Shared Responsibility Model
AgenFleet is a platform that connects multiple parties — your organization, AI model providers, third-party tool and software providers, and AgenFleet itself. Understanding who is responsible for what is essential for compliance, procurement review, and incident response.
This page defines the responsibility boundaries across all four parties.
The four parties
Section titled “The four parties”| Party | Who they are |
|---|---|
| AgenFleet | The platform — fleet infrastructure, orchestration, scheduling, monitoring, data isolation, and the portal |
| Model Providers | The AI companies whose models power your agents — e.g., Anthropic, OpenAI, Google, Mistral |
| Third-Party Tool Providers | Software integrated into the agent runtime — e.g., OpenClaw (agent engine), MCP tool servers, n8n, webhook endpoints, and any other external services your agents call |
| Client | Your organization — the configuration of your agents, the data you expose to them, the API keys you register, and the workflows you build |
AgenFleet’s responsibilities
Section titled “AgenFleet’s responsibilities”AgenFleet is responsible for the security and reliability of the platform layer:
- Fleet infrastructure — provisioning, running, and maintaining the containerized agent runtime environment
- Tenant isolation — ensuring your data, agents, sessions, and credentials are structurally inaccessible to other tenants via row-level security and container isolation
- Credential storage — encrypting your API keys and secrets at rest (AES-256-GCM) and ensuring they are never exposed in logs or transmitted in plaintext
- Access control — enforcing role-based permissions in the portal; ensuring agents cannot access tools or data beyond their configured scope
- Audit logging — maintaining tamper-evident logs of all agent actions, tool calls, and configuration changes within the platform
- Platform availability — uptime, failover, and reliability of the AgenFleet portal, API, and scheduling infrastructure
- Security patching — keeping platform dependencies, base images, and infrastructure up to date
- Data retention and deletion — honoring data retention policies and purging deleted data within committed timeframes
Model provider responsibilities
Section titled “Model provider responsibilities”When your agents send prompts to an AI model, the request leaves the AgenFleet platform and enters your model provider’s infrastructure. At that point, the provider is responsible for:
- Model availability and uptime — if Anthropic, OpenAI, or another provider experiences an outage, agent responses will fail until service is restored; AgenFleet is not responsible for provider downtime
- Model behavior and output quality — the content, accuracy, and safety of model responses are governed by the provider’s systems; AgenFleet passes your prompt and returns the response
- Provider-side data handling — how the provider stores, processes, or uses prompt data is governed by your agreement with them and their privacy policy, not AgenFleet’s
- Rate limits and quota — provider-enforced rate limits and API quota are outside AgenFleet’s control; configure fallback chains to mitigate the impact of rate limiting
- Billing for token usage — token consumption is charged directly by the provider to your account; AgenFleet does not intermediate token billing
Third-party tool provider responsibilities
Section titled “Third-party tool provider responsibilities”Your agents may be configured to use external tools and software — the agent runtime engine (OpenClaw), MCP tool servers, webhook endpoints, n8n workflows, CRM integrations, and more. Each of these is a third-party dependency with its own responsibility boundary:
- Software integrity — AgenFleet does not audit, review, or warrant the security or behavior of third-party tools connected to your agents; you are responsible for evaluating the tools you enable
- Malicious or vulnerable code — AgenFleet cannot be held responsible for security incidents caused by vulnerabilities or malicious behavior in third-party tool providers, including MCP servers, npm packages, or external APIs your agents call
- Third-party availability — if a tool your agent depends on (e.g., a webhook endpoint, an MCP server, or an external API) goes down, the affected agent tasks will fail; AgenFleet is not responsible for third-party service availability
- Data handling by third parties — any data your agent sends to a third-party tool is subject to that provider’s terms and privacy policy, not AgenFleet’s
- OpenClaw — the agent runtime engine is an open-source component; its behavior, security posture, and updates are the responsibility of its maintainers and, by extension, of the party deploying and configuring it
Client responsibilities
Section titled “Client responsibilities”As an AgenFleet customer, your organization is responsible for the decisions, configurations, and data you bring to the platform:
- API key management — safeguarding your AI provider API keys; if a key is compromised, rotating it immediately in Settings → Integrations
- Agent configuration — the instructions, tools, and access you grant each agent; AgenFleet enforces the boundaries you set, but cannot protect against agents deliberately configured with excessive permissions
- SOUL file and prompt content — the instructions and context you provide to agents; avoid embedding sensitive data (PII, credentials, regulated data) in SOUL files unless necessary
- Data exposure decisions — what data your agents can access via
http_request,read_file, or connected integrations; AgenFleet does not have visibility into your source systems - User access management — adding and removing portal users promptly; AgenFleet enforces your permission assignments, but cannot act on organizational changes without your input
- Compliance with applicable law — ensuring your use of AI agents complies with relevant regulations (e.g., GDPR, HIPAA, CCPA) in your jurisdiction and industry
- Reviewing agent output — AI model outputs can be incorrect, biased, or incomplete; you are responsible for reviewing and validating any agent output used in business decisions
- Third-party tool selection — vetting the tools and integrations you connect; AgenFleet cannot audit every tool your agents use
Responsibility matrix
Section titled “Responsibility matrix”| Area | AgenFleet | Model Provider | Tool Provider | Client |
|---|---|---|---|---|
| Platform uptime & reliability | ✅ | |||
| Tenant data isolation | ✅ | |||
| Credential encryption at rest | ✅ | |||
| Audit logging (platform events) | ✅ | |||
| Security patching (platform) | ✅ | |||
| Model availability & uptime | ✅ | |||
| Model response quality & safety | ✅ | |||
| Provider-side data handling | ✅ | |||
| Token billing | ✅ | |||
| Tool software integrity | ✅ | |||
| Third-party tool availability | ✅ | |||
| Third-party data handling | ✅ | |||
| API key security | ✅ | |||
| Agent configuration & permissions | ✅ | |||
| Data exposed to agents | ✅ | |||
| User access management | ✅ | |||
| Regulatory compliance | ✅ | |||
| Validating agent output | ✅ | |||
| Tool selection & vetting | ✅ |
Incident response boundaries
Section titled “Incident response boundaries”When something goes wrong, the responsible party depends on where the failure occurred:
| Scenario | Responsible party |
|---|---|
| Portal is unavailable | AgenFleet |
| Agent data leaked to another tenant | AgenFleet |
| Agent response is wrong or harmful | Model Provider + Client |
| Anthropic / OpenAI API is down | Model Provider |
| Rate limit hit, no fallback configured | Client |
| MCP tool server returns malicious data | Tool Provider + Client |
| Webhook endpoint is down | Tool Provider + Client |
| Agent given excessive tool permissions | Client |
| API key leaked from client’s systems | Client |
| n8n workflow fails or misconfigured | Client |