Reading the new NSA guidance not as architecture but as an admission — that the assumption underneath most enterprise security programs has quietly become unworkable, and the official answer is finally catching up to the operational reality.
Most AI governance writing collapses these two ideas. They are not the same thing — and the systems being deployed today need both, structured separately, or neither layer holds when an auditor reads the chain six months later.
When agentic systems collapse decision-making into runtime, the three layers most control frameworks keep separate — what executed, what authorized it, what proves the authorization — collapse with them. The framework is an attempt to keep them legible.
A conceptual framework that separates auditability, governance controls, and technical safeguards in regulated AI systems. Designed for organizations where AI is no longer adjacent to security but inside it.
One agent reads source code and proposes failure modes. Another verifies them against a live deployment with real authentication. The gap between what they each see is where most of the breakdowns I write about — execution drifting from authority, evidence quietly going stale — actually surface as code, not theory.
Same cryptographic primitive, four different implementations of it, one shared corpus. If any two ports disagree about anything, that disagreement is almost always a bug somewhere — and often a bug older than every implementation. The framework keeps producing them.
Specs describe what should happen. Live systems describe what does. Most of the work is in the gap — building probes patient enough to surface it, with operator-controlled accounts, without making noise the system owners do not want. The probes are the part of governance that actually closes the loop at runtime.
My day work is helping organizations build defensible AI governance — execution boundaries, authority chains, evidence that survives an auditor reading it six months later. My night work is building offensive agents that probe the same kinds of systems those frameworks are written for. The two keep teaching each other things.
I keep getting pulled to questions that don’t have settled answers. What an AI system actually does versus what its policy claims. Where authority breaks under autonomy. What an evidentiary record looks like when no human committed the action. The kind of thing that looks dry on a slide and turns out to be where everything interesting lives.
If you’re working at this seam — building agentic systems, governing them, defending them, or trying to write the frameworks that catch up to what they already do — hi@ibondarenko.com.