Red Hat has taken a significant step in bridging the gap between artificial intelligence and enterprise IT automation. On Tuesday, the company opened its Ansible Automation Platform (AAP) to AI agents while introducing new controls designed to keep them under strict governance. The move includes making the Model Context Protocol (MCP) server for Ansible generally available, enabling any AI tool to connect to the platform, and previewing a new automation orchestrator that routes AI-driven actions through human-approved, deterministic playbooks.
The core objective is to let enterprises leverage AI to streamline workflows without risking unauthorized or destructive actions. Given recent high-profile incidents where AI agents caused data loss or system outages, Red Hat’s approach emphasizes safety and predictability. Sathish Balakrishnan, vice president and general manager of the Ansible business unit at Red Hat, explained that while AI offers immense potential for automation, its unpredictability demands robust guardrails. “When you suddenly put AI into your production environment and ask it to change it, you’ve seen the articles about how a company lost its database,” he noted.
How the MCP Server and Orchestrator Work
The MCP server acts as a bridge, allowing external AI agents—such as those from Google, Anthropic, OpenAI, and any OpenAI API-compatible model—to interact with Ansible. Previously, Ansible supported only IBM’s WatsonX Code Assistant; now it supports a wide range of leading models. Enterprises can also feed their own contextual knowledge into AAP via retrieval-augmented generation (RAG) embeddings. Balakrishnan emphasized that customers have extensive policies, maintenance schedules, and IT rules that can be read and used by the AI to generate more accurate automation suggestions.
However, the AI does not execute actions directly. Instead, it relies on pre-made, tested, and approved playbooks. If the AI proposes a novel action, a human must verify it before execution. This human-in-the-loop model ensures that all automations remain deterministic and auditable. The playbooks are not only safer but also more cost-effective than calling a large language model (LLM) for every step. Balakrishnan pointed out the absurdity of using AI for routine tasks like patching a machine: “Why would you use AI just to patch a machine? We all know tokens are expensive. We know the best way to patch a machine—why call an AI to do that when you already have a playbook that’s been in use for ten years?”
Security Concerns and Analyst Perspectives
Industry analysts echo both the promise and the risks. Paul Nashawaty of Efficiently Connectd warned that connecting AI agents to highly privileged automation systems creates a large blast radius. “If those agents are connected to highly privileged automation systems, the blast radius can become enormous, including accidental production outages or destructive actions,” he stated. He recommends limiting AI to specific use cases such as assisted troubleshooting, compliance remediation, developer self-service, and human-approved workflow execution. Broad admin privileges and autonomous control over critical systems should be avoided.
IDC analyst Jevin Jensen sees the natural-language front end as a long-awaited feature. “This really broadens the use and value of the platform to new users and improves efficiency of existing users,” he said. However, he stressed that proper governance, especially role-based access control (RBAC), is essential whether or not MCP is used. He advises starting with development environments or less impactful cloud areas to test AI-driven automations.
Expanding Automation Capabilities
Beyond the AI integration, Red Hat introduced other enhancements to Ansible. Administrators can now delegate the ability to trigger automations to end users. For example, factory floor managers can initiate updates at times that minimize disruption to manufacturing schedules. Additionally, multiple events can now trigger the same automation playbook, eliminating the need for duplicate playbooks for each event. These features aim to make automation more accessible and efficient across the enterprise.
The automation orchestrator, currently in technology preview, adds a layer of control by funneling all AI agent actions through deterministic playbooks. This ensures that even when AI systems suggest new automation workflows, they must be reduced to proven, repeatable steps before execution. The approach balances innovation with risk management, allowing organizations to adopt AI without sacrificing stability.
Red Hat’s broader strategy reflects a growing industry trend: enterprises want to harness AI but fear its consequences. By providing MCP access, the company enables cutting-edge integration while the orchestrator maintains a safety net. The combination of supported models, RAG embedding, and human oversight positions Ansible as a platform that can evolve with AI capabilities without exposing organizations to undue risk.
As AI agents become more prevalent in IT operations, the need for such guardrails will only increase. Nashawaty noted that the strongest use cases today involve AI-assisted diagnostic tasks and human-approved workflows. “Companies should avoid giving AI unrestricted production access,” he advises. Jensen similarly recommends incremental adoption, starting with less critical environments. Red Hat’s new features align with these recommendations, providing both the tools and the controls necessary for responsible AI automation.
The opening of Ansible to AI agents marks a milestone in enterprise automation. By combining MCP connectivity, an orchestrator, and expanded model support, Red Hat is enabling organizations to explore AI-driven efficiencies while maintaining strict oversight. The emphasis on deterministic playbooks and cost efficiency ensures that AI serves as a helper rather than a replacement, reducing token expenses and keeping human judgment at the center of critical decisions.
Source: Network World News