I have been building Agent Sentinel for the past few months and wanted to share what I have built and get feedback from this community.
I work in AI. I build systems that automate things that humans used to do manually. And the more I do this work, the more I realize we are moving very fast without thinking carefully about what happens when these systems get things wrong.
I am not talking about hallucinations in a chatbot. I am talking about an AI agent that has actual keys to your cloud infrastructure. One that can delete a database, change an IAM role, or move data across environments. One that does not ask permission.
I have spent years in enterprise environments cleaning up after automated systems that did the wrong thing. It is not fun. And it is getting worse as we give AI more access.
So I built something. It is called Agent Sentinel. The idea is simple. Before an AI agent executes any action against cloud infrastructure, that action passes through Sentinel first. Sentinel decides whether to allow it, block it, or ask a human.
The agent never touches AWS directly. There is no way around it. I have it running on AWS right now. Here is what it looks like when an agent tries to delete a production S3 bucket:
Live example
An agent tries to delete prod-s3-bucket in a production environment:
{
"decision": "BLOCK",
"reason": "Risk score 1.0 exceeds critical threshold",
"risk_score": 1.0,
"timestamp": "2026-03-14T18:43:20"
}
AWS was never called. The bucket is safe.
It is not magic. It is a policy engine combined with a risk scoring model that looks at what the agent is trying to do, what environment it is in, and what resources it is touching. High risk actions in production get blocked or escalated. Low risk actions in dev get through.
I know this is not a complete solution. Sequence analysis is still in progress. The LLM policy compiler is still being built. There is a lot left to do. But the core enforcement boundary works. And I think that matters right now, while we are still early enough to build these habits into how we deploy AI agents.
The enforcement API is live on AWS. The risk scoring engine is working. The policy store is backed by DynamoDB with full audit logging. The project was submitted into the NVIDIA Inception Program last week and got accepted into the AWS Activate program.
- GitHub: https://github.com/indranimaz23-oss/agent-sentinel
- Website: https://agentsentinel.co
I would genuinely love feedback from people who think about this stuff. Is this the right framing? Is there work I should know about? Am I missing something obvious?
I also have a Manifund project open if anyone wants to support the work. There are 15 days left before the SFF matching deadline on March 31, which doubles any donation automatically.
Manifund project: https://manifund.org/projects/agent-sentinel-out-of-band-safety-gateway-for-cloud-ai-agents
About me
I am an AI architect with experience building production AI systems on AWS. I have spent years fixing broken infrastructure in enterprise environments. I built Agent Sentinel because I have seen firsthand what happens when there is no enforcement layer between an AI system and production infrastructure.
Thanks for reading.
Indrani Mazumdar
Founder, Agent Sentinel