Visibility is the starting point for agentic governance: you cannot govern what you cannot see. 

But knowing what exists is only half the battle. The real challenge is controlling an unbounded action space. 

Unlike traditional software with rigid workflows, agents interpret human intent into a near infinite set of autonomous decisions. When an agent has the power to chain tools together across your applications, you aren't just managing a conversation—you’re managing a dynamic, unpredictable set of actions.

Fortunately, we built custom policy enforcement into Rubrik Agent Cloud with this challenge in mind. Now, you can get the out-of-the-box foundational policies, custom policy creation workflow, and AI-powered governance needed to take your organization from limited governance to production-grade control for your autonomous agents.

The core problem: static rules can’t govern dynamic AI

AI agents operate dynamically in human language. Traditional static rules do not. They lack the context and ability to reason and only reflect what you anticipate.

Static, pattern‑based rules struggle with nuanced behavior. Take the Air Canada case in which a support bot agent invented a new refund rule and presented it as official policy in a customer chat. The answer was polite, but it created a real financial commitment. A constraint like "do not create or modify refund policies and only quote specific rules from system X" is hard to encode as a handful of regexes or static rules.

To enforce that kind of behavior, you need AI‑based control that can interpret instructions, understand the context of the conversation, and judge whether the agent is strictly interpreting rules or quietly inventing new ones. Enterprises require a governance system that discerns true meaning and intent to effectively control agentic workflows.

Where Rubrik Agent Cloud sits in the stack

Within Rubrik Agent Cloud (RAC), we enable natural language policy creation paired with a proprietary SLM to intelligently govern and enforce agentic workflows.

The platform operates as a control layer between your agent implementations and the LLMs they call. From this position, it observes every request an agent wants to make and every response the LLM generates across your entire workflow.

This vantage point enables three core capabilities:

1. RAC derives rich context about every agent. We understand the agents purpose, the tools it has access to, the actual tool calls, and data flows.
2. RAC enforces policies at multiple points to prevent undesired actions: 
   • Build-time: alerts are generated if an agent’s configuration doesn’t meet your policies (e.g. an HR agent has access to sales data that it shouldn’t).
   • Run-time: real-time blocking or violation notices are provided if an agent is calling tools or responding outside of policy bounds (e.g. an HR agent attempts to erase a customer record in SFDC).

3. RAC is agnostic and consistently enforces policies across all of your agent building platforms from Copilot Studio to custom frameworks like LangChain. The result is a single pane of glass across your entire agent ecosystem including an agent registry showing every agent deployed in your enterprise, the actions each agent is executing, and the risks they individually present with the ability to remove those risks.

Rubrik Agent Cloud enables a single pane of glass across agent building platforms (e.g. ADK, Copilot, Agentforce or Bedrock) and your applications (e.g. Salesforce, Jira, etc…) with robust protection.
 

Day One policies: Governance out-of-the-box

We don’t believe enterprises should have to design an entire AI governance practice from scratch before deploying their first agent. Instead, you should start with a small set of day‑one policies that provide foundational safety, delivered as part of a platform that works across your full fleet of agents. 

Rubrik Agent Cloud gives you that universal layer: out‑of‑the‑box system policies and a policy engine you can reuse everywhere, so you’re not reinventing governance team by team. RAC ships with system policies covering the most critical attack surfaces:

• Read-only tools: Blocks any agent action involving writes, deletes, or modifications — the most important safety net for organizations still in the experimentation phase.

• Tool use hallucination detection: Catches agents attempting to call tools that don't exist.

• PII detection: Scans agent responses for sensitive data—social security numbers, credentials, personal information—before it leaves your environment.

• Minimal authorized tool scope: Evaluates whether the tools provisioned to an agent are appropriate for its stated purpose.

• Mandatory ownership attribution: Ensures every agent has an accountable owner.

• Unauthorized tools: Enforces a blocklist of tools no agent may invoke—critical for managing shadow AI.
   

