Human-agent trust for software companies

Cursor agents merge code. Devin opens production tickets. Claude pushes to the staging branch. The median software company has more agent-authored commits than human-authored ones — and SOC 2, Stripe, and the customer's procurement team all want to know which human signed for each.

The four high-leverage choke points

Where the audit story breaks first. Code merges. An agent that opens, reviews, and merges its own PR is a single-person quorum. Production deploys. An agent that pushes to prod is a single point of failure. Customer-data queries. An agent that runs ad-hoc SQL against production for a debugging session has touched data the customer did not opt in to share. Third-party integrations. An agent that calls Stripe, Resend, or Salesforce on the company's behalf is acting under credentials that name no human.

What Manav-bound git looks like

Every commit signed by an agent carries a Manav delegation as a trailer. The delegation names the engineer who authorized the agent that produced the commit. git log renders as expected, but git verify-commit now answers a regulator-grade question: under what authority did this code reach the trunk? Reviewers see the human and the delegation; tooling can enforce policies like "no agent merges to main without a human approver in scope."

Production deploys, regulated

An agent that wants to deploy presents a delegation with scope deploy:production. The deploy controller checks the scope, checks the magnitude cap (e.g., "no more than two prod deploys per hour"), and writes the action to the audit ledger. If something breaks, the on-call engineer can answer the regulator's question: which engineer authorized this agent, in this scope, at this time. Without Manav, the only honest answer is "the service account."

What enterprise customers ask now

Procurement teams in regulated buyers are starting to ask three questions on the security questionnaire. (1) Do you use AI agents in production engineering? (2) For each, what audit trail names the human accountable for the action? (3) How fast can you revoke an agent if a developer offboards? Manav's answers are yes, here, and under 200 ms. The three-line answer wins the deal.

SOC 2 evidence

The Manav audit trail satisfies CC6.1 (logical access), CC6.6 (transmission of confidential information), and CC7.2 (system monitoring) for agent actions, with a single export. Auditors used to take 4–8 hours to make sense of the agent layer of the access logs. The Manav export is one CSV per quarter.

The dev-experience trade-off

Honest. The first delegation prompt slows an engineer down by 90 seconds. After that, allowlist their agents and the prompt vanishes for routine actions. Risky scopes (prod deploys, secret rotation) keep prompting forever — that is the design. Velocity for safe work, friction for unsafe work, by construction.

Common objections

The two pushbacks we hear from this vertical: integration risk — addressed by phased rollout starting with the audit trail (lowest risk, highest evidence-to-effort ratio), and internal politics — addressed by anchoring the project to a regulator deadline or a security-questionnaire deal-blocker, where the political question answers itself.

Frequently asked questions

What is the first integration to ship? The signed audit trail. It costs least, satisfies the most regulators, and produces the evidence everything else builds on. Every vertical we have integrated started here.

How does this affect end-customer experience? Invisibly, by design. The customer sees the same UI; the difference is in the audit log behind it. The latency added is single-digit milliseconds. The trust gain is structural.

What's the buying motion — security, compliance, or the line? Compliance writes the check; security signs off; the line of business sets the timeline. The strongest deals start with a regulator deadline; the next-strongest start with a deal-blocking security questionnaire.

Where to start

The first integration we recommend in this vertical: soc2 ai agents, then cross platform agent identity. Both are deployable inside a quarter; both produce regulator-grade evidence; both unblock procurement conversations the rest of the stack depends on.

What changes inside the SDLC

Inside the software development lifecycle, the substrate produces a quiet but consequential shift in how merge gates work. Today, code review treats every commit as origin-equivalent; the reviewer evaluates the change, not the chain of authority that produced it. With Manav-bound commits, the reviewer sees who delegated which AI-augmentation level, what scope governed the augmentation, and what witness signed off on the contribution. The metadata does not replace review; it informs it. Reviewers can spend more attention on commits with weaker chains and less attention on commits with stronger chains. The aggregate impact is measurable: same review quality with roughly thirty percent less reviewer time, in the deployments we have measured. The substrate is therefore a developer-productivity tool as much as a security tool. The dual framing matters because the developer-productivity case opens budget that the security case alone often does not. We pitch both, in that order, to engineering organizations.

The agent that ships your code without a human signature is the agent that ships your incident.