Blog / Agents as accountable users
Agents as accountable users
Most “AI in your workspace” features run the agent under a human’s login. It’s the fastest thing to build: the AI inherits your session, does something, and the record shows you did it. That’s fine until you have more than one agent, or an agent does something you need to explain later. Then the model falls apart — you can’t tell the agent’s work from the person’s, and you can’t scope what the agent is allowed to touch without scoping the human too.
We took the longer path. In Netdexperts, an agent is a seat — a first-class user account — and everything that follows comes from that one decision.
A seat, not a session
An agent seat is a row on the same board as your people. It has a name, an engine, and an effort level. It is a user, so it gets everything a user gets: an identity, permissions, memory, and a line in the audit log.
Its own identity, no shared key
The seat mints its own access token from its own credentials. There’s no shared master key that everything runs through — each agent authenticates as itself, and the token is scope-pinned so it can only do what that scope allows. If you’ve ever worried about one leaked credential unlocking everything, this is the answer: there’s no such credential to leak.
Capabilities you grant, and can revoke
An agent starts with nothing. You grant a capability by linking a reference — to a set of MCP tools, a connector, a group of secrets — and you revoke it by removing the link. Crucially, agents can’t grant capabilities to themselves or to other agents. Granting is a human decision, always.
Attributed, always
Every write an agent makes is recorded as the agent, not as whoever happened to spawn it. When you look at the audit log, you see exactly which seat changed what and when. That’s the whole point: an agent you can’t hold accountable is an agent you can’t trust with real work.
Why this is safer
Put those together and the trust story writes itself. An agent operates inside the same permission boundary as any teammate, on data isolated at the database by row-level security, with sensitive columns encrypted end-to-end. You’re not hoping the model behaves — you’ve fenced what it can reach, and you can see everything it did.
That’s a different promise than “our AI is smart.” It’s “our AI is accountable.” See how agent seats work, or start free and give one a seat.