Deploy an AI agent kill switch in 30 minutes
Step-by-step: fleet pause, blocked decisions, and operator runbook — using Sanctum Console without rewriting your agent stack.
News cycles (Vertex double agents, mass-exploit headlines) push security leaders to ask for a kill switch this week. Fleet pause in Sanctum Console returns BLOCKED on verify until you resume — without redeploying agents.
Key takeaways
- Kill switch must be org-wide, auditable, and tested — not a feature flag buried in code.
- Pair pause with Runtime Activity so responders see what was blocked.
- Document resume criteria before you need it in an incident.
Implementation checklist
- Runtime Fleet → Pause fleet → confirm banner site-wide.
- Verify a test action returns BLOCKED while paused.
- Export last hour from Audit Logs for leadership.
- Resume after policy tighten in Shield Rules.
People also ask
How fast can we get value from Sanctum Console?
Most teams gate their first high-risk action the same day: create an agent in Agents, add a Shield Rule, and approve a held action on Overview. Open the console at console.sanctumruntime.com to start free.
Do we need a sales call before trying it?
No. Sign in, connect an agent with the SDK snippet, and run verifyAction on a staging action. Upgrade when you need fleet controls, compliance exports, or higher volume — not to prove the workflow.
What should we buy first — gateway or runtime trust?
Buy operational certainty: Runtime Fleet pause is the fastest org-wide containment lever when agents act as privileged insiders.
Related: AI agent kill switch best practices for incident response, What happens when an AI agent is hacked? Response blueprint.
More: all posts · runtime trust layer · open Sanctum Console