Identity and access

Boundary 1.0 adds RDP session recording, previews AI-agent access controls

Boundary 1.0 adds RDP session recording, previews AI-agent access controls

The 1.0 lands with session recording attached

HashiCorp announced Boundary 1.0 on June 25. The operational headline is RDP session recording, and the version number is a distant second. Boundary is HashiCorp's privileged-access proxy, and until this release it did not record Remote Desktop sessions on its own. Teams that route Windows-side deploys through the proxy now have a first-party audit trail that ships with the product itself.

The announcement bundles two other things on top of the RDP work. "Improved management" is HashiCorp's phrasing. Boundary 1.0 also previews work aimed at securing access for AI agents, which HashiCorp positions as a same-chokepoint answer for a new class of caller.

What actually changes on the CD side

For most teams the practical read is narrower than "1.0 shipped". Two things move.

RDP sessions get recorded through the proxy. Windows targets have historically been the awkward part of a privileged-access story. SSH session recording and TLS-terminating proxies have been standard for years on Linux. RDP has been thinner. A CD pipeline that lands on a Windows host for a hotfix, an artifact promotion, or a release-time config change now has the same after-the-fact video that Linux jumpboxes have had for a long time.

The AI-agent preview signals where Boundary wants to sit next. If CD tooling is starting to hand a shell to an agent, that agent needs a credential of some kind. HashiCorp is telling operators the plan is for Boundary to mediate that call the way it mediates a human on-caller today. This is a preview. Read it as a roadmap.

Why the audit line matters for release engineering

The audit case for session recording is easy to state and hard to argue with. When a bad change lands on a production Windows host at 2am, the post-incident question is always the same: what did the person on the console actually do, and can it be replayed? Without recording, on-call gets shell history if it is lucky and a change-management ticket if it is not. Neither reproduces the click that resized a disk or set the wrong service account.

The catch, as always, is storage and retrieval. Session video is heavy compared to a log line. If a team enables recording without a retention plan or an index it can grep by change ID, it ends up with a legal-hold problem attached to its CD pipeline. The vendor calls session recording a compliance win; on-call, that translates to owning the storage bill and the search UI as well.

How to read the AI-agent preview

The agent-access teaser is the part worth watching. Boundary is a chokepoint by design. If a team routes on-callers through it today, extending that same path to an autonomous caller has a real appeal: one authorization model, one audit surface. The trade is that the chokepoint becomes higher-value. When the caller is an agent that can burn through a hundred sessions an hour, a mis-scoped role stops being a person mistake and becomes a fleet mistake.

Nothing in the 1.0 announcement commits to a specific API for agent access. HashiCorp says the work is previewed. Treat it as a signal for platform planning and design against it later.

A note on the version number

Calling this Boundary 1.0 is a marketing statement, and HashiCorp is entitled to it. For most operators the useful frame is the feature delta. RDP recording is here, agent-access wiring is on the way, and the rest of the product surface reads the same as before. If an access-control review pipeline already pins Boundary, pin the new version, run it through a staging Windows target, and confirm the recording index looks the way the compliance team expects. If it does not, that is a paper-cut worth flagging before the next audit cycle.

Source: HashiCorp (hashicorp.com)

Related
Security & supply chain

Vault wants your AI agents to ask permission, one request at a time

HashiCorp Vault Enterprise has put a new authorization model for AI agents into public preview, built on OAuth 2.0 Rich Authorization Requests so agents must declare what they want on every call instead of inheriting long-lived secrets. For pipelines that now host coding agents, it changes who is allowed to do what at runtime.

June 27, 2026
Identity and access

Anthropic swaps per-developer Claude Code secrets for an OIDC gateway

Anthropic shipped a self-hosted Claude apps gateway that runs Claude Code on Amazon Bedrock and Google Cloud without per-developer cloud credentials, federating identity through Google Workspace, Microsoft Entra ID, Okta or any standards-compliant OIDC provider.

July 5, 2026
Release engineering

Release gates for LLMs: the argument that your CI is not the finish line

A New Stack piece from Freddy Daniel Alvarez Pinto argues that traditional CI/CD gates are not enough for production AI systems, and proposes a release-gating approach built for LLMs. Here is why the framing matters for pipeline owners, and where the honest rough edges sit.

July 6, 2026

Turn this into your pipeline. Build it on Buddy.

Start free