Red Hat on Tuesday opened its Ansible Automation Platform to AI agents while introducing new controls to keep them strictly supervised. The company made its Model Context Protocol (MCP) server for Ansible generally available, enabling any AI tool to connect to the platform. At the same time, it previewed a new automation orchestrator that funnels AI actions through human-approved, deterministic playbooks.
The goal is to let enterprises harness AI for workflow automation while maintaining tight control over what the AI agents can and cannot do. This comes amid a series of high-profile incidents where AI agents performed unauthorized actions, causing data loss or system outages.
Ansible, an open-source automation tool acquired by Red Hat in 2015, is widely used by enterprises to manage IT infrastructure, configure systems, deploy applications, and orchestrate workflows. With the rise of generative AI and large language models, organizations have sought ways to integrate AI into these processes. However, the non-deterministic nature of LLMs poses risks when they are given direct access to production systems.
Red Hat's approach addresses this by making AI agents interact with Ansible through MCP, a standard protocol that allows LLM-based tools to call external APIs and services. The MCP server for Ansible translates natural language requests into structured automation tasks. But instead of letting the AI execute arbitrary commands, the system routes requests to a library of pre-built, tested, and approved playbooks. If no suitable playbook exists, the request triggers a human-in-the-loop check, where an administrator must verify and approve the action before it can be executed.
“AI is unpredictable,” said Sathish Balakrishnan, vice president and general manager of the Ansible business unit at Red Hat. “When you suddenly put AI into your production environment and ask it to change it, you’ve seen the articles about how a company lost its database.” He emphasized that the new features are designed to prevent such scenarios by enforcing guardrails.
The new automation orchestrator, currently in technology preview, acts as a policy engine that determines which playbooks can be used for which requests, based on context, user role, and system state. It also logs all AI-driven actions for audit and compliance purposes.
In addition to the MCP server, Ansible Automation Platform now supports a broader range of AI models. Previously, the platform only integrated with IBM's WatsonX Code Assistant. Now it supports models from Google, Anthropic, OpenAI, and any other models that are compatible with the OpenAI API. Enterprises can also feed their own contextual knowledge into the system through Retrieval Augmented Generation (RAG) embeddings, allowing the AI to understand internal policies, maintenance windows, and other organizational rules.
“Customers have a lot of contextual knowledge,” Balakrishnan said. “These are our policies, this is when we update machines — they have rules they have written about IT infrastructure. We can now start reading all of those things.”
The use of deterministic playbooks offers several advantages over having an LLM generate scripts on the fly. Playbooks are testable, repeatable, and predictable. They are also far less expensive to execute, since they do not require token usage during runtime. “Why would you use AI just to patch a machine?” Balakrishnan asked. “We all know tokens are expensive. We know the best way to patch a machine — why call an AI to do that when you already have a playbook that’s been in use for ten years?”
Paul Nashawaty, an analyst at Efficiently Connected, noted that opening Ansible to external AI agents via MCP introduces new security risks. “The security concerns are very real,” he said. “If those agents are connected to highly privileged automation systems, the blast radius can become enormous, including accidental production outages or destructive actions.” He recommended that enterprises limit AI agents to read-only or consultative roles until strong governance is in place.
Today, the strongest use cases for AI-assisted automation include troubleshooting, compliance remediation, developer self-service, and human-approved workflow execution. “Companies should avoid giving AI unrestricted production access, broad admin privileges, or autonomous control over critical systems,” Nashawaty added.
With the new features, developers can request environments in natural language, AI systems can correlate alerts and suggest fixes, and operations teams can reduce incident response times by having AI assemble and execute approved remediation steps.
IDC analyst Jevin Jensen commented that he has been waiting for vendors to provide natural-language front-ends for automation platforms. “This really broadens the use and value of the platform to new users and improves efficiency of existing users,” he said. He stressed the importance of role-based access control and proper governance, both with and without MCP.
Red Hat also announced additional enhancements to Ansible Automation Platform. Administrators can now delegate the ability to trigger automations to end users, such as factory floor managers who can schedule updates at times that minimize disruption to manufacturing. The platform now also supports multiple events triggering the same playbook, reducing redundancy and simplifying management.
The MCP server for Ansible is available now. The new automation orchestrator is in technology preview, with general availability expected later this year. Red Hat has not yet announced pricing for the AI-related features; existing Ansible Automation Platform subscriptions will include the MCP server, while the orchestrator may require an additional license tier.
Enterprises eager to adopt AI-driven automation should start with low-risk environments, such as development or non-critical cloud areas, before expanding to production. By layering deterministic playbooks and human oversight on top of AI capabilities, Red Hat aims to provide a safe path to AI-augmented IT operations without sacrificing control or reliability.
Source: Network World News