By AI agents are running simultaneously on developer machines, internal team workflows, and enterprise production systems. The technologies available to manage them are fragmented, each addressing only part of the problem. No single tool currently gives organizations a clear view of where their agents have access, how that access is controlled, or how secrets are managed across all of those layers.
In this interview on TFiR, Miska Kaipiainen, Head of Product for Lens at Mirantis, breaks down how Mirantis discovered the AI agent governance gap by living it internally, and how they built their own platform to solve it from the developer laptop all the way to autonomous agents running in production.
Guest: Miska Kaipiainen, Head of Product, Lens at Mirantis
Show: TFiR
Here is what every platform engineer and security team needs to know.
Technical Deep Dive
Q: Why is governing AI agents so difficult when they are distributed across laptops, cloud services, and internal systems?
Miska Kaipiainen, Head of Product, Lens at Mirantis, explains that the difficulty is not a shortage of technology. There are many tools available, but each one addresses only a slice of the problem. No existing solution provides a unified view of where agents have access across all environments or a consistent way to enforce governance at every layer, from an individual developer’s machine to enterprise production systems.
“There are bits and pieces of technologies everywhere, and each one of technologies addresses different pieces of the puzzle. But we didn’t find anything that we could actually use to ourselves to really understand where the agents actually have access and how can we actually govern the access.” — Miska Kaipiainen, Head of Product, Lens, Mirantis
Q: How did Mirantis identify the AI agent governance problem and decide to build their own platform?
Kaipiainen says Mirantis began moving toward becoming an AI-native organization roughly six months before this interview. Teams across marketing, go-to-market, and engineering all wanted to run autonomous agents for their own workflows. As adoption spread internally, it became clear that no available tool could answer the basic question of where those agents had access. Mirantis built the platform for their own operational needs first, then recognized that the problem was widespread enough to matter to other organizations as well.
“We started building this platform initially for our own needs, and we found out at the end that, hey, this is actually pretty cool and maybe actually some of the other organizations are in the same spot as we are.” — Miska Kaipiainen, Head of Product, Lens, Mirantis
Q: What does AI agent governance actually mean in practice beyond the buzzword?
Kaipiainen frames governance in concrete terms rather than abstract policy. As a heavy user of coding agents like Claude Code and Codex, he observed that agents running on a local laptop already have access to the entire operating system, and they do not always ask permission before acting. Governance in practice means understanding and controlling that access at every layer, including connectivity to critical business systems and secrets management, from the developer machine up through production environments.
“The problem starts from the individual user’s machine already and what can we do in there. And then it goes all the way to the autonomous agents that the enterprises run on their production environments.” — Miska Kaipiainen, Head of Product, Lens, Mirantis
Q: Why do AI agents on developer laptops represent a governance risk, not just agents in production?
Kaipiainen points out that coding agents such as Claude Code and Codex are already running on individual developer machines and have broad access to the local operating system. While some agents prompt for permission before taking actions, they do not do so consistently. This makes the developer laptop a genuine entry point for governance failure, not just a convenience tool sitting outside the security perimeter.
“All the places where these AI agents have access to, they have basically access to my entire operating system. Even though sometimes they might be asking permission if they can do something or not, we all know that sometimes they just don’t.” — Miska Kaipiainen, Head of Product, Lens, Mirantis
Q: What are the key layers that a complete AI agent governance solution needs to address?
Kaipiainen describes the problem as spanning multiple layers that must all be addressed together. These include access at the individual developer machine, connectivity to critical business systems, and secrets management across all environments. The complexity arises because each layer has its own requirements and the existing tooling landscape handles them in isolation rather than as a unified problem.
“It’s a connectivity to all the critical business contexts, and also how do you manage secrets and everything related to that. It’s a very, very complex topic and it took quite some time for us to put all the bits and pieces together.” — Miska Kaipiainen, Head of Product, Lens, Mirantis
Resources & Documentation
- Mirantis, developer platform and AI agent governance solutions including Lens
- Lens, Kubernetes IDE and developer platform from Mirantis
***
👇 Click to Read Full Raw Transcript
Swapnil Bhartiya: AI agents are spreading fast across developer laptops, cloud services, internal systems. But as that sprawl happens, governance hasn’t kept pace. Why does that distribution across environments make these agents so difficult to govern in the first place?
Miska Kaipiainen: So we actually noticed this ourselves, like half a year ago. We started moving to become an AI native organization and we started running autonomous AI agents for our own individual needs, within our teams, et cetera. And so we have multiple teams, we have marketing, we have gtm, we have engineering. All of these guys, they want to run agents. And we found out that actually it’s not the problem of having great technologies. There are bits and pieces of technologies everywhere, and each one of technologies addresses different pieces of the puzzle. But we didn’t find anything that we could actually use to ourselves to really understand that where does the agents actually have access and how can we actually govern the access? And that’s basically, we started building this platform basically initially for our own needs, and we found out at the end that, hey, this is actually pretty cool and maybe actually some of the other organizations are in the same spot as we are. So that’s where it all started, with our own internal needs. And it took off from there since
Swapnil Bhartiya: you folks use it internally. So you know better than anyone else that governance is a kind of word that gets thrown around a lot. But what does governing AI agents actually mean in practice, beyond the buzzword, the marketing language?
Miska Kaipiainen: I’m a developer by heart myself, and for me, actually governance is kind of not one of my favorite words, to be honest. But actually what I learned by being a massive user of Claude code and Codex and all of these coding agents is that I started to feel like that, hey, actually I want to have little bit of a governance for my AI agents that I’m now running on my laptops. Even. So if you think about that, all the places where these AI agents have access to, they have basically access to my entire operating system. Even though sometimes they might be asking permission if they can do something or not. But we all know that sometimes they just don’t. And that kind of drove us to that. The problem starts from the individual user’s machine already and what can we do in there? And then it goes all the way to the autonomous agents that then the enterprises run on their production environments and there are multiple layers, it’s a connectivity to all the critical business contexts. And also how do you manage secrets and everything related to that. So it’s a very, very complex topic and it took quite some time for us to put all the bits and pieces together for this, Sol.
