ENTREPRENEURIA | Entrepreneurial Perspectives

A series of interviews conducted by Pascale Caron with leaders who design, develop and deploy artificial intelligence within their companies.

For leaders, the challenge is no longer just about adopting artificial intelligence. It now involves defining how far the organization is willing to delegate decisions and actions to autonomous systems.

By Pascale Caron

This article is based on an interview with Anthony Levy, founder of Damn, as part of research conducted for EntrepreneurIA, an editorial project exploring the uses of artificial intelligence through the experiences of entrepreneurs, leaders and experts.

Artificial intelligence is entering a new phase. After conversational assistants capable of writing, summarizing or searching for information, companies are now interested in AI agents. These systems are no longer limited to producing a response. They can query a database, interact with business software, trigger an operation or chain multiple actions with an increasing degree of autonomy.

This evolution opens up new productivity prospects. It also raises an essential question for leaders: under what conditions can AI agents act without compromising the security, compliance and governance of information systems? At the same time, it transforms the very nature of risk. To act, an agent must receive permissions. It can access customer data, source code, internal tools, API keys or a production environment.

After several years dominated by conversational assistants, companies are now beginning to connect AI agents to their business tools. This shift from assistance to action explains why governance is now becoming a strategic issue.

This is why Anthony Levy launched Damn, a sovereign platform designed to create, execute and govern AI agents. The project aims to accelerate their adoption without abandoning security, traceability or infrastructure control. This description corresponds to the positioning presented by its founder and that appearing in his professional profile.

A Career at the Crossroads of Psychology, Business and Technology

Born in France and raised in Nice, Anthony Levy left the Côte d’Azur at 19 to pursue his studies in Paris. He then moved to Israel, where he lived for twelve years. This stay, initially envisioned as a period of discovery and learning, became a formative stage in his personal and professional journey.

He studied psychology, not solely with a view to clinical practice, but to better understand human behavior and social dynamics.

“It was more the idea of understanding humans in society that interested me,” he explains in the interview.

This training still influences his perspective on emerging technologies. For Anthony Levy, tech is not an abstract end goal. It offers a means of understanding contemporary transformations and the way individuals adopt new tools.

After several commercial experiences in international technology companies, Anthony Levy developed a fine understanding of software adoption issues in business. This experience gradually shaped his thinking on future uses of AI agents and enabled him to support companies of different sizes, facing both short buying cycles and much more structured processes. They also nourished his appetite for exploration.

“I need that novelty, that discovery, to immerse myself in a new subject.”

Entrepreneurship attracted him early. He participated in a first project based on blockchain and smart contracts. The ambition was then to use the tokenization of performance in the video game field. The model evolved several times.

“We pivoted, re-pivoted, but it was an interesting experience,” he summarizes.

This first venture taught him to confront a technological intuition with the market. It also showed him that innovation alone is not enough to create a viable model. It must also address a clearly identified need.

From Conversational Assistants to Action-Capable Systems

From 2021, Anthony Levy joined a company developing an automated meeting note-taking tool. He then worked for several companies specializing in artificial intelligence. He gradually became familiar with agentic systems, first through personal interest, then as part of his sales functions.

He observed a rapid transformation in the nature of the solutions offered. The first generative AI tools primarily assisted the user. They produced text, a summary or a recommendation. The human generally retained the final decision.

Agents take an additional step. They can pursue an objective, select tools and perform multiple operations. This autonomy changes their place in the organization.

Anthony Levy considers that AI’s ability to automate certain tasks and fulfill specific missions is no longer really contestable.

“Simply put, I think that the value and ability that AI has to fulfill work missions, to automate tasks, to perform well in a given task are not debatable. It’s no longer debatable as such.”

For him, the debate has therefore shifted. It’s no longer just about evaluating the quality of content produced by artificial intelligence. It now focuses on how to govern systems capable of acting within organizations.

Anthony Levy believes that this evolution is accompanied by a change in scale. The real challenge doesn’t lie in deploying an isolated AI agent, but in the gradual multiplication of these systems within the same organization. A company can quickly use dozens, even hundreds of specialized agents, particularly with the rise of programming agents, business assistants and automation connected to internal applications. It’s this proliferation that transforms governance into a strategic issue.

An agent responsible for customer service can, for example, consult a customer relationship management software, search the history of an order, prepare a response or propose a refund. Depending on the rights granted to it, it can also directly trigger this operation.

The value created therefore depends on its level of access. But each permission also expands the risk surface.

Anthony Levy reminds us that an operational agent must be able to access “internal tools,” “data” and “systems” to perform the tasks assigned to it. The company then faces a trade-off. It seeks to expand the capabilities of its agents without losing visibility over their actions.

