Agent governance
Governance isn't a compliance deck. Done as engineering, it's opt-in execution, verifiable guardrails, soul files, and live controls — the system that lets a high-autonomy agent be trusted.
Governance as engineering, not paperwork
Most “AI governance” is a committee, a policy PDF, and a fortnightly review that delivery quietly routes around. That’s compliance theatre — it produces documents, not safety. Real governance is built into the runtime: controls the agent cannot talk its way past, evidenced automatically, enforced in the pipeline. If a guardrail can’t stop a release or halt an action, it isn’t a guardrail. It’s a suggestion.
The controls I build
- Opt-in execution. An agent does nothing by default. Every capability — each tool, dataset, and tenant — is explicitly granted, scoped, and revocable. No broad permissions, no “runs as admin”, no standing access it doesn’t need this minute.
- Verifiable guardrails. Rules enforced in code with evidence, not prose on a wall. Tool calls are classified by blast radius; high-impact actions require approval; inputs are treated as hostile and checked before and after the model runs. Each control emits proof that it fired.
- Soul files. A versioned, auditable definition of who an agent is — its purpose, its boundaries, what it must never do. Identity and limits as a checked-in artefact, reviewed like any other code, so behaviour can’t drift without a diff.
- Live controls. Per-agent, per-tool, per-tenant kill switches that are tested and owned by the people who operate the system, not the team that built it. Plus the audit ledger: who did what, on whose behalf, grounded on which source, under which policy — replayable after the fact.
Where governance usually fails
- One-time review. A model approved in March is a different model in September — retrained, re-prompted, re-grounded. Governance that stops at go-live is theatre; the controls have to live in production and move when the system moves.
- Owned by the wrong team. If legal owns the controls, nothing ships. Legal sets the floor; engineers build and operate the controls. Governance lives or dies on engineering ownership.
- No teeth. A framework that can’t stop a release is wallpaper. The gates have to be able to say no.
- Ignoring third-party AI. Vendor agents and embedded SaaS AI are inside your trust boundary the moment a user touches them. They get inventoried and governed too.
What it unlocks
When the controls are real, the conversation with the CISO and the board changes from “can we even do this?” to “what do we ship next?” Governance done as engineering isn’t friction — it’s the thing that lets high-autonomy agents be trusted with real work, at the speed the business actually needs.