The system does not use a fixed agent sequence. The workflow is dynamically selected based on task type, required skills, risk, tools, confidence score, and approval rules.
Core design principle: use the minimum required agents for a task. Do not involve every agent unless the workflow actually needs them.
Canvas — Security Review Workflow
Step 1 · Main agent
Coordinator Agent
RAG knowledge
Compliance framework RAGPolicy library RAG
MCP / API connectors
Risk scanner
Human / approval
—
↓
Step 2 · Main agent
IT-Security Agent
Lead
Sub-agents
◦ Identity & Access Sub-Agent
◦ Network Security Sub-Agent
◦ Cloud Security Sub-Agent
◦ Data Privacy Sub-Agent
◦ Compliance Sub-Agent
◦ Vulnerability Review Sub-Agent
◦ SOC / SIEM Sub-Agent
RAG knowledge
Security policy RAG
MCP / API connectors
Vulnerability databaseRisk scanner
Human / approval
—
↓
Step 3 · Stage
Security Risk Summary
RAG knowledge
Compliance framework RAGPolicy library RAG
MCP / API connectors
Risk scanner
Human / approval
—
↓
Step 4 · Stage
Human Security Reviewer / MD if needed
RAG knowledge
Compliance framework RAGPolicy library RAG
MCP / API connectors
Risk scanner
Human / approval
—
Parallel paths
Optional agents can run in parallel: Legal Agent, MD / Leadership Agent
Conditional branches
Branches activate only when their inclusion rule fires (see Conditional Routing Rules in Workflow Builder).