Red Hat on Tuesday opened its Ansible Automation Platform to AI agents while introducing new controls to keep them under tight governance. The company made its Model Context Protocol (MCP) server for Ansible generally available, enabling any AI tool—such as chatbots, code assistants, or autonomous agents—to access the platform's automation capabilities. Additionally, Red Hat previewed a new automation orchestrator that routes AI-generated actions through human-approved, deterministic playbooks, ensuring that even the most advanced large language models (LLMs) operate within predefined guardrails.
The dual announcement reflects Red Hat's strategy to embrace AI without sacrificing enterprise security and reliability. In recent months, multiple reports have surfaced about AI agents performing unauthorized or destructive actions—such as accidentally deleting databases or misconfiguring cloud resources—due to overly broad permissions or lack of oversight. By forcing AI-generated commands through a trusted playbook layer, Red Hat aims to prevent such incidents while still allowing organizations to benefit from the speed and flexibility of AI-driven automation.
How the MCP Server and Orchestrator Work
The MCP server acts as a bridge between external AI agents and the Ansible Automation Platform. Using the Model Context Protocol—an open standard developed by Anthropic—AI agents can query Ansible for available automations, request job executions, and retrieve status information. However, the new orchestrator adds a critical middle step: instead of executing raw AI-generated commands directly, it maps those requests to pre-existing, tested, and approved Ansible playbooks. If the orchestrator cannot find a suitable playbook, it escalates the request to a human operator for review and approval before any action is taken.
"AI is unpredictable," said Sathish Balakrishnan, vice president and general manager of the Ansible business unit at Red Hat, in an interview. "When you suddenly put AI into your production environment and ask it to change it, you've seen the articles about how a company lost its database." By relying on deterministic playbooks, Red Hat ensures that every automation is repeatable, testable, and unlikely to cause unintended harm. Additionally, using playbooks for routine tasks—such as patching servers or deploying configurations—eliminates the expensive token costs associated with calling an LLM during execution. "We all know tokens are expensive," Balakrishnan noted. "Why call an AI to patch a machine when you already have a playbook that's been in use for ten years?"
Expanded Model Support and Custom Context
Beyond the MCP integration, Red Hat also broadened the AI models that can be used with AAP. Previously limited to IBM's WatsonX Code Assistant, the platform now supports models from Google, Anthropic, OpenAI, and any other leading provider that is compatible with the OpenAI API. This flexibility allows enterprises to choose the best AI model for their specific use case—whether it's a general-purpose chatbot like GPT-4, a specialized code generator like Claude, or a cost-effective placeholder model for simple tasks.
Another key enhancement is the ability for enterprises to inject their own background knowledge into the AI assistant via retrieval-augmented generation (RAG). IT teams can upload internal policies, compliance rules, maintenance schedules, and architecture diagrams, which the AI can then reference when generating playbooks or answering questions. "Customers have a lot of contextual knowledge," Balakrishnan explained. "These are our policies, this is when we update machines—they have rules about IT infrastructure. We can now start reading all of those things." This capability helps the AI produce more accurate and policy-compliant recommendations.
Analyst Perspectives: Balancing Innovation and Risk
The news has drawn mixed reactions from industry analysts, who acknowledge both the potential and the perils of connecting AI directly to automation platforms. Paul Nashawaty, an analyst at Efficiently Connected, warned that the MCP access is "new and risky" if not properly secured. "If those agents are connected to highly privileged automation systems, the blast radius can become enormous, including accidental production outages or destructive actions," he said. He recommended that companies avoid giving AI unrestricted production access, broad admin privileges, or autonomous control over critical systems. Instead, the strongest early use cases include AI-assisted troubleshooting, compliance remediation, developer self-service, and human-approved workflow execution.
IDC analyst Jevin Jensen noted that natural-language front ends for automation platforms have been long awaited. "This really broadens the use and value of the platform to new users and improves efficiency of existing users," he said. However, he emphasized the necessity of governance: "It is important—with or without MCP—that enterprises properly utilize and leverage role-based access control." He suggested starting AI adoption in development environments or less impactful cloud areas first, then gradually expanding as trust is built.
Additional Ansible Enhancements
Beyond the AI-focused features, Red Hat announced other improvements to the Ansible Automation Platform. Administrators can now delegate the ability to trigger automations to end users—for example, allowing a factory floor manager to start a firmware update at a time that minimizes disruption to manufacturing. This self-service model reduces the burden on IT operations while still keeping infrastructure under centralized control.
Red Hat also simplified event-driven automation: multiple events can now trigger the same playbook, eliminating the need to create separate automation paths for each event type. This change streamlines the management of complex IT environments where many different alerts—such as high CPU usage, disk errors, or security warnings—should all be handled by the same remediation playbook.
Expanding on the Context: AI Agent Safety in the Enterprise
The announcement comes at a time when enterprise AI adoption is accelerating, but also when concerns about agent safety are at an all-time high. Several high-profile incidents in 2025 and early 2026—such as an AI agent accidentally deleting a production database at a fintech firm, or an autonomous coding assistant pushing broken code to a live website—have underscored the need for guardrails. Analysts estimate that the market for AI agent governance solutions could exceed $3 billion by 2028, and major platform vendors like Red Hat are moving quickly to capture that demand.The Ansible Automation Platform has long been a staple for IT teams managing large-scale server fleets, network devices, and cloud environments. By layering AI on top of its proven automation engine, Red Hat is betting that enterprises will prefer a controlled, playbook-driven approach over giving free rein to AI agents. This strategy mirrors similar moves by competitors like VMware (with its Aria and AIOps tools) and Microsoft (with Azure Automation and Copilot), but the explicit use of deterministic playbooks as a safety layer is a distinguishing factor.
Moreover, the integration with RAG and custom context allows organizations to encode their institutional knowledge directly into the AI's decision-making process, reducing the likelihood of hallucinations or out-of-policy recommendations. For example, a bank could feed its regulatory compliance guidelines into the RAG system, ensuring that any automation generated by the AI automatically adheres to data sovereignty rules or reporting requirements.
Looking Ahead: The Future of AI-Driven Automation
As AI models continue to improve, the line between human and machine decision-making in IT operations will blur further. Red Hat's approach—keeping a human in the loop for novel or high-risk actions while allowing AI to breeze through routine tasks—could serve as a template for other platforms. The company previewed that future versions of the orchestrator may include automated risk scoring for AI-generated playbooks, as well as integration with SIEM and SOAR systems to detect and respond to anomalies in real time.
For now, enterprises can experiment with the new features in controlled environments, using the MCP server to connect AI assistants to Ansible sandboxes before moving to production. The technology preview of the orchestrator is available immediately, and Red Hat expects to gather feedback from early adopters before making it generally available later this year. With these releases, Red Hat positions itself as a cautious but forward-thinking player in the enterprise AI operations space—one that enables innovation while keeping the blast radius under control.
Source: Network World News