Red Hat opens Ansible to AI agents, within limits
Red Hat on Tuesday opened its Ansible Automation Platform to AI agents while adding new controls intended to keep them under tight governance. The company made its Model Context Protocol (MCP) server for Ansible generally available, allowing any AI tool to access the platform. Additionally, it introduced a new automation orchestrator, in technology preview, that routes actions through human-approved, deterministic playbooks.
The goal is to help enterprises adopt AI-driven automation while maintaining strict oversight. Recent incidents of AI agents performing unauthorized actions have heightened concerns, making governance a top priority for IT teams. Red Hat aims to strike a balance between leveraging AI capabilities and preserving operational stability.
Expanding model support and contextual awareness
As part of this release, Ansible Automation Platform now supports a broader range of AI models. In addition to IBM’s WatsonX Code Assistant, the platform works with models from Google, Anthropic, OpenAI, and any other leading models that are OpenAI API-compatible. This flexibility gives enterprises more choices when integrating AI into their automation workflows.
Enterprises can also provide their own background information through Retrieval-Augmented Generation (RAG) embedding. This allows the platform to incorporate internal policies, update schedules, and other contextual knowledge into AI-driven suggestions. As Sathish Balakrishnan, vice president and general manager of the Ansible business unit at Red Hat, explained: “Customers have a lot of contextual knowledge — our policies, when we update machines, rules they have written about IT infrastructure. We can now start reading all of those things.”
Guardrails and deterministic playbooks
Despite the expanded AI functionality, Red Hat is implementing strong guardrails. “AI is unpredictable,” Balakrishnan noted. “When you suddenly put AI into your production environment and ask it to change it, you’ve seen the articles about how a company lost its database.” To mitigate risk, the platform relies on pre-made, tested, and approved playbooks for automations requested by users. If the AI suggests a new action not covered by existing playbooks, a human must verify it before execution.
These playbooks are not only testable, repeatable, and deterministic but also more cost-effective than calling a large language model during runtime. Balakrishnan added, “Why would you use AI just to patch a machine? We all know tokens are expensive. We know the best way to patch a machine — why call an AI to do that when you already have a playbook that’s been in use for ten years?”
Industry perspectives on AI agent risks
The security implications of connecting AI agents to automation platforms are significant. Paul Nashawaty, an analyst at Efficiently Connected, warned: “The security concerns are very real. If those agents are connected to highly privileged automation systems, the blast radius can become enormous, including accidental production outages or destructive actions.”
Nashawaty recommended that companies avoid giving AI unrestricted production access, broad admin privileges, or autonomous control over critical systems. The strongest use cases today include AI-assisted troubleshooting, compliance remediation, developer self-service, and human-approved workflow execution. With these new features, developers may request environments in natural language, AI systems could correlate alerts and suggest fixes, and operations teams might reduce incident response times by having AI assemble and execute approved remediation steps.
IDC analyst Jevin Jensen noted that he has been waiting for vendors to provide natural-language front ends for their platforms for the past 18 months. “This really broadens the use and value of the platform to new users and improves efficiency of existing users,” he said. However, he stressed the importance of good governance, including role-based access control, to reduce risk. He advised starting with development environments or less impactful cloud areas before moving to production.
Additional Ansible enhancements
Beyond AI integration, Red Hat also introduced several other updates. Administrators can now delegate the ability to trigger automations to end users. For example, factory floor managers can initiate updates at times that minimize interference with manufacturing schedules. Additionally, multiple events can now trigger the same automation playbook, eliminating the need for separate playbooks for each event. These changes aim to make automation more accessible and efficient across enterprise operations.
The shift toward AI-augmented automation reflects a broader trend in IT operations. Enterprises are seeking ways to accelerate workflows without sacrificing control. Red Hat's approach — combining AI flexibility with deterministic guardrails — offers a pathway for organizations to explore generative AI while maintaining the reliability of proven automation methods. The MCP server's general availability marks a milestone, but the company is cautious about moving too fast, ensuring that human oversight remains central to any AI-driven changes.
As AI continues to evolve, the balance between innovation and risk management will be critical. For now, Red Hat is focusing on enabling enterprise customers to take the first steps with AI agents in a controlled manner, using tools that have been tested and approved over years of practice. The new orchestrator and expanded model support provide a framework that can grow as the technology matures, allowing organizations to gradually empower AI agents while keeping them on a short leash.
Source: Network World News