Skip to content
OPS-078
← Back to ledger
Holding·last review10 Jun 2026

As of mid-2026, most 1-15 person teams running AI agents and automations on paid client work cannot revoke a misbehaving agent's access quickly because they share a small number of credentials across multiple tools and have no written pause-and-revoke runbook with rehearsed timings per tool. The runbook discipline (per-tool documentation of the pause path, the revoke path, the time-to-effect, and the OAuth third-party revocation step where applicable) is a 30-minute Friday investment using only the tools already in use, and is the small-team analogue of the four-primitive enterprise containment architecture covered in AM-171.

Re-review 10 Jun 2026: per-tool revocation surfaces re-verified live (Anthropic Console support collection, GitHub PAT docs, n8n credentials docs all HTTP 200; the OpenAI help-center key-deletion page bot-blocks scripted fetches at 403 but the surface is unchanged per OpenAI's help index); the Kiteworks organisational containment data the claim leans on by analogy re-verified verbatim at the sibling AM-171 source (60% cannot quickly terminate / 63% purpose limitations / 55% isolation). No SMB tool shipped one-click per-agent revoke with a published time-to-effect SLA; no cyber-insurance term change located; no trigger fired. Claim is scoped to the runbook capability of a 1-15 person team to execute pause and revoke actions through existing tool UIs (Anthropic Console, OpenAI Platform, GitHub Settings, Zapier My Apps, Make Connections, n8n Credentials) in a documented and rehearsed way. Does not assert the runbook substitutes for the four-primitive enterprise architecture; asserts it is the operationally tractable small-team equivalent. 30-day review cadence calibrated to the security-adjacent landscape and the pace at which tool UIs and revocation primitives change. Trigger conditions: (1) major SMB-targeted AI tools ship per-agent revoke as a documented one-click action with a published time-to-effect SLA — would move toward Partial because the tooling gap is closing; (2) a published small-business or small-agency incident specifically traceable to a credential that could not be revoked in time — would confirm operational exposure and strengthen case for the drill; (3) a change in small-business cyber insurance terms requiring documented pause-and-revoke runbooks and rehearsed drills — would change incentive map from discretionary to required; (4) the OpenAI, Anthropic, or GitHub API surface adds workspace-level revoke that propagates to every key minted under the workspace within a defined window — would shift operational answer from per-credential revocation to workspace-level containment. Sibling: AM-171.

Published
26 May 2026
Last reviewed
10 Jun 2026
Next review
+28d· 10 Jul 2026
Cohort
1-15 person services agency, solo founder, or small in-house team running AI tools and automations (Anthropic API, OpenAI API, GitHub PATs, Zapier, Make, n8n, custom MCP servers) on paid client work
Cadence
30-day
Sibling claim
AM-171The agent kill-switch: turning 'you can't stop it' into a containment architecture
Source piece
The kill-switch for a 5-person team: how to turn off an AI agent when it goes wrong, with no IT departmentRead piece →
Primary sources
Permalink/holding/OPS-078/
Embed this claimiframe + oEmbed
HTML iframe
Paste-the-URL (Substack, Medium, Notion, WordPress)

The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.

Watch this claim

Email-me when OPS-078's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.

The claim: As of mid-2026, most 1-15 person teams running AI agents and automations on paid client work cannot revoke a misbehaving agent's access quickly because they share a small number of credentials across multiple tools and have no written pause-and-revoke runbook with rehearsed timings per tool. The runbook discipline (per-tool documentation of the pause path, the revoke path, the time-to-effect, and the OAuth third-party revocation step where applicable) is a 30-minute Friday investment using only the tools already in use, and is the small-team analogue of the four-primitive enterprise containment architecture covered in AM-171.

About this register

The Operators register tracks claims published from practitioner-advisory pieces addressed to solo founders, micro-SMB, and small businesses up to around fifty people. Claims are reviewed on a 30–45 day cadence — tooling and SMB-relevant pricing shift faster than enterprise procurement signals.

Recent corrections in Operators

  • OPS-051 · Partial · 10 Jun 2026

    One named member of the generation cluster was already defunct at publication: Tome shut down its presentation/narrative product (Tome Slides) in March 2025 and pivoted to sales tooling, with the brand later sold to AngelList (deckary.com shutdown timeline; signalhub.substack.com post-mortem, both checked 10 Jun 2026). The generation cluster reduces to Pitch + Gamma. The two-cluster thesis itself is unaffected and arguably strengthened — the pure AI-narrative product failed to find a sustainable business while Gamma (70M users, $100M ARR as of Nov 2025) and the assembly cluster (PandaDoc, Better Proposals, Proposify per Luniq 2026 agency comparison) both compound. Status Up → Partial for the factual error in the tool list.

  • OPS-022 · Partial · 10 Jun 2026

    Vendor attribution error in the claim text. The claim names Polley Faith among 'Spellbook with named small-firm customers Westaway, KMSC Law, Polley Faith'. Polley Faith LLP is a Harvey-listed law-firm customer, not a Spellbook customer: the live Spellbook site (now spellbook.com; spellbook.legal 301-redirects) names Westaway, KMSC Law, and McInnes Cooper with no Polley Faith, and the source article's own body correctly places Polley Faith on Harvey's roster — the claim text and the article excerpt bundled it with the wrong vendor at publish. The remaining legs verify against extracted source text on 10 Jun 2026: Anthropic's GC AI customer story carries 'More than 1,500 companies' and '14 hours saved per week on average ... based on a survey of more than 100 active customers' verbatim; Harvey's published roster (Thompson Hine, Fox Rothschild, Lowenstein Sandler, Polley Faith) matches; ABA Formal Opinion 512 remains the governance baseline. The corpus reading (AI ships at 1-to-20 lawyer scale; privileged work stays on Enterprise-tier zero-retention access) is unaffected. Status Up -> Partial.

  • OPS-071 · Partial · 10 Jun 2026

    Trigger condition (2) fired: the effective date moved. Governor Polis signed SB 26-189 on 14 May 2026 (Holland & Knight client alert, May 2026; Seyfarth; Littler). The signed law repeals and reenacts the original Colorado AI Act and its obligations take effect 1 Jan 2027 — not 30 Jun 2026 as the claim asserted. No operator obligation starts 30 Jun 2026; the only pre-2027 item is Colorado AG rulemaking due by 1 Jan 2027. The claim's structural reading holds (risk-management programmes and impact assessments dropped for a notice-and-transparency framework; consequential-decision scope covering employment, housing, credit, insurance, education, healthcare; no small-firm exemption). The urgency leg ('obligations from 30 June 2026') is overtaken. Status Up → Partial.

Reviews coming up in Operators

  • OPS-030 · Holding · next +15d (27 Jun 2026)

    The fastest path for an owner-operator to build practical agentic-AI competence in 2026 is the three-week build-by-ship…

  • OPS-029 · Holding · next +15d (27 Jun 2026)

    For solo founders and small teams (under ~50 people) building with AI in 2026, the build-vs-buy decision tree has inver…

  • OPS-005 · Holding · next +15d (27 Jun 2026)

    At sub-1M tokens per month (typical SMB agent volume) in 2026, the absolute dollar gap between Claude Haiku 4.5, GPT-4o…