Agents as Service Accounts: Rethinking Agentic AI Deployment on Linux

Enterprise Linux deployments face a critical gap: agentic AI systems lack native operational patterns. Current approaches treat AI agents as opaque application artifacts that block adoption in regulated industries. In this configuration, AI agents operate as distinct system identities.

This talk presents a provisioning-agnostic framework built on three pillars:

Shared Model Infrastructure: Models stored in FHS-compliant accessible to multiple services—agents, inference servers, notebooks—enabling efficient lifecycle management via snapshots and 100x bandwidth reduction for updates through differential synchronization.

Provisioning Agnosticism: Agent configurations defined in standard formats. Deployable using a container layer or Kiwi overlay, eliminating vendor lock-in and adapting to evolving infrastructure trends.

Unix Philosophy Alignment: Agents as modular, composable units with deterministic system-level constraints (audit logs, resource limits) while preserving non-deterministic AI reasoning.

You’ll leave understanding how we propose to deploy secure, auditable, scalable agentic AI on enterprise infrastructure using proven service account patterns, standard Linux tooling (systemd, FHS, capabilities), and provisioning-neutral specifications. I’ll demonstrate live deployments, discuss finance industry use cases requiring SOX/PCI-DSS compliance, and share the open specification enabling cross-distribution adoption.

Talk Format

45-minute technical session (can adapt to 30-minute or lightning talk format) ## Session Type Technical Deep-Dive / Architecture & Operations ## Target Audience - Primary: Infrastructure engineers, DevOps/SRE teams, platform architects deploying AI workloads - Secondary: Security engineers, compliance officers, Linux distribution maintainers - Experience Level: Intermediate to Advanced (familiarity with Linux service management, systemd, basic AI/ML concepts helpful but not required)

Key Takeaways

Attendees will learn:

1. The Service-Account-as-Agent Pattern: How to architect agents as Linux system identities with explicit privileges, enabling standard operational tooling
2. Provisioning-Agnostic Design: How to write agent specifications that deploy identically across without modification
3. Shared Model Infrastructure: How to structure for multi-service consumption with file system based atomic updates and differential synchronization
4. Privilege Separation for AI: How to apply Linux capabilities (CAP_DAC_READ_SEARCH, CAP_AUDIT_WRITE) instead of root access, with supervisor-mediated escalation
5. Real-World Implementation: Concrete examples from finance engineering (automated CVE remediation, model lifecycle management for trading platforms)