Execution Governance for AI Systems
What execution governance means for AI systems that touch APIs, money, and physical actuators, and how it differs from model-only risk management.
How Runtime Authorization for AI Systems Works
A concise model of runtime authorization for AI-driven automation: requests, policy evaluation, deterministic outcomes, and verification receipts.
Why AI Systems Need a Fail-Closed Execution Layer
Why fail-closed execution is the right default for high-impact AI automation, and how it complements observability and human oversight.
Runtime Authorization vs Guardrails
Guardrails filter model output. Runtime authorization decides whether an action may execute. They fire at different points on the request timeline and solve different problems; this post explains where each one works, where each one fails, and how they compose in a fail-closed AI system.
Runtime Authorization vs Policy Engines
Policy engines like OPA and Cedar evaluate rules against structured inputs. Runtime authorization is a system that wraps a policy engine with agent-aware context, deterministic decision semantics, and signed receipts. This post explains the layering, not the competition, and shows how the pieces fit together.
Securing AI Agents in Production
Production AI agents are not secured by "guardrails plus logging." The controls that actually prevent incidents are pre-execution authorization, deterministic decisions, signed receipts, and fail-closed defaults. This post is a production readiness checklist with the failure modes each control closes.
AI Agent Execution Governance
Execution governance for AI agents is the program that turns model-level risk management into enforceable runtime control. This post covers the discipline, the org model, the control primitives, and how to implement a governance program that survives audit without becoming a committee that blocks delivery.
How to Stop AI Agent Tool Abuse
Tool abuse is the failure mode where an AI agent calls a tool it should not, with inputs it should not, or in a chain it should not. This post catalogs the concrete threats and shows the authorization-gated defenses that actually stop them, with a worked example.
Deterministic Authorization for AI Agents
Deterministic authorization means same inputs, same policy version, same outcome, every time. This post explains why AI agent authorization must be deterministic, why LLM-as-judge approvals fail audit, and what the deterministic contract looks like in practice.
Pre-Execution Security for AI Systems
Security for AI systems defaults to detection - logs, monitoring, and incident response after the fact. Pre-execution security flips the axis: stop the event, do not investigate it. This post explains the time-axis framing, why it matters for irreversible AI actions, and what the prevention posture looks like.
AI Agent Runtime Security Architecture
A reference architecture for AI agent runtime security, covering the planner boundary, tool broker, authorization gate, policy engine, receipt store, and verification surface. Responsibilities, failure modes, and deployment shapes are made explicit so teams can compare their own design against a durable template.
Why Logging Is Not AI Security
Logs are evidence, not control. For irreversible AI actions, the response "we logged it" is the admission that prevention did not happen. This post draws the line between evidence and control, walks through specific failure modes, and shows what a prevention posture looks like.
Why SR 11-7 Isn't Enough for Generative AI
Traditional model governance must evolve for agentic AI; here's why runtime control matters for credit, payments, and fraud surfaces.
Execution Governance for AI in Financial Systems
How banks and insurers should extend model risk and conduct frameworks to AI-driven execution in payments, credit, fraud, and customer communications.
Why AI in Grid Operations Needs a Safety Interlock
From load balancing to predictive maintenance, ungoverned AI can create outages, safety incidents, and regulatory exposure, unless execution is gated.
How AI Should Be Controlled in Critical Infrastructure
A technical framing for AI in critical infrastructure: OT and IT convergence, safety interlocks, and execution governance on high-energy or high-impact actions.
From Testing to Deployment: Making AI Autonomy Safe at Scale
Real-world incidents show why motion control and mission systems need deterministic gating between planning and actuation, not only offline evaluation.
The Governance Problem in Autonomous AI Systems
Why autonomy shifts the governance problem from average-case model performance to worst-case execution paths, and what teams must gate before actuation.
Runtime Authorization for Autonomous Systems
Runtime authorization for autonomous systems - robotics, autonomous vehicles, industrial controls - differs from pure-software agents on three axes: latency budget, safety envelope, and functional-safety framing. This post explains the additional constraints and the patterns that hold up under ISO 26262, IEC 61508, and real-time deployment.