## Release notes Administrators and top-level group owners can now control which AI agents and flows are available within their organization. Two new settings in **Settings > GitLab Duo** provide this governance: - **Disable custom agents and flows** — Prevent users from creating or enabling custom-built agents and flows, ensuring only centrally-approved AI automation is in use. - **Restrict the AI Catalog to your group hierarchy** — Block users from enabling agents and flows sourced from outside their namespace, limiting exposure to unapproved external content. These controls help regulated and security-conscious organizations safely adopt the [Duo Agent Platform](https://docs.gitlab.com/ee/user/duo_agent_platform/) at scale while maintaining full oversight of AI capabilities. https://docs.gitlab.com/ee/user/duo_agent_platform/ai_catalog/ --- ## Background **Problem Statement:** Enterprise customers require the ability to independently disable Custom Agents/Flows and restrict external (non-namespace-owned) Catalog content at the instance or top-level group level. Today, any maintainer can enable public agents from the AI Catalog — including those created by external community contributors — with no admin-level gate to prevent this or limit exposure to unapproved content. Without these controls, regulated and security-conscious organizations cannot safely pilot and adopt the Duo Agent Platform at scale. **Why This Matters:** - **Security & Compliance:** Organizations in regulated industries need to ensure only vetted, approved AI automation runs within their environment. - **Adoption Blocker:** At least one customer disabled their DAP trial entirely after discovering an externally-owned hackathon agent surfaced in their namespace. - **Enterprise Governance:** Admins need the same level of control over AI agents/flows that they have over other sensitive platform capabilities. ## What's Shipping This epic delivers two separate admin controls: ### 1. Admin Control to Disable Custom Agents and Custom Flows https://gitlab.com/gitlab-org/gitlab/-/work_items/594615 Allows instance admins or top-level group owners to disable the ability for users to create or enable custom-built agents and flows. When disabled, users are restricted to only the centrally-approved catalog content. ### 2. Admin Control to Restrict External/Public Catalog Content https://gitlab.com/gitlab-org/gitlab/-/work_items/594617 Allows instance admins or top-level group owners to block users from enabling agents and flows that originate outside their namespace — preventing exposure to community-contributed or third-party catalog items that have not been internally approved.