The short answer
To share an AI agent with your team, give most people run access and reserve edit access for one or two owners; point the agent at a shared credit balance so billing is centralized and attributed per run; and keep a shared run history so every input and output is visible and auditable. Run access means a teammate can use the agent with their own inputs. Edit access means they can change how the agent works for everyone. Getting that distinction right is the whole game, because a shared agent is a shared tool: a single change ripples out to everyone who depends on it.
This guide walks through the six decisions that matter when an agent stops being yours and becomes the team's: the permission split, how runs stay separate, how the bill works, how to keep an audit trail, how to stop two people doing the same job twice, and how to bring a new teammate up to speed in minutes.
Who can run vs who can edit
The first and most important decision is the permission model, and for a shared agent it comes down to two roles.
Run access lets a teammate start the agent, supply their own inputs, and receive the result. They cannot change the agent's instructions, its connected accounts, or its guardrails. They use it the way you use a vending machine: pick what you want, get the output, no access to the machinery inside. This is the right level for almost everyone on the team. A sales rep running a lead-enrichment agent, a support lead running an inbox-triage agent, a marketer running a content-repurposing agent: all of them need run access and nothing more.
Edit access lets a teammate change the agent itself: rewrite its instructions, swap a connected account, adjust what actions it is allowed to take, or change its schedule. A change here affects every single person who runs the agent. If an editor narrows the agent's scope on Monday, every run after Monday reflects that. For this reason, edit access should belong to one or two owners who are responsible for the agent, not to everyone who uses it.
The principle behind this split is least privilege: give each person exactly the access their job requires and no more. The fewer people who can change a shared tool, the fewer surprises everyone else gets. If you want a teammate to be able to constrain what the agent does without rebuilding it, the cleaner path is to layer on guardrails rather than hand out edit access; how to limit agent actions covers the controls that bound an agent's behavior, and AI agent safety and guardrails explains the broader safety model those controls sit inside.
Shared runs vs personal runs
A common point of confusion is whether sharing an agent means everyone shares the same run. It does not. Sharing an agent shares the configuration, not the execution.
Each time someone starts the agent, that is a personal run: it uses the inputs that person provided and returns a result to that person. If three teammates run a shared report-drafting agent in the same hour, that is three independent runs producing three independent outputs. They do not collide, overwrite each other, or queue behind one another.
What is shared is the agent definition: the instructions, the connected tools, the guardrails, and the run history. When an owner improves the instructions, the next run by anyone benefits. That is the entire value of sharing rather than each person building their own copy. The team maintains one well-tuned agent instead of five slightly different ones that drift apart over time.
There is one case worth calling out: a scheduled shared run. Some agents run on a trigger or a schedule rather than on demand, such as a daily summary that posts to a team channel every morning. That run belongs to the team rather than to any one person, and its output is visible to everyone with access. Treat scheduled runs as the exception that genuinely is shared, and keep on-demand runs personal.
How credits and billing work
When an agent is yours alone, billing is simple: runs draw from your balance. Sharing introduces a question, whose balance pays?
The clean answer for a team is a shared credit balance. The team tops up one balance, and every run against the shared agent draws from it. Metering does not change because the agent is shared: the rate is the same, $1 equals 1,000 credits, and you only pay when the agent actually runs. What changes is the source of funds and the attribution.
Attribution matters because a shared balance without visibility is a blank cheque. A well-run shared setup records which teammate started each run and what it cost, so you can see at a glance that the lead-enrichment agent accounts for most of the month's spend, or that one heavy user is driving the bill. That visibility is the foundation of cost control. Once you can see where credits go, you can act: set a ceiling on how often the agent runs, batch work instead of running one item at a time, or split a single broad agent into cheaper task-specific ones.
Two practical guardrails keep a shared bill predictable. First, rate-limit the agent so a runaway loop or an overenthusiastic teammate cannot burn the balance in an afternoon; how to rate-limit your agent walks through setting that ceiling. Second, watch the spend trend rather than the daily noise, which is the core habit in AI agent cost control. Together they turn a shared balance from a worry into a line item you understand.
Keeping inputs and outputs auditable
When one person runs an agent, the audit trail lives in their head: they know what they asked for and what they got. When a team shares an agent, that knowledge has to live somewhere everyone can see. The mechanism is a shared run history.
A useful run history records four things for every run: who started it, when it ran, what inputs it received, and what it returned or changed. That record is the audit trail. It answers the questions that come up the moment an agent touches shared systems: who ran the agent that updated forty CRM records last Tuesday, what data did it act on, and was the output what we expected.
Auditability is not a nice-to-have for shared agents that touch real systems, a team inbox, a billing tool, a customer database. It is the thing that lets the team trust the agent. A shared agent without a visible log is an agent nobody can verify, and an unverifiable agent does not stay trusted for long. The discipline of watching what an agent does over time is its own topic, covered in AI agent monitoring and observability; for a shared agent, the run history is the most important observable surface you have.
Pair the log with limits. A run history tells you what the agent did; action limits decide what it is allowed to do in the first place. The two reinforce each other: tight limits keep the log boring, and a clear log tells you when to tighten the limits further.
