Situation
A global enterprise services firm scaled customer-ops automation faster than central IT could govern it. Regional leads deployed agents with local API keys, custom prompts, and no consistent tooling.
What was at stake
At least twelve unapproved agents handled PII across three business units. Security had no inventory; finance had no spend visibility; incident ownership was unclear when a prompt injection attempt surfaced in EMEA.
What Threesixty did
Inventory and risk-tier every discovered agent, data classes, tool access, and business criticality.
Centralise ClawGuard safety policies with per-machine and per-agent assignments; auto-apply policies to new registrations.
Mandate approved toolchains and gateway-routed traffic; decommission or migrate shadow workloads to governed hosts.
Wire violation reporting to human-in-the-loop escalation with evidence packs for SecOps review.
Technical approach
Command Center fleet inventory with ClawGuard: agent-level tool validation, gateway request/response inspection, centralised policy management. Violations surfaced with evidence suitable for SOC review. Tailscale ACLs limit lateral movement; operators reach agents on :8000 without agents reaching each other.
Results
- All twelve shadow agents either migrated to governed infrastructure or were formally retired with sign-off.
- Single leadership dashboard for policy coverage, violations, and spend. No more regional blind spots.
- Duplicate tooling costs fell as teams consolidated on one approved agent stack.
- Mean time from violation detection to triage dropped under five minutes with clear incident owners.