“How do you give them freedom and allow them to do more, but at the same time, ensure they do what they’ve been asked to do?” he asks. This tension between autonomy and control is at the foundation of Damn.

Damn, a Trust Layer Between Agents and the Company

Anthony Levy presents Damn as a “trust and control layer,” a layer of trust and control placed between agents, users and company resources. The platform pursues two complementary objectives.

The first concerns developers. They can continue to use the AI-assisted programming tools they are accustomed to. Damn is not intended, according to its founder, to impose a single environment on them.

The second targets business teams. The platform offers them an interface in which they can create or use operational agents with a limited level of technical skills.

Governance comes first. Security managers determine accessible resources, authorized actions and boundaries not to be crossed.

Anthony Levy explains that the team or person in charge of security can define “what an agent can do, cannot do, and within what perimeter it can act.”

The rules then apply to systems deployed in the organization. An employee can create a new agent, but it should not have rights superior to those established by the company. The democratization of creation interfaces reduces technical barriers, but it doesn’t reduce risks. It can even accelerate the multiplication of agents designed without a global vision of rights granted, responsibilities or possible consequences.

Damn’s objective therefore doesn’t rest solely on agent creation. The platform mainly seeks to provide a transversal supervision layer, compatible with multiple tools and multiple models.

This approach responds to another of Anthony Levy’s convictions: companies will probably never use a single AI agent system. They will make internally developed agents, solutions offered by specialized publishers, programming agents, business agents, as well as locally hosted or cloud models coexist. According to him, this heterogeneity will become the norm. Governance therefore cannot depend on a single supplier. It will have to be exercised transversally, regardless of the technical environment chosen.

Why Companies Must Manage AI Agent Identities

Organizations generally know how to manage human identities. They assign rights to employees according to their function, level of responsibility and resources necessary for their work.

Every autonomous system must be identifiable. Its creator, purpose, permissions and actions must remain visible. The company must also distinguish authorized systems from those that have been installed or developed without validation.

Anthony Levy indicates that Damn integrates a registry to track “who created which agent,” “what is this agent’s identity,” what it can do and the resources it can access.

The platform also aims to keep track of calls made to connected tools and services. This logging can facilitate incident analysis, audit preparation or critical process control.

Anthony Levy relates this evolution to identity management solutions offered by players like Okta or CyberArk. These companies currently secure employee access. He believes they could gradually extend their activities to autonomous agents.

The comparison has its limits, however. An employee generally occupies a relatively stable function. An agent can be created for a specific mission, duplicated, modified or deleted quickly. It can also act at a speed that has no common measure with that of a human user.

Responsibility then becomes a major issue. Who answers for an incorrect action? The agent’s designer? The user who triggered it? The person responsible for the business process? The management that authorized its deployment?

Traceability helps reconstruct the facts. It doesn’t replace a prior distribution of responsibilities.

Sovereignty: Distinguishing the Model, Data and Control Layer

Sovereignty occupies a central place in Damn’s positioning. However, Anthony Levy refuses a binary reading systematically opposing local models to cloud-hosted services.

He favors an approach based on the nature of uses. For certain simple tasks, a locally installed model can offer a sufficient level of performance. It may suit an internal assistant, administrative automation or a repetitive process. For more complex missions, particularly in software development, companies may wish to use models available in the cloud.

Anthony Levy summarizes his position directly: “Everything you can do locally, everything you can do with local models, do it with local models.”

He adds that tasks requiring the most powerful models can, depending on the company’s constraints, be processed in the cloud. This approach is based on a trade-off between risk management and competitiveness. Restricting developers to less powerful tools can slow innovation. Indiscriminately authorizing the use of external services can, conversely, expose sensitive information or trade secrets.

According to Anthony Levy, systematically limiting developers to less powerful solutions solely because they are local can represent a strategic error. However, this approach cannot be transposed to all sectors. Banks, healthcare players, administrations and strategic industries respond to specific requirements.

The proposed reasoning invites distinguishing three levels often confused:

  • the model used;
  • the data the agent accesses;
  • the layer that holds permissions, keys and activity logs.

For Anthony Levy, sovereignty must focus primarily on this last level. He believes that the system with access to API keys, permissions and internal resources should not depend on an external cloud service.

Damn is presented as a tool that can be deployed directly on the company’s infrastructure, in a self-hosted environment, an isolated container or on its own servers. This architecture should make it possible to maintain control of the governance layer, even when certain agents occasionally solicit external models.

Regulated Companies on the Front Lines

Anthony Levy was confronted with the requirements of regulated companies when he was marketing AI solutions to large American banks.

The purchasing processes included detailed information requests, questionnaires devoted to artificial intelligence and specific constraints regarding integration with internal infrastructures.

“Any tool that wants to sell to somewhat regulated companies will, at some point, face these types of requests,” he observes.

