Delegation pattern
- Main agent receives the task from Coordinator.
- Main agent breaks the task into smaller, domain-scoped tasks.
- Sub-agents work on their specific parts in parallel.
- Sub-agents return findings (finding, risk, evidence, tools, recommendation, confidence).
- Main agent consolidates a unified recommendation.
- Main agent escalates if approval or human review is required.
Worked example
Scenario: Security Review Case — customer requests a security posture assessment.
Main agent: IT-Security Agent
Sub-agent findings (parallel work)
| Sub-agent | Task | Finding | Risk | Evidence | Tools | Recommendation | Confidence |
|---|---|---|---|---|---|---|---|
| Identity & Access Sub-Agent | IAM review | Privileged accounts lack MFA on 3 roles. | High | IAM policy export; Role matrix diff | IAM policy scanner | Enforce MFA on all privileged roles within 14 days. | 92% |
| Cloud Security Sub-Agent | Cloud posture review | Public S3 bucket detected; KMS rotation disabled. | High | CSPM scan id 4421 | CSPM API | Block public access, enable KMS rotation. | 95% |
| Data Privacy Sub-Agent | Data handling review | EU PII transits via US region without SCCs. | High | Data flow map; Region log | Data catalog API | Pin EU PII to EU region; add SCCs. | 88% |
| Compliance Sub-Agent | Compliance check | Partial gaps vs ISO 27001 A.9 and A.13. | Medium | Control mapping v3 | Compliance framework RAG | Open 6 control tickets; target close 30 days. | 90% |
IT-Security Agent — consolidated recommendation
Overall risk: HighKey gaps
- Privileged MFA missing
- Public S3 + KMS rotation off
- Cross-border PII without SCCs
- ISO control gaps
Required controls
- Enforce MFA on privileged roles
- Block public S3, enable KMS rotation
- Region-pin EU PII + add SCCs
- Open ISO control remediation tickets
Approval required
Final recommendation: Approve security uplift plan with 4 mandatory controls; escalate to Human CISO for sign-off.