Red Hat on Tuesday opened its Ansible Automation Platform to AI agents while adding new controls intended to keep them under tight control. The company made its Model Context Protocol (MCP) server for Ansible generally available, allowing any AI tool to access the platform, and it introduced a new automation orchestrator, in technology preview, that routes actions through human-approved, deterministic playbooks.
The goal is to allow enterprises to start using AI to automate their workflows while keeping a firm hand on what the AI agents can and can’t do with it, since there have recently been a series of reports about AI agents performing unauthorized actions. This cautious approach reflects the growing recognition that autonomous AI systems, even with advanced guardrails, can still produce unpredictable outcomes in production environments.
Background and Context
Ansible, originally developed by Ansible Inc. and acquired by Red Hat in 2015, is an open-source automation tool used for configuration management, application deployment, and task orchestration. It uses a declarative language called YAML to define automation jobs via playbooks. Over the years, Ansible has become a cornerstone of DevOps and IT automation, competing with tools like Puppet, Chef, and Terraform.
The rise of generative AI and large language models (LLMs) has created new opportunities for natural-language interaction with infrastructure. However, the same capabilities that make AI powerful also introduce risks: LLMs can misinterpret commands, generate harmful code, or execute actions that violate security policies. Red Hat’s strategy is to harness the flexibility of AI for requesting automations while enforcing deterministic execution through pre-approved playbooks.
MCP Server and Orchestrator Details
The MCP server for Ansible acts as a bridge between external AI agents and the Ansible Automation Platform (AAP). Through the MCP protocol, an AI agent can send a natural-language request—for example, “patch all web servers with the latest security updates”—and the server translates it into an appropriate Ansible playbook execution. The playbook itself is not generated by the AI; instead, the AI selects from a library of pre-tested, deterministic playbooks. If no suitable playbook exists, the system escalates to a human operator for approval.
This design ensures that all automation is repeatable, auditable, and safe. Additionally, because the AI is only used for the decision-making step (choosing which playbook to run), token costs are minimized. As Sathish Balakrishnan, vice president and general manager of the Ansible business unit at Red Hat, noted: “Why would you use AI just to patch a machine? We all know tokens are expensive. We know the best way to patch a machine—why call an AI to do that when you already have a playbook that’s been in use for ten years?”
Expanded Model Support and RAG Integration
AAP now supports a wider range of AI models beyond IBM’s WatsonX Code Assistant. Supported models include those from Google, Anthropic, OpenAI, and any other leading models that are OpenAI API-compatible. Enterprises can also provide their own background information via Retrieval-Augmented Generation (RAG) embeddings. This allows the AI to incorporate company-specific policies, maintenance windows, and infrastructure rules when interpreting user requests.
“Customers have a lot of contextual knowledge,” Balakrishnan said. “These are our policies, this is when we update machines—they have rules they have written about IT infrastructure. We can now start reading all of those things.” The integration of RAG means that the AI agent can ground its decisions in the enterprise’s own documentation, reducing the likelihood of hallucinations or inappropriate actions.
Industry Analyst Perspectives
Paul Nashawaty, an analyst at Efficiently Connected, underscored the importance of security in this new capability. “The security concerns are very real,” he said. “If those agents are connected to highly privileged automation systems, the blast radius can become enormous, including accidental production outages or destructive actions.” He advised that the strongest initial use cases for AI in automation are AI-assisted troubleshooting, compliance remediation, developer self-service, and human-approved workflow execution. Companies should avoid giving AI unrestricted production access, broad admin privileges, or autonomous control over critical systems.
IDC analyst Jevin Jensen noted that the industry has been waiting for natural-language front ends for automation platforms. “This really broadens the use and value of the platform to new users and improves efficiency of existing users,” he said. Jensen emphasized the necessity of good governance, particularly role-based access control, to mitigate risks. He recommended starting with development environments or less impactful cloud areas before moving to production.
Additional Enhancements
In addition to AI integration, Red Hat announced two other features. First, administrators can now delegate the ability to trigger automations to end users—for example, factory floor managers can initiate updates at times that minimize disruption to manufacturing schedules. Second, multiple events can now trigger the same automation playbook, eliminating the need for separate playbooks per event. These improvements aim to make Ansible more flexible and accessible to a broader set of users.
These changes come at a time when AI operations (AIOps) are gaining traction across the IT industry. According to a 2025 survey by IDC, over 60% of enterprises are experimenting with AI-driven automation, but only 12% have deployed it in production with full autonomy. Red Hat’s cautious approach aligns with best practices recommended by security experts: maintain human oversight, use deterministic scripts for critical tasks, and reserve AI for higher-level decision support.
The Ansible Automation Platform has historically been strong in hybrid cloud environments, where organizations manage resources across on-premises data centers and multiple public clouds. The addition of AI capabilities is expected to accelerate adoption among teams that lack deep scripting expertise. A junior administrator could simply ask for a “compliance check of all Linux servers” and let the AI handle the translation into the necessary Ansible commands.
Looking ahead, the success of Red Hat’s strategy will depend on the quality of the deterministic playbook library and the effectiveness of the human-in-the-loop processes. If the guardrails are too strict, users may become frustrated; if too loose, the risk of incidents increases. The company appears to be betting that the balance they have struck—enabling AI for suggestion and selection but not execution—will resonate with enterprise IT departments that have been burned by autonomous AI mishaps.
For now, the MCP server for Ansible is available to all AAP subscribers, while the automation orchestrator remains in technology preview. Red Hat invites customers to test the preview and provide feedback to shape the final release. The company has not announced a timeline for the orchestrator’s general availability, but given the rapid pace of AI development, it may not be long before the technology moves into production.
Source: Network World News