Vienna OS is an enterprise governance platform for autonomous AI agents. It sits between agent intent and execution, providing policy enforcement, approval workflows, and audit trails.

How does risk tiering work?

Vienna OS classifies actions into T0 (auto-approved), T1 (heuristic log), T2 (human gate), and T3 (strict halt requiring multi-sig) based on risk assessment policies you define.

Does Vienna OS help with regulatory compliance?

Vienna OS provides the audit trail controls, access logging, and policy enforcement that accelerate SOC 2, HIPAA, and EU AI Act compliance. It maps to specific regulatory sections (e.g., SOC 2 CC6.1-CC8.1, HIPAA §164.312).

From RBAC to Warrants: Rethinking Access Control for Autonomous Agents

Duration	Until revoked	Time-limited (minutes to hours)
Scope	Category of actions	Specific action instance
Context	Role-based	Intent + risk + policy evaluated
Audit	Who has what role	What was authorized, why, by whom
Revocation	Manual	Automatic on expiry or violation

A warrant says: "Agent X is authorized to perform action Y on resource Z, for reason R, until time T, as approved by authority A."

Every element is explicit. Nothing is implied. Nothing persists beyond the warrant's scope.

How It Works in Practice

const vienna = new ViennaClient({
baseUrl: 'https://console.regulator.ai',
agentId: 'financial-ops-agent',
apiKey: 'vos_...',
});

// Instead of checking "do I have permission to transfer?"
// the agent declares its intent:
const result = await vienna.submitIntent({
action: 'wire_transfer',
payload: {
amount: 50000,
currency: 'USD',
destination: 'vendor-acct-7842',
reason: 'Q1 invoice payment',
invoice_ref: 'INV-2026-0342',
},
});

// Vienna OS evaluates:
// 1. Is this action within the agent's declared capabilities?
// 2. What risk tier? (T2: financial, irreversible, >$10K)
// 3. Does policy allow this? (amount limits, known vendors, business hours)
// 4. Who needs to approve? (T2 = operator approval required)

if (result.pipeline === 'executed') {
// Warrant was issued, transfer executed
console.log(Warrant: ${result.warrant.id});
console.log(Expires: ${result.warrant.expiresAt});
} else if (result.pipeline === 'pending_approval') {
// Waiting for human operator to approve
console.log('Awaiting operator approval');
} else if (result.pipeline === 'denied') {
// Policy denied the action
console.log(Denied: ${result.evaluation.reason});
}
`

The Key Differences

RBAC would say: "This agent has the financial-ops role, which includes transfer permission. Approved."

Warrant-based governance says: "This agent wants to transfer $50K to vendor-acct-7842 for invoice INV-2026-0342. Risk tier: T2. Policy check: amount within limits, vendor is known, business hours confirmed. Routing to operator for approval. Warrant will expire in 1 hour if issued."

The warrant captures not just what was authorized, but why, for how long, and by whom.

The Migration Path

You don't have to rip out RBAC overnight. The practical migration path:

Phase 1: Shadow Mode Deploy Vienna OS alongside existing RBAC. Agents continue operating under RBAC permissions, but every action is also evaluated by the warrant system. Compare: would the warrant system have caught anything RBAC missed?

Phase 2: Escalation Only Keep RBAC for T0/T1 actions. Route T2/T3 actions through the warrant system for additional authorization. This catches the high-risk failure modes while maintaining operational speed for low-risk actions.

Phase 3: Full Warrant Governance All agent actions go through the warrant pipeline. RBAC permissions inform the policy engine ("this agent's RBAC role suggests it should be able to do X") but don't constitute authorization alone.

What Auditors Want to See

Every compliance framework — SOC 2, HIPAA, PCI DSS, ISO 27001 — asks the same questions:

Who authorized this action?
Why was it authorized?
When was authorization granted and when did it expire?
What was the scope of authorization?
Was the action audited?

RBAC answers #1 partially (who has the role) and #5 if you have logging. Warrants answer all five, natively, for every action.

When auditors ask "show me the authorization chain for this $500K wire transfer," you don't want to say "the agent had the financial-ops role." You want to show a cryptographically signed warrant with the full context.

The Evolution Is Inevitable

The progression from RBAC to warrants mirrors a progression we've seen before:

• **Physical security** evolved from "master keys" to "badge access" to "per-room, per-time authorization"
• **Network security** evolved from "firewall rules" to "zero trust" — where every request is individually authorized
• **API security** evolved from "API keys" to "OAuth scopes" to "short-lived tokens with specific claims"

In every case, the evolution moved from persistent, broad authorization to ephemeral, scoped authorization. Warrant-based governance for AI agents is the same evolution applied to the most consequential authorization decisions in modern enterprise IT.

The question isn't whether this evolution will happen. It's whether you'll lead it or be forced into it by the first major autonomous agent incident.

Ready to evolve your access control? See how Vienna OS implements warrant-based governance →