How to Write an Acceptable Use Policy for AI Coding Agents

Nine in ten organizations report that employees are using AI tools — yet a quarter have no policy governing that use at all, according to the ISACA 2026 AI Pulse Poll of 3,400 digital trust professionals. For engineering teams deploying AI coding agents, a generic acceptable use policy drafted for chatbots will not close that gap. Coding agents write and commit code, call external APIs, read private repositories, and in agentic workflows can open pull requests and trigger CI pipelines without a human touching a keyboard. The threat surface is specific to code; the policy needs to be too.

What an AI Coding Agent AUP Must Cover

Most enterprise AI policies address data inputs and output handling — two legitimate concerns that miss most of what makes coding agents different. A purpose-built AUP for AI coding agents needs to address five areas.

• Approved tool list. Name which AI coding agents are sanctioned and require explicit sign-off before any new agent is introduced. GitGuardian's State of Secrets Sprawl 2026 detected over 1.2 million secrets tied to AI services leaked in 2025 — up 81% year-over-year — driven partly by developers authenticating new tools ad hoc, outside IT visibility.

• Data classification rules. Define which data classes can be sent to which tools. Customer PII, internal authentication tokens, and proprietary business logic each carry different risk profiles. Agentic coding tools that read from a repository or call external APIs can inadvertently exfiltrate classified data without explicit context boundaries in the policy.

• Code review obligations. Every AI-generated pull request needs a named human reviewer. Define minimum review depth by code risk category — infrastructure changes, authentication logic, and data pipeline code each warrant different scrutiny levels. A solid AI code review policy covers the enforcement components that make reviewer assignment stick.

• Secrets and credential hygiene. Prohibit committing API keys, tokens, or credentials in AI-generated code without automated secrets scanning as a merge gate. GitGuardian's 2026 report found that 32.2% of internal repositories contain at least one hardcoded secret — internal codebases carry higher exposure than public ones, and AI agents that auto-generate credential-handling code amplify that risk.

• Incident reporting requirements. Define what constitutes an AI coding agent incident — a leaked secret, a hallucinated package resolved from an untrusted registry, unauthorized tool access — and specify who receives the report and within what time window.

Enforcement Requires More Than a Written Policy

Written policies fail because they depend on voluntary compliance that cannot be verified at scale. Shadow AI cost enterprises an average of $10.3 million annually in insider incidents in 2025, according to the DTEX and Ponemon 2026 Cost of Insider Risks Global Report — and shadow AI by definition operates outside any written policy. Enforcement requires a technical layer on top of the document.

• Run secrets scanning in CI before every merge, not on scheduled batch scans. A secret committed at 9am should not survive to an 11pm nightly scan.

• Block unapproved AI tool domains at the network layer via DLP rules or egress filtering — not just in policy language.

• Require signed commit attestation for AI-assisted pull requests so audit logs can reconstruct which agent produced which code at merge time.

• Set PR risk scoring thresholds that automatically route high-complexity or high-surface-area AI-generated pull requests to senior reviewers — not by discretion, by gate.

The decision gates that sit between an agent and a merge are covered in detail in our guide to governing autonomous coding agents. If you are still building pre-deployment controls, the AI coding agent onboarding security checklist maps the steps most teams skip before granting agents repository access.

What re-entry.ai does about this: re-entry.ai scores every AI-generated pull request against a configurable risk policy — flagging risky patterns, surfacing credential exposure, and enforcing reviewer assignment rules before code reaches the main branch. The platform converts the enforcement clauses of your AUP into automated gates, so policy compliance does not depend on individual developers reading a document.

What to Do Now

1. Audit which AI coding agents are currently running across your engineering team — assume the number is higher than IT's current inventory.

2. Draft a one-page AUP using the five areas above as section headers: approved tool list, data classification rules, code review obligations, secrets hygiene, and incident reporting.

3. Add a data classification matrix that maps each approved AI coding tool to the data types it is permitted to process.

4. Implement automated secrets detection and PR risk scoring as technical enforcement gates — written policy alone does not scale.

5. Schedule a quarterly review to update the approved tool list as new AI coding agents enter the market.

If your team is running AI coding agents without a formal acceptable use policy, the enforcement problem compounds with every agent you add. Visit re-entry.ai to see how automated pull request governance closes the gap between the policy you write and the risk your code actually carries.