Avoiding duplicate or conflicting runs
The most common failure mode of a shared agent is not a permissions breach or a billing surprise. It is two people doing the same thing without knowing it.
Picture a shared agent that enriches new leads. Two reps see a fresh batch and both run the agent on it. Now the work is done twice, the credits are spent twice, and if the agent writes back to a shared system, the second run may overwrite or duplicate the first. Nothing technically broke; the agent ran exactly as designed. The problem was coordination, not code.
Three habits prevent this:
- Check the shared run history before you run. If the log shows the job was already done five minutes ago, you skip it. This is the single highest-value reason to keep the run history visible to everyone.
- Assign ownership of recurring tasks. If the lead-enrichment agent is run by one named person each morning, nobody else runs it by reflex. A light convention beats a heavy lock.
- Prefer scheduled runs for genuinely shared, repeating work. If a job should happen once a day regardless of who is around, schedule it. A scheduled run happens exactly once and the whole team sees the result, which removes the question of who should trigger it.
For agents that write to shared systems, lean on guardrails as a backstop. An action limit that prevents the agent from touching a record it already processed turns a coordination slip into a no-op instead of a mess. The combination of a visible log, a clear owner, and sensible limits handles the overwhelming majority of duplicate-run risk without any heavy locking machinery.
Onboarding a new teammate
The payoff of sharing an agent properly shows up when someone new joins. A new teammate should be productive with an existing agent in minutes, not days, and they do not need to understand how it was built to use it well.
A clean onboarding is three steps:
- Invite with run access. Add the new person to the agent with run access only. They can use it immediately; they cannot change it. If they later take over maintenance, you upgrade them to edit access then, not before.
- Point them at the run history. The shared log is the best documentation the agent has. Real past runs show exactly what kinds of inputs the agent expects and what good output looks like, far better than a written guide that goes stale.
- Tell them which tasks the agent owns. One sentence does it: "this agent enriches new leads each morning, and Priya runs it." Now the new teammate knows what the agent is for and who owns the recurring run, which heads off the duplicate-run problem from day one.
If the new teammate has never used an agent at all, send them how to set up your first AI agent for the basics and what is an AI agent for the concept, plus the glossary for any term that comes up. For using an existing shared agent, though, none of that is required reading: run access plus the run history is enough to get going.
How Gravity handles team sharing
Gravity is an AI agent platform where you describe what you need in plain words and an expert-built agent runs it in about 60 seconds. Sharing that agent with your team follows the same model laid out above, without any setup work on your side.
You invite teammates and choose their access: run access for the people who use the agent, edit access for the owners who maintain it. Runs stay personal, each teammate supplies their own inputs and gets their own result, while the agent definition stays shared so the team maintains one well-tuned agent rather than a sprawl of copies. Billing runs off a shared balance at the same rate as everywhere else, $1 equals 1,000 credits, with each run attributed to whoever started it so the bill is never a mystery. Every run lands in a shared history that records who, when, with what inputs, and what came back, which is both your audit trail and your defense against duplicate work.
Because Gravity runs the agents and carries the cost, you are not maintaining permission systems, billing plumbing, or audit logs yourself. You decide who can run and who can edit, top up the team balance, and let the platform handle the rest. To turn an existing agent into a team tool, the fastest path is often to start from a known-good configuration: how to create an agent from a template gives the team a tested starting point everyone can run on day one. From there, setting up agent notifications keeps the whole team informed when shared and scheduled runs complete.
FAQ
What is the difference between run access and edit access for a shared agent?
Run access lets a teammate start the agent with their own inputs and receive the result, without changing how the agent works. Edit access lets a teammate change the agent's instructions, connected accounts, or guardrails. Most of your team should have run access only. Edit access belongs to one or two owners, because a change to the agent affects everyone who uses it.
How do credits and billing work when a team shares an agent?
A shared agent draws from a shared team credit balance rather than from each person's personal balance. Every run is metered the same way, $1 equals 1,000 credits, and the cost is attributed to the teammate who started the run so you can see who spent what. You top up the team balance once and everyone runs against it, which avoids the friction of individual billing for a shared tool.
Can two teammates run the same shared agent at the same time?
Yes. Each run is independent: it uses the inputs the person who started it provided and returns a result to that person. Two simultaneous runs do not interfere with each other. The risk is not technical conflict but duplicate work, two people running the same job on the same data, which you avoid with a shared run history and a quick convention about who owns which task.
How do I keep shared agent runs auditable?
A shared agent should keep a run history that records who ran it, when, with what inputs, and what it returned. That log is the audit trail. Anyone with access can see what the agent did and who triggered it, which matters when the agent touches shared data such as a team inbox, a CRM, or a billing system. Pair the log with action limits so the agent can only do what you intend.
How do I onboard a new teammate to an existing shared agent?
Invite them to the agent with run access, point them at the shared run history so they can see real examples of inputs and outputs, and tell them which tasks the agent owns. They do not need to understand how the agent was built. Within a few minutes they can run it themselves. Grant edit access only if they will be responsible for maintaining the agent, not just using it.