# What is Cakewalk Agent Access AI agents like Cursor, Claude, ChatGPT and Copilot are taking action on behalf of your team every day. They read your company's files, write to its apps and call APIs across your stack. Without a governance layer, every agent runs on broad credentials granted at setup, with no evaluation of individual actions. Cakewalk Agent Access evaluates every tool call against your company's policies in real time and scopes access to the task at hand. *** ### :fire: **The problem** Your team is adopting AI agents faster than security can keep up. * **Standing access:** Every Agent runs with the same broad credentials as the human. They don't shrink for the task and don't lapse when the task ends. * **No per-action review:** Read, write and delete all pass through with the same credential. Nothing pauses an Agent before it does the most destructive thing it's permitted to do. * **No visibility:** You can't see what your company's Agents are doing inside Slack, GitHub, Jira or the CRM, in the moment or after the fact. * **Shadow AI:** Every employee wires their own Agents to their own apps with their own credentials, with no central catalog or single off-switch. *** ### :cupcake: **What Cakewalk Agent Access does** Cakewalk Agent Access governs the three actors involved in every agent task: the **User** who delegates the work, the **Agent** that runs it and the **Connection** (the third-party app the Agent accesses). Every tool call routes through the **MCP Gateway**, where Cakewalk evaluates it against your company's **Policies** before forwarding it to the Connection. * **Dynamic Agent Context:** Every Agent starts each task with no access. Each tool call earns the one tool it needs, scoped to that task, gone when the task ends. * **Custom Policies:** Cakewalk evaluates every tool call in real time against the action, the User and the Connection, then resolves it to Auto-approve, Require approval or Deny. * **Audit Log:** The gateway records every tool call in real time. Each evaluation produces an immutable audit event recording which Policy fired, what inputs matched and who approved. * **Centralized governance:** Cakewalk sits between every Agent your team uses and every Connection it accesses, regardless of platform. One place to govern all of them, instead of per-employee setup with per-employee credentials. :white\_check\_mark: **Outcome:** Agents stay productive, your team reviews sensitive actions and the audit trail proves it. *** ### :bulb: **Why it's different** Existing IAM tools tell you who your company's Agents are. Cakewalk decides what they're allowed to do, in real time, on every tool call. * **Real-time policy enforcement.** Cakewalk evaluates every tool call against your company's Policies before it executes. When a decision needs a human, the Agent pauses inside the agent client and resumes with full context once approved. Other MCP gateways proxy and log; Cakewalk decides. * **Context-aware policies.** Every decision evaluates against the User's HRIS attributes (department, title, location, user category) and the Connection's properties (name, category, risk level). Cakewalk knows the human behind the Agent and the app behind the Connection. * **Credential Mediation.** Agents never see real credentials. The gateway pulls them from your company's vault per tool call, injects them at proxy time and holds nothing in memory between calls. A prompt-injected Agent can't leak tokens it never held. *** ### :point\_right: **Where to go next** * New admin? Start with [Cakewalk for Admins](/docs/ai-agent-access/introduction/cakewalk-for-admins.md). * New employee? Start with [Cakewalk for Employees](/docs/ai-agent-access/introduction/cakewalk-for-employees.md). * Ready to set up your org? Open [Get Going with Agent Access](/docs/ai-agent-access/introduction/get-going-with-agent-access.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.cakewalk.security/docs/ai-agent-access/introduction/readme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.