AWARE Framework
AWARE Framework
A technical control structure for governing AI agents at enterprise scale. Developed by Glean's Work AI Institute in collaboration with Databricks and Palo Alto Networks. Per Ben Mayrides (CISO at Cvent), it fills the gap left by organizational frameworks like the EU AI Act and NIST RMF, which don't go deep enough into agent-architecture specifics.
The five pillars
- Identity — who and what the agent is, and what identity is delegated to it. Traditional IAM doesn't model this — agents reason, plan, and delegate, none of which classical access control was designed for.
- Context — what scope an agent runs in, what data sources it touches, what it's actually trying to do. The same Salesforce-reading agent has a completely different risk profile if it's summarizing for a salesperson vs writing modifications to other resources.
- Guardrails — technical constraints on what the agent can do
- Risk scoring & blocking — graded evaluation, not binary allow/deny
- Ecosystem observability — the ability to reconstruct what the agent did and why, for compliance (EU AI Act) and incident response
Why the existing frameworks aren't enough
Per Ben Mayrides:
"The frameworks that are out there [EU AI Act, NIST RMF] are predominantly organizational governance frameworks. They have their purpose, but they don't go deep enough and they don't actually tie into the technical controls and considerations you need to build into an agentic security architecture."
AWARE is the technical-controls layer underneath those organizational frameworks.
How Cvent applies it (Governing AI Agents at Scale (Glean + Cvent, CXOTalk))
- Per-agent identity + scope evaluation up front — before deployment, not after
- Sandbox / test-and-learn buckets — separate from production data
- Iterative risk decisions — "risk is too high for now" rather than binary no
- Internal agent task catalog — not just a software catalog; what the agent does, queryable by legal/privacy/security
- Shared questions for CIO/CISO — answer the AWARE questions in advance, then decisions follow
How AWARE maps onto this wiki
| AWARE pillar | Where it shows up in this wiki |
|---|---|
| Identity | Harness (LLM Agents) — auth/scope is a harness component; CLI vs API vs MCP — MCP wins on per-user access control |
| Context | Context Engineering — the four pillars (connected access, knowledge layer, precision retrieval, runtime governance) overlap heavily with AWARE's context pillar |
| Guardrails | Harness (LLM Agents); Praveen's .md policy files; Human in the Loop |
| Risk scoring & blocking | Bounded vs Unbounded Tasks (bounded → safer to autonomize); Human in the Loop dial |
| Ecosystem observability | E2B-style ephemeral sandboxes (Praveen); Boris Cherny's tracing across loops; Agentic Loop failure modes |
Why this is the canonical enterprise governance vocabulary
This is the only purpose-built, technical-controls, agent-specific governance framework currently in this wiki. The CIO Agenda 2026 (CIO Agenda 2026 (CXOTalk)) talks about governance principles; Praveen (Agentic AI in the Enterprise (Praveen Akkiraju, CXOTalk)) talks about harness inputs; AWARE turns those instincts into a 5-question checklist.
Should be the default reference when answering "how do we govern this?" questions until/unless a stronger framework lands.