this just guardrails?
▸How is this different from AI agent security tools?
▸Why not just build this internally?
▸Do you replace my security team?
▸What happens if you disappear?
Map your highest-friction workflow.
One call. No pitch. You leave with a clearer picture of where agents will actually help.
Or reach me directly: sarthakgupta124@gmail.com