Guide

Process automation security & privacy

Agentic automation is only enterprise-ready when it’s governable: explicit tool boundaries, least privilege, approval gates, and evidence artifacts that make every action provable.

No credit card required. Switch to a paid plan any time.

Automation security & privacy model

Enterprise readiness is a policy system: data classes, tool boundaries, approvals, and evidence.

Risk knobs

Data sensitivity

58PII / secrets

Autonomy

46agent freedom

Mitigations

Policy decision

Allow with approvals

Require approval gates and capture evidence.

28/100

Rule of thumb

If the action is irreversible or touches sensitive data, require approvals and produce evidence artifacts as structured records.

Mitigations that matter

Data classes

PII / secrets / regulated records

Tool boundaries

allowlists, least privilege

Evidence artifacts

who/what/when/why

14–18 min read

Advanced

Threat model: what can go wrong

Researched: 2026-03-05

This guide is updated regularly. Sources are listed under “References & evidence.”

In enterprise automation, the failures are predictable:

Over-broad actions (agents can do too much)
Sensitive data exposure (PII / secrets / regulated records)
Unapproved changes (production state changes without oversight)
Unprovable execution (no structured audit artifacts)

A mature program treats this as an operating model, not a “prompt problem.”

Controls that actually work in production

1) Data classes

Label what the workflow touches: PII, secrets, financial records, regulated documents.

2) Tool boundaries

allowlists of tools/endpoints (API, MCP tools, browser agents)
least privilege per mission
explicit “danger zones” that require approvals

3) Approval gates

Approvals are not messages. They are workflow steps with records: who/when/why/threshold.

4) Evidence artifacts

Evidence is not PDFs. Evidence is structured objects (approval_record, exception_record, version_log) with links to attachments where needed.

Audit trails: what to capture (minimum set)

request context (who initiated)
decision point + rationale
approvals + timestamps
executed action + tool surface
exceptions + mitigation
version logs (what changed and why)

If you can query these objects, audits become filters—not reconstructions.

Common failure

Teams rely on chat history as proof. Chat is context; audit needs structured records with stable schemas.

References & evidence

Researched: 2026-03-05

Microsoft Power Automate activity logs: https://learn.microsoft.com/en-us/power-platform/admin/activity-logging-auditing/activity-logs-power-automate
Microsoft Power Automate approvals overview: https://learn.microsoft.com/en-us/power-automate/get-started-approvals
Workato security docs: https://docs.workato.com/security.html
Workato API governance docs: https://docs.workato.com/api-mgmt/api-governance.html
Automation Anywhere audit logs (example): https://docs.automationanywhere.com/bundle/enterprise-v11.3/page/enterprise/topics/control-room/audit-log/Audit-for-bot-deployment.html
MCP specification: https://spec.modelcontextprotocol.io/specification/2025-03-26/

Third‑party product names are used for identification only and may be trademarks of their respective owners.