Red Hat announced on Tuesday that it is opening its Ansible Automation Platform (AAP) to AI agents, but with new safeguards designed to keep AI actions under tight human control. The company made its Model Context Protocol (MCP) server for Ansible generally available, allowing any AI tool to connect to the platform. In addition, Red Hat introduced a new automation orchestrator, currently in technology preview, that funnels AI actions through pre-approved, deterministic playbooks.
The goal is to let enterprises leverage AI for workflow automation while preventing the kind of unauthorized or destructive actions that have recently made headlines. By routing AI requests through human-approved playbooks, Red Hat aims to maintain safety and reliability in production environments.
AI agents get access, but with guardrails
The MCP server enables external AI agents to interact with Ansible Automation Platform. This opens up possibilities for natural-language requests, automated troubleshooting, and compliance remediation. However, Red Hat emphasizes that AI actions will be constrained by approved automations. The playbooks are testable, repeatable, and deterministic — unlike the unpredictable nature of large language models (LLMs).
“Why would you use AI just to patch a machine? We all know tokens are expensive. We know the best way to patch a machine — why call an AI to do that when you already have a playbook that’s been in use for ten years?” said Sathish Balakrishnan, vice president and general manager of the Ansible business unit at Red Hat.
This pragmatic approach reduces costs and risks, as AI is reserved for tasks where its flexibility adds value, such as interpreting natural language requests or correlating alerts. The actual execution remains on proven, automated playbooks.
New orchestrator ensures human oversight
The automation orchestrator acts as a gatekeeper. When an AI agent requests an action that does not match an existing playbook, the orchestrator requires human verification before proceeding. This prevents accidental or malicious changes to critical systems. Security experts have warned that AI agents connected to highly privileged automation systems could cause enormous damage if uncontrolled.
“The security concerns are very real. If those agents are connected to highly privileged automation systems, the blast radius can become enormous, including accidental production outages or destructive actions,” said Paul Nashawaty, an analyst at Efficiently Connected.
Red Hat’s solution aligns with best practices: never give AI unrestricted production access, use role-based access control (RBAC), and always keep a human in the loop for novel actions.
Expanded model support and contextual awareness
In addition to IBM’s WatsonX Code Assistant, AAP now supports models from Google, Anthropic, OpenAI, and any model compatible with the OpenAI API. Enterprises can also provide their own background information through retrieval-augmented generation (RAG) embeddings. This allows the AI to understand internal policies, maintenance windows, and infrastructure rules.
“Customers have a lot of contextual knowledge. These are our policies, this is when we update machines — they have rules they have written about IT infrastructure. We can now start reading all of those things,” Balakrishnan said.
This contextual awareness makes the AI more useful and less likely to suggest actions that violate company policies.
Use cases and analyst perspectives
IDC analyst Jevin Jensen noted that vendors have been expected to provide natural-language front ends for their platforms for the past 18 months. “This really broadens the use and value of the platform to new users and improves efficiency of existing users,” he said.
Use cases include developers asking for environments in natural language, operations teams reducing incident response times by having AI assemble and execute approved remediation steps, and compliance remediation triggered by AI-based alert correlation. The key, according to analysts, is good governance and RBAC.
“It is important — with or without MCP — that enterprises properly utilize and leverage role-based access control,” Jensen added.
Additional enhancements
Red Hat also announced that administrators can now delegate the ability to trigger automations to end users, such as factory floor managers who can schedule updates at times least disruptive to manufacturing. Furthermore, multiple events can now trigger the same automation playbook, streamlining operations.
These improvements reflect a broader trend in IT automation: moving from rigid, manually triggered tasks to AI-assisted, event-driven workflows that remain under human governance.
Source: Network World News