heygrc
Field notesthe heygrc team

Your AI agent doesn't read your SOC 2 policy

Coding agents write code that compiles, passes tests, and quietly widens a control. The policy PDF is not in their context window.

More of the code in your repository is being written by an agent than it was a year ago, and the share is only going one way. Agents are good at making something work. They are good at unblocking themselves. What they are not is aware of which compliance frameworks your company has to meet, because that information lives in a policy document that is nowhere near their context window.

The result is a new and growing source of compliance risk: code that is correct, merged, and quietly out of line with a control nobody told the agent about.

The convenient wildcard

An agent is wiring up a new internal service and a cross-origin request is failing. The fastest way to unblock the call is to allow every origin. The agent does that, the request succeeds, the task is marked done. It is a reasonable move for something whose job is to make the code work.

server/cors.ts+1 -1
app.use(cors({-  origin: ["https://app.example.com"],+  origin: true, // reflect any origin  credentials: true,}))
heygrcSOC 2 CC6.1

Reflecting any origin with credentials widens who can reach an authenticated surface, which is exactly what CC6.1 (logical access) is about: access restricted to what is authorized. The code is correct and the request works. The control is weaker than it was before the agent touched it.

Why this is the new frontier

Human-written control drift happens one careless PR at a time. Agent-written control drift happens at the speed and volume agents work at, and with none of the implicit judgement a senior engineer brings ('should I really open this to everyone?'). The agent optimises for the task in front of it, and 'satisfy SOC 2 CC6.1' is not the task in front of it.

As the share of agent-authored code rises, the proportion of changes that no human carefully reviewed for compliance rises with it. That is the drift, and it compounds.

The pull request is the only checkpoint

You cannot put the policy PDF in every agent's context and trust it to comply. But the agent's work still arrives as a pull request, and the pull request is the one place already in the workflow where a change can be checked before it ships, whether a person or an agent wrote it.

heygrc is built to read every PR against your frameworks and cite the control a change touches, agent-authored or not, so the convenient wildcard gets named as a CC6.1 issue at the diff. heygrc is in early access.

ai-agentssoc-2code-reviewaccess-control
Get early accessby ISMS Copilot
Next post

False positives are the only metric that matters for a compliance bot

← All posts