Red Hat AI 3.4 tackles the question enterprises have been avoiding since the agent boom began: who is accountable when a machine, not a person, makes the call.

[For more news, click here]

Ask a chief information officer in 2025 what their AI strategy was, and the answer usually involved a chatbot. Ask the same question today, and the answer involves agents: software that does not just answer questions but takes actions, books resources, files tickets, moves money, and increasingly does all of it without a human checking each step. The harder question, the one most enterprises have not had a good answer to, is what happens when something goes wrong. Which agent did it. Acting on whose authority. Using what reasoning. That accountability gap, more than any single feature, is what Red Hat is trying to close with the latest version of its AI platform.

Red Hat AI 3.4, announced this week, is being pitched by the company as a unified, metal-to-agent platform, language that sounds like standard enterprise software marketing until you notice what it is actually solving for. The platform spans everything from the physical chips running underneath a workload to the autonomous agents operating on top of it, and its real subject is not artificial intelligence so much as the chain of custody around it. In an industry that spent two years racing to deploy generative AI everywhere it could, Red Hat is making a bet that the next phase of enterprise adoption will be decided less by how smart the models are and more by how confidently a company can answer for what its AI actually did.

The cost of moving fast without a paper trail

The friction Red Hat is naming is a familiar one inside large organizations, even if it rarely gets said out loud. Developers and data teams want to experiment quickly. Infrastructure and security teams need to know what is running, where, and under whose authority. When those two groups are not working from the same playbook, the result is what the industry has started calling shadow AI, unsanctioned tools and unmonitored agents quietly operating inside a business, racking up costs and risk that nobody officially signed off on. Red Hat's own framing of the problem is blunt about the stakes: companies are being pushed to evolve from “token consumers” into “token providers,” managing AI compute and access the way a utility manages power, rather than leaving it to whichever team happens to have a credit card and an API key.

That shift matters more once agents enter the picture, because an agent that books a vendor contract, escalates a customer refund, or rewrites a piece of code carries a different kind of risk than a chatbot that drafts an email.

Agents act with a measure of independence, and that independence is exactly what makes their decision-making hard to see into after the fact. Red Hat AI 3.4 addresses this directly through what it calls AgentOps, a set of tools meant to manage agents across their entire working life, from the moment they are built to the moment they are running unsupervised in production, with built-in tracing, observability, and a form of cryptographic identity that ties every action an agent takes back to a verified source.

Giving every agent a verifiable identity

That identity layer is arguably the most consequential piece of the release, even if it is the least flashy. Using an open standard called SPIFFE and SPIRE, Red Hat AI replaces the static, hardcoded credentials that have long been a security liability in enterprise software with short-lived, verifiable tokens issued to each agent. In practical terms, that means an organization can trace a specific action back to a specific agent, rather than to a generic service account that a dozen different processes might share. It is the digital equivalent of giving every employee a badge instead of a master key, and it directly supports the kind of least-privilege security model that auditors and regulators have been pushing enterprises toward for years.

Layered on top of that identity system is a new evaluation hub and an integrated prompt management system, both designed to treat the inputs and outputs of AI, not just the models themselves, as assets worth governing. The platform now treats prompts as first-class data, stored in a central registry rather than scattered across individual projects, and uses MLflow, an open-source tool with deep roots in traditional machine learning, to track experiments and maintain an audit trail across both generative and predictive AI workloads. The result, according to Red Hat, is end-to-end visibility into an agent's reasoning steps, tool calls, and model responses, the kind of detailed record that makes it possible to reconstruct exactly how an automated decision was reached.

Stress-testing AI before it reaches customers

Visibility after the fact is one form of accountability. Red Hat AI 3.4 also builds in a layer aimed at catching problems before they happen, through automated safety testing and red-teaming powered by technology from Chatterbox Labs and the open-source Garak project, paired at runtime with NVIDIA's NeMo Guardrails. The goal is to screen models and agentic systems for known failure modes such as jailbreaks, prompt injection attacks, and bias before they are deployed, giving security teams a data-driven basis for deciding which models and guardrails are fit for a given use case rather than relying on vendor assurances alone.

None of this governance layer would matter if the underlying inference were not fast or efficient enough to run at enterprise scale, and Red Hat has continued building out that foundation as well. The platform combines the vLLM inference server with the llm-d distributed inference engine, and adds a new Model-as-a-Service capability that gives administrators a single governed point of access to a curated set of models, complete with usage tracking and policy enforcement, while still presenting developers with familiar, OpenAI-compatible interfaces. Newly generally available speculative decoding, a technique that predicts likely next steps in a model's output to speed up generation, is reported to improve response speed by two to three times with minimal loss in quality, lowering the cost of each interaction in the process. Red Hat AI 3.4 also adds day-zero support for NVIDIA's Blackwell GPUs and AMD's MI325X chips, and extends beyond Red Hat's own OpenShift platform to run natively on additional Kubernetes services, including CoreWeave, Microsoft Azure, and a new offering on IBM Cloud.

What Red Hat and its partners are saying

“The agentic era represents an evolution of our platform from running traditional applications to powering intelligent, autonomous systems,” said Joe Fernandes, vice president and general manager of the AI Business Unit at Red Hat. “We are defining the open standard for how the enterprise executes AI. By providing a hardened, metal-to-agent foundation for AI inference, MaaS and AgentOps, Red Hat provides the operational assurance organizations need to innovate at scale while maintaining rigorous control.”

“Autonomous, long running agents in the enterprise demand a new level of infrastructure control and security to ensure trustworthy operations at scale,” said John Fanelli, vice president of enterprise software at NVIDIA. “Red Hat AI Factory with NVIDIA provides a unified, open-source-driven foundation that gives developers and operators the governance and confidence necessary for the agentic future.”

Why this matters beyond the data center

The significance of Red Hat AI 3.4 is not that it makes AI faster, though it does. It is that it represents a maturing consensus across the industry that autonomous AI cannot scale safely without the same kind of identity, audit, and governance infrastructure that enterprises already expect from every other critical system they run. For years, the conversation around enterprise AI adoption centered on capability: what can the model do. Red Hat's latest release is a signal that the more pressing question has shifted to accountability: when the model or the agent acts, can the organization stand behind that action, explain it, and trust it. Solving that problem does not just reduce risk. It is what allows AI to graduate from a collection of impressive pilots into infrastructure that a business can actually depend on, which is precisely the transition American enterprises have been waiting for since the agent boom began.

Related Articles:

Core42 Is Building the AI Compute Network That Doesn't Pick Sides Between AMD and NVIDIA

DXC Technology Consolidates 11,000 Engineers Into One Global Unit

VAST Data Is Now Worth $30 Billion, The Real Story Is Why