What Your AI Agents Are Allowed to Touch: Governing Tools and Data Access

Nigel D'Souza's avatarWritten by

Posted on Leave a comment

When you give an AI agent access to tools and data, you’re effectively giving it hands and eyes. What it can touch—and what it can see—determines the level of risk. That’s why the “Acquire” stage for agents is less about training data and more about tools, APIs, and knowledge sources.

If you don’t govern those inputs, agents can accidentally perform actions or read information you never intended.

Think of tools as governed capabilities

For agents, tools/APIs represent capabilities:

  • “Search knowledge base” = can read internal docs.
  • “Send email” = can communicate externally.
  • “Update ticket” = can change internal state.
  • “Trigger workflow” = can start processes.

Each capability has its own risk profile. Start by inventorying tools you plan to expose:

  • Read‑only vs write tools.
  • Internal vs external integrations.
  • Low‑impact vs high‑impact actions.

This inventory is your starting point for Acquire.

Classify tools by risk and scope

For each tool, ask:

  • What can go wrong if this tool is misused or overused?
  • Is the impact reversible (e.g., draft message) or irreversible (e.g., data deletion, financial transaction)?
  • Does the tool touch sensitive data, regulated systems, or external parties?

Based on that, classify tools into:

  • Low‑risk Read‑only search, non‑sensitive data, internal informational dashboards.
  • Medium‑risk Internal updates (e.g., non‑critical ticket fields), sending internal messages.
  • High‑risk External communications, financial transactions, access management, HR data changes.

This classification will drive your access and oversight decisions.

Decide which agents can use which tools

Not every agent needs every tool. Acquire should specify:

  • Tool‑to‑agent mapping Which agents can call which tools, for which purposes.
  • Role‑based filtering If agents act on behalf of users, constrain tools based on the user’s role (e.g., an agent helping a junior support rep should not perform actions reserved for managers).
  • Pre‑conditions Define conditions that must be met before a tool can be used (e.g., “ticket priority < X”, “no security keywords present”).

You’re effectively doing RBAC (role‑based access control) for agents.

Govern data and knowledge sources for agents

Alongside tools, agents need data and knowledge:

  • APIs exposing internal data.
  • RAG retrieval endpoints over knowledge bases.
  • User‑specific context (e.g., preferences, past interactions).

For each source, define:

  • Scope Which subsets of data can the agent see (by department, geography, tenant, or user)?
  • Sensitivity Whether the data includes personal, confidential, or regulated content.
  • Filtering How queries are filtered by role, context, or task.

Agents should never become an easy side door into data that’s otherwise carefully segmented.

Feedback and learning as acquired inputs

If agents learn from feedback (explicit ratings or observed outcomes), treat that feedback as another acquired input:

  • Define accepted feedback types Structured signals (thumbs up/down, categories) are easier to govern than free‑form text.
  • Filter and validate feedback Protect against adversarial or spammy inputs that could skew behaviour.
  • Decide how feedback flows back Will feedback directly change live behaviour, or will it be used offline for supervised updates?

These decisions belong in Acquire because they shape what the agent learns from.

Making it concrete

For one agent use case:

  • List all tools/APIs and data sources it might need.
  • Classify each by risk.
  • Decide which tools the agent can access, under what conditions.
  • Specify data filters by role and context.
  • Document the feedback signals the agent will consume, if any.

This becomes the “Acquire for agents” section of your governance playbook. Combined with the Design charters from Day 9, it ensures your agents don’t just act—they act within a carefully designed and controlled perimeter.

If you’d like assistance or advice with your Data Governance implementation, or any other topic (Privacy, Cybersecurity, Ethics, AI and Product Management) please feel free to drop me an email here and I will endeavour to get back to you as soon as possible. Alternatively, you can reach out to me on LinkedIn and I will get back to you within the same day!

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.