Securing AI Agents in a Bank: From Daily ChatGPT Use to a Production-Ready Secure Harness
The article, published on DEV Community on May 22, 2026, by Mike Anderson, addresses the shift from personal AI use (ChatGPT, Claude, Gemini) to production AI agents in a bank. Using the fictional ZYX Bank, which relies on Google Workspace, Slack, AWS, GitHub, Jira, and Confluence, the author distinguishes between AI usage governance (for employee productivity tools) and secure harness architecture (for agents that read Jira tickets, inspect GitHub PRs, query AWS, look up Confluence runbooks, post to Slack, or recommend incident response actions). The goal is to design a practical AI usage policy and workspace admin control mode. The article emphasizes that these security models are fundamentally different, with the latter requiring robust access controls, monitoring, and isolation to prevent unauthorized actions or data leaks.
Developers building AI agents must design secure harnesses, not just governance policies.