# AI Agents with Machine & Workload Identity

Teleport enables you to enforce access and privileges for agents.

Security must be enforced deterministically; AI agents cannot be trusted to follow high-level instructions like "don't delete production". Teleport solves this by issuing each agent its own identity and requiring the agent's actions (for example, database queries) to flow through the Teleport proxy. This allows Teleport to apply Role-Based Access Control (RBAC) at both the network and protocol level.

Teleport can secure infrastructure components such as SSH servers, Kubernetes clusters, databases, or MCP servers, when accessed by agents. All queries, commands, and requests executed by the agent are logged, providing full visibility and [auditability](https://goteleport.com/docs/reference/deployment/monitoring/audit.md).

<br />

## AI agent access demo

This video demonstrates how to grant an AI agent controlled, read-only access to a Kubernetes cluster using Teleport’s `tbot` binary. The agent operates with its own identity and RBAC restrictions, ensuring it can only perform authorized actions.

[AI agent access demo](https://www.youtube.com/embed/D9tBqJZmIdA)

## Interested in a design partnership?

---

EXPLORING AI AGENTS WITH MWI?

If you're exploring how to secure AI Agents with Teleport Machine & Workload Identity, we'd love to hear from you. [Contact us](mailto:product-management@goteleport.com?subject=AI%20Agents%20Design%20Partnership) to share your use case and learn more about opportunities for a design partnership.

---