This experience nourishes his conviction: the supplier cannot alone bear responsibility for control. The client company must maintain its own means of supervision and audit. The registry offered by Damn can help document actions performed by agents. Anthony Levy particularly mentions the possibility of exporting audit elements that can be used in an approach related to the European AI regulation.

This functionality, however, does not guarantee compliance by itself. Compliance depends on the system’s purpose, its risk level, the data used, the responsibilities established and the organizational measures adopted.

The platform therefore provides a technical building block. The company must complement it with a usage policy, data classification, human validation rules and a shutdown procedure in case of incident.

Why SMEs and Mid-Sized Companies Are Also Concerned

Long perceived as an issue reserved for large groups, AI agent governance now also concerns SMEs and mid-sized companies. They can entrust the creation of their agents to integrators, consulting firms or specialized service providers. This outsourcing doesn’t eliminate their responsibility. On the contrary, it reinforces the need for visibility.

For an SME or mid-sized company, the question therefore doesn’t necessarily consist of building its agents itself. It focuses on its ability to maintain control of systems developed by third parties. The organization must be able to revoke access, modify a permission, interrupt an agent and verify operations performed. Technical delegation must not lead to a loss of operational control.

Damn is primarily aimed at structures meeting certain prerequisites: the presence of a person responsible for security, the desire to deploy agents at scale, a regulated activity or the handling of sensitive data.

Integrators and specialized firms could also use this type of layer at their clients’ sites. They would then have an environment designed to define rights, trace operations and separate perimeters between teams.

Before Agents, Putting Order Back into Data and Processes

The interview highlights an often overlooked difficulty. Many companies want to add AI to fragmented information systems. Data is scattered across multiple software programs. Some information is manually re-entered. Old applications coexist with more recent tools, without overall coherence. In this context, an agent doesn’t spontaneously correct dysfunctions. It’s more likely to accelerate them.

Human resources databases may contain identity documents, bank details, addresses or confidential documents. Email systems also group sensitive information that has never been properly classified. Before any deployment, the organization must examine its data, applications, permissions and processes.

This analysis can also show that the problem doesn’t always require artificial intelligence. Better integration between two software programs, classic automation or data cleanup can sometimes produce more value. Technology must respond to a specific need. It must not become an automatic response to every operational difficulty.

Damn: A Startup Betting on AI Agent Governance

Damn is developed by a team of two people. Anthony Levy indicates that development began about eighteen months before the interview.

The initial idea was to simplify the deployment of operational agents for non-technical users. The positioning then shifted toward security and governance, without abandoning the first functional building block.

The founder describes this evolution in these terms: “We went from this initial idea to a much more security-focused and governance management aspect.”

Damn is now working with several pilot partners and initial customers in demanding environments, to validate the platform on real use cases. The company is currently self-funded. “For now, we are fully bootstrapped and I want to stay that way until we reach a tipping point,” he specifies.

Anthony Levy is considering fundraising when Damn reaches a new development threshold. Anthony Levy explains that he deliberately devoted a lot of energy to building solid product foundations, while now considering the acceleration of go-to-market as the strategic priority for the coming months.

Questions Leaders Must Ask Before Deploying an Agent

The rise of AI agents forces companies to go beyond the logic of simple technological testing. Before any deployment, leaders must be able to answer several essential questions. What objective does the agent pursue? What data can it consult? What operations can it perform alone? What decisions require human validation? Who can interrupt its activity? Who assumes responsibility in case of error?

These questions don’t fall solely within the scope of the IT department. They concern business functions, security, legal, compliance and the company’s overall governance.

Damn seeks to respond to part of this challenge by making identities, permissions and actions more visible. However, the real maturity of this proposition will depend on its ability to function in complex environments, to integrate with existing systems and to demonstrate its level of security.

Anthony Levy frames the issue very concretely. He questions how not to hinder innovation, while maintaining “control,” “governance” and “sovereignty.”

These three dimensions will go far beyond the case of a single startup. They will become central as agents leave experimentation to intervene in real operations.

Technological autonomy doesn’t reduce human responsibility. On the contrary, it forces leaders to specify what they accept to delegate, under what conditions and under what supervision.

Companies have long sought to know what artificial intelligence could produce. They will now have to decide what they actually accept to entrust to it.

Key Takeaways for Leaders

  • An AI agent must be governed before being deployed.
  • Data quality remains the primary success factor.
  • Sovereignty is not limited to model choice.
  • SMEs as well as large groups must define an agent governance policy.

About Damn

Damn is a startup founded by Anthony Levy that develops a governance platform for artificial intelligence agents. The solution aims to enable companies to deploy AI agents while maintaining control over permissions, access and traceability.

Website: https://www.damn.dev