Omnigent Policies Get Smarter

Databricks' Omnigent introduces contextual policies, allowing AI agents to govern actions based on session history for enhanced security and cost control.

3 min read
Diagram illustrating the flow of contextual policies in Omnigent for AI agent governance
Omnigent's contextual policies enable smarter AI agent governance by using session state.

AI agents are rapidly moving from experimental toys to tools handling real-world tasks, but governing their actions remains a significant challenge. Databricks is tackling this with Omnigent, an open-source meta-harness that introduces a new approach: contextual policies.

Traditional agent controls offer basic rules like allowing or denying specific tool calls. This approach struggles with nuanced scenarios where the safety or appropriateness of an action depends on what has already occurred within an agent's session.

Related startups

Omnigent's contextual policies, however, maintain a memory of the agent's session state. This allows them to evaluate subsequent actions based on historical context, such as prior data access or accumulated costs.

Context is Key for Agent Control

The inherent risks of AI agents, from prompt injection to unintended data exposure, necessitate robust governance. Simple allow-lists often lead to overly restrictive controls that hinder usability.

Conversely, constant user prompts lead to fatigue. Contextual policies offer a middle ground by learning from the agent's activity.

For instance, an agent pushing code to GitHub might be acceptable if it's working on a feature, but risky if it previously downloaded a potentially malicious webpage.

How Omnigent's Policies Work

Omnigent policies can monitor agent events like tool calls and LLM interactions. Crucially, they can update arbitrary session-specific state variables.

The Omnigent server stores this state for each policy and session, feeding it back into the policy handler for subsequent decisions.

Writing a contextual policy involves defining a function that accepts previous state and new events, returning state updates and a decision.

Omnigent supports popular coding agents like Claude Code and Codex, as well as custom agents built with frameworks like OpenAI Agents SDK and Claude Agents SDK.

Example Use Cases

  • Cost Control: A budget policy tracks session spending. It can issue warnings at soft thresholds and block expensive model calls at a hard cap, encouraging the use of cheaper alternatives. Platform teams can layer per-user daily caps on top of session limits.
  • Document Access: A Google Drive policy restricts writes to documents the agent created during the current session. It can also tighten access dynamically if the agent reads a designated confidential document, implementing a 'no write-down' rule.
  • Dynamic Risk Scoring: A risk score policy accumulates a score based on agent actions, such as reading sensitive documents or making routine tool calls. As the score rises, actions like sending emails may require user approval.
  • Intent-Based Authorization: Permissions are tied to the user's initial prompt. If a session starts with a request to update a Google Slides presentation, the agent is limited to that task, preventing it from executing unrelated, potentially harmful actions like running shell commands.

These capabilities move beyond simple action-based rules to a more intelligent, state-aware form of AI governance.

The takeaway is that robust AI agent control requires understanding their history.

Omnigent's contextual policies provide a powerful, flexible, and open-source solution for making AI agents both safer and more practical for enterprise use.

© 2026 StartupHub.ai. All rights reserved. Do not enter, scrape, copy, reproduce, or republish this article in whole or in part. Use as input to AI training, fine-tuning, retrieval-augmented generation, or any machine-learning system is prohibited without written license. Substantially-similar derivative works will be pursued to the fullest extent of applicable copyright, database, and computer-misuse laws. See our terms.