Red Hat on Tuesday opened its Ansible Automation Platform to AI agents while adding new controls intended to keep them under tight control. The company made its Model Context Protocol (MCP) server for Ansible generally available, allowing any AI tool to access the platform, and it introduced a new automation orchestrator, in technology preview, that routes actions through human-approved, deterministic playbooks.
The goal is to allow enterprises to start using AI to automate their workflows while keeping a firm hand on what the AI agents can and can’t do with it, since there have recently been a series of reports about AI agents performing unauthorized actions. Red Hat, a subsidiary of IBM, is positioning this as a responsible approach to AI-driven automation, acknowledging that while AI can accelerate tasks, it also introduces risks that must be managed carefully.
Red Hat's Approach to AI Agents
Ansible is a powerful IT automation tool used by thousands of organizations to manage configurations, deploy applications, and orchestrate workflows. With the MCP server now generally available, external AI agents — including those built with large language models from Google, Anthropic, OpenAI, and other vendors — can connect directly to Ansible. This enables natural-language-driven automation, where operators can describe desired outcomes rather than writing playbook code manually.
The new automation orchestrator acts as a middle layer, ensuring that any action requested by an AI agent is first checked against a library of pre-tested, approved Ansible playbooks. If a request matches a known playbook, the orchestrator executes it automatically. If the AI proposes something new or unrecognized, the system requires human approval before proceeding. This design minimizes the risk of AI causing unintended changes in production environments.
“AI is unpredictable,” said Sathish Balakrishnan, vice president and general manager of the Ansible business unit at Red Hat. “When you suddenly put AI into your production environment and ask it to change it, you’ve seen the articles about how a company lost its database.” By relying on deterministic playbooks, Red Hat ensures that automations are testable, repeatable, and cost-effective. Calling an LLM during every automation task would be wasteful both financially and computationally, Balakrishnan noted. “Why would you use AI just to patch a machine? We all know tokens are expensive. We know the best way to patch a machine — why call an AI to do that when you already have a playbook that’s been in use for ten years?”
Security and Governance
The integration of AI agents into automation platforms introduces significant security challenges. Paul Nashawaty, an analyst at Efficiently Connected, warned that if those agents are connected to highly privileged automation systems, the blast radius can become enormous, including accidental production outages or destructive actions. He recommended that enterprises avoid giving AI unrestricted production access, broad admin privileges, or autonomous control over critical systems.
Red Hat’s orchestrator technology preview addresses these concerns by enforcing a human-in-the-loop for any novel actions. Additionally, the platform supports role-based access control (RBAC) to limit what AI agents can do based on user roles. Enterprises can also provide their own contextual background through RAG embedding, enabling AI to better understand organizational policies, maintenance windows, and compliance requirements.
IDC analyst Jevin Jensen noted that he has been waiting for vendors to provide natural-language front ends for their platforms for the past 18 months. “This really broadens the use and value of the platform to new users and improves efficiency of existing users,” he said. Jensen stressed that good governance is critical, with or without MCP, and that enterprises must properly utilize RBAC and start with lower-impact environments like development systems.
Expanded Capabilities
Beyond AI integration, Red Hat has also enhanced Ansible with features that enable administrators to delegate automation triggers to end users. For example, factory floor managers can now trigger software updates at times that minimize disruption to manufacturing schedules. The platform also supports multiple events triggering the same playbook, reducing the need for redundant automation definitions.
These updates reflect a broader industry trend toward making IT automation more accessible and intelligent. Ansible’s open ecosystem allows it to integrate with virtually any infrastructure, from on-premises servers to multi-cloud environments. With the addition of AI agent support, Red Hat aims to reduce the barrier to entry for automation, allowing even non-technical users to request tasks in natural language while maintaining strict operational control.
Looking at the competitive landscape, other vendors such as ServiceNow and Puppet are also exploring AI-driven automation, but Red Hat’s approach emphasizes deterministic execution over generative autonomy. By prioritizing human oversight and pre-approved workflows, Red Hat hopes to earn the trust of risk-averse enterprises that are otherwise hesitant to deploy AI in production environments.
The MCP server for Ansible is available now, and the automation orchestrator is available in technology preview. Enterprises interested in these capabilities can access them through Red Hat’s customer portal.
Source: Network World News