The above is only a small sample of our out-of-the-box policies and we continue to enrich the platform with new policies aligned to best practice security frameworks like OWASP and NIST. And these policies are available immediately upon deployment and turned on with a simple flip of a switch. They provide protection on Day One as you determine more bespoke policies to govern your agents. 

Your policy violations roll up into a centralized dashboard for easy management. You can promote the policies that matter into real‑time blocking to prevent agent actions before they occur. Governance and security teams can triage agent risks the same way they handle security incidents today.

The Policy Hub in Rubrik Agent Cloud provides an up-to-date list of your active policies with key enforcement settings like “Block” or “Monitor” and stats such as number of active violations.
 

Custom policies: from natural language to AI-powered enforcement

Agents operate in the ambiguity of natural language, which gives them plenty of room to bypass static rules. Natural language policies solve this by controlling AI with AI. You describe the desired behavior in plain English, and our Rubrik Agent Cloud uses an LLM-as-a-judge to interpret intent, evaluate actions in context, and catch violations based on meaning rather than mere pattern matching.

To make this intuitive and impactful, we break RAC’s custom policy workflow into three key steps:

1. Initial Policy Creation: It starts with a single sentence. For example: "Agents should not provide financial advice or recommendations." From this plain English description, the AI-powered engine instantly generates a structured interpretation: a summary of intent, key definitions (what exactly counts as "financial advice"), examples of safe vs. violating behaviors, and a strength assessment of your policy.
 

Using Rubrik Agent Cloud we created a custom policy for natural language using the prompt “Agents should not provide financial advice or recommendations.” The policy is automatically scoped, defined and scored based on its enforceability.
 

2. AI-Assisted Policy Refinement: No policy is perfect on the first attempt. Rubrik Agent Cloud surfaces hidden ambiguities, allowing for rapid iteration. In our Financial Advice example, the initial "Weak" score triggered recommended updates to key definitions and real-world violation examples. By applying Rubrik Agent Cloud’s suggestions, we sharpened the policy’s intent and boosted its enforcement score to “Strong.” Precision in description translates directly to precision in enforcement.
 

3. Intelligent Enforcement: Finally, our proprietary enforcement model evaluates the agent's actual tool calls against your refined definitions. Unlike static rules, it understands semantic nuance. For instance, a policy stating "Do not provide financial advice" will flag an agent recommending index fund allocations, even if the words "buy" or "sell" never appear. The engine judges the spirit of the action, not just the syntax.

The finalized policy is then deployed as a monitoring rule to alert you to violations, with real-time blocking coming soon.

Managing the policy lifecycle as you scale

Policies aren’t static. Rubrik Agent Cloud supports the full lifecycle: enable and disable policies as needed, edit definitions as requirements change, archive policies that are no longer relevant, and continuously test and refine based on observed violations. As you feed real world examples back into your policies, edge case coverage improves and false positive rates drop over time.

That centralized lifecycle is what makes the model scalable. As you move from a handful of pilots to hundreds of agents in production, you evolve a shared policy set—not a long tail of one‑off configurations—so improvements in one part of the organization immediately benefit the rest of your fleet.

Protect your organization's agentic workflows with Rubrik Agent Cloud

We built Rubrik Agent Cloud because the biggest risk in the agentic era isn't just that agents will fail: it's that they'll fail in ways no one sees coming. As organizations scale from a handful of pilots to thousands of agents, you need governance that can handle the unknown unknowns.

That control is available right now. Rubrik Agent Cloud is officially Generally Available (GA). Today, the platform covers the full policy spectrum—from foundational out-of-the-box best practice policies to custom natural language policies designed for your specific needs—so you can start securing your AI agents with comprehensive monitoring, alerting and blocking.

Stop relying on static rules for dynamic AI. Get started with Rubrik Agent Cloud:

• Watch our deep dive webinar to master custom policy creation and see LLM-as-a-judge in action.

• Explore our self-serve demo to experience the full platform capabilities including monitoring, governance and restoration.

• Request access to bring intelligent agentic governance to your enterprise today.
   

Safe Harbor Statement
Any unreleased services or features referenced in this document are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.