Palana(第一部分):Grab 为何为自主 AI Agents 构建安全平台
Abstract
摘要
Artificial intelligence (AI) agents are moving from experiments into everyday engineering workflows. They can read code, call application programming interfaces (APIs), run tests, create merge requests, answer Slack messages, and keep long-running state. That makes them useful, but it also changes the risk model - especially as agents get more autonomous in their use of tools. An agent with network access, credentials, tools, and memory is no longer just a chat interface. It is a workload that can act.
人工智能(AI)代理正从实验阶段走向日常工程工作流。它们能够阅读代码、调用应用程序接口(API)、运行测试、创建合并请求、回复 Slack 消息并维持长期运行的状态。这使它们非常有用,但也改变了风险模型——尤其是当代理在使用工具时变得更加自主。拥有网络访问权限、凭据、工具和记忆的代理不再仅仅是一个聊天界面。它是一个能够采取行动的工作负载。
The more capability we give to the agents, the more valuable they get - but they also get riskier, and maintaining controls and oversight gets more challenging. We need isolated environments, with clear intentional capabilities added rather than just inheriting “everything on your laptop”.
我们赋予 agent 的能力越多,它们就越有价值——但风险也随之增加,维持控制和监督也变得更具挑战性。我们需要隔离的环境,在其中添加明确且有意为之的能力,而不是简单地继承“笔记本电脑上的所有东西”。
Palana is Grab’s Kubernetes-native platform for running those workloads safely. It gives each agent an isolated namespace, persistent storage, controlled ingress, proxy-mediated egress, Vault-backed credential injection, large language model (LLM) routing, Git access controls, structured audit logs, and emergency kill switches. It is currently used to run hundreds of agents, including remote development environments, Slack automation, OpenClaw workers, Hermes agents, and other long-running internal systems.
Palana 是 Grab 基于 Kubernetes 原生的平台,用于安全运行这些工作负载。它为每个代理提供隔离的命名空间、持久化存储、受控的入口、代理介导的出口、基于 Vault 的凭据注入、大语言模型(LLM)路由、Git 访问控制、结构化审计日志以及紧急终止开关。目前,它被用于运行数百个代理,包括远程开发环境、Slack 自动化、OpenClaw 工作节点、Hermes 代理以及其他长期运行的内部系统。
In this post, we share why we built Palana, what it does, and how its architecture lets teams experiment with autonomous agents without giving up control over identity, secrets, network access, and operational visibility.
在这篇文章中,我们分享了为什么构建 Palana...