Life sciences6 min read
21 CFR Part 11 for AI agents
Part 11 governs electronic records and signatures. When an AI agent makes the record, here is what a control plane must provide to keep it defensible.
Read →Insights
Field notes on governing AI agents.
Plain-language writing on segregation of duties, sign-off, and the audit evidence a regulator can verify for themselves — for the people who have to answer for what a machine decided.
Life sciences
9 articlesLife sciences6 min read
Clinical trial data with AI agents
AI agents can draft queries, propose medical coding, and reconcile clinical trial data — but decisions that change the trial record stay a signed human call.
Read →Life sciences6 min read
Cold-chain monitoring with AI agents
An AI agent can triage a vaccine temperature excursion and run the stability assessment. It cannot release the stock. That line is the control.
Read →Life sciences6 min read
Medical device reporting with AI agents
An AI agent can triage complaints for FDA medical device reporting. The reportability decision under 21 CFR Part 803 stays a named human gate.
Read →Life sciences6 min read
GMP batch release with AI agents
AI agents can assemble the batch-disposition case — deviations, results, reconciliation. The Qualified Person still signs the release. Here is the line.
Read →Life sciences6 min read
Gross-to-net pricing with AI agents
AI agents can draft rebate, chargeback and gross-to-net accruals from the ERP. A controller still signs the number that hits the financials. Here is the line.
Read →Life sciences6 min read
Device complaint handling with AI agents
AI agents can intake, deduplicate and triage device complaints and route the reportable ones — while reportability and closure stay named human gates.
Read →Life sciences6 min read
Pharmacovigilance and AI agents
AI agents can structure adverse-event cases to ICH E2B and triage volume — but seriousness and causality must stay a qualified human gate, on record.
Read →Life sciences6 min read
Regulatory submissions with AI agents
An AI agent can assemble and quality-check an eCTD dossier. A regulatory-affairs lead still signs the release. Versioned and Part 11-defensible.
Read →Finance
9 articlesFinance6 min read
AI agents in the bank middle office
Reconciliation, AML triage, and sanctions screening are the wedge for AI agents — if they carry roles, limits, and a maker-checker split examiners recognise.
Read →Finance6 min read
AI agents for bank reconciliation
An AI agent can match statement to ledger and surface breaks at machine speed. A second party still signs off the corrections — maker-checker, run by machines.
Read →Finance6 min read
AML alert triage with AI agents
AI agents can clear the AML alert backlog at machine speed. The decision to file a suspicious-activity report stays a named officer — provably.
Read →Finance6 min read
KYC and due diligence with AI agents
AI agents can assemble and screen an onboarding file in minutes. Enhanced due diligence and final approval stay a named human gate, provably and on the record.
Read →Finance6 min read
Model risk management for AI agents
SR 26-2 scoped agentic AI out of model-risk guidance. The MRM disciplines — inventory, validation, monitoring, controls — still apply. Here is how.
Read →Finance6 min read
NYDFS Part 504 and AI agent monitoring
A senior officer must personally certify the transaction-monitoring program every year. When agents triage alerts, what is that certification standing on?
Read →Finance6 min read
Sanctions screening with AI agents
AI agents can clear the sanctions false-positive backlog at speed. Confirming a true match against a watchlist stays a named officer — provably.
Read →Finance6 min read
SR 26-2, AI agents, and no safe harbor
SR 26-2 scoped agentic AI out of model-risk guidance. No template means no safe harbor — the predicate rules and discovery never went away.
Read →Finance6 min read
Trade surveillance with AI agents
AI agents can clear the market-abuse alert queue at speed. The call to escalate toward a regulatory filing stays a named supervisor — provably.
Read →Concepts
13 articlesConcepts6 min read
An agentic AI compliance checklist
Before shipping an AI agent into regulated work, verify six things: identity, deny-by-default grants, segregation of duties, human gates, limits, and audit.
Read →Concepts6 min read
AI agent governance vs guardrails
Guardrails ask if content is dangerous. Governance asks if the actor is authorized. An agent can pass every check and still move money it should never touch.
Read →Concepts6 min read
Deny-by-default permissions for AI agents
Least privilege for agents means versioned grants held by a role — so you can reconstruct exactly what an agent could do on any past date, and who signed off.
Read →Concepts6 min read
Getting AI agents from pilot to production
Agent pilots stall because nobody can answer for what the agent did. Accountability, not speed, is the blocker — and it is fixable.
Read →Concepts6 min read
How to audit an AI agent
An examiner asks four things of an agent: what was it permitted to do, who granted that, who approved each decision, is the record intact. How to answer.
Read →Concepts6 min read
Human-in-the-loop approval gates for agents
Approval gates as first-class workflow steps: the run parks at the one-way door until a named human signs — quorums, requester exclusion, captured reason.
Read →Concepts6 min read
Segregation of duties for AI agents
The oldest control in finance and pharma, applied to machines: enforce maker-checker structurally at runtime, so the same agent cannot prepare and approve.
Read →Concepts6 min read
Self-hosted, air-gapped agent governance
Why regulated teams run agent governance in their own environment: data never leaves, it works air-gapped, nothing phones home, the audit evidence is yours.
Read →Concepts6 min read
Tamper-evident audit logs for AI agents
A SIEM log or trace shows what happened. It does not prove the record was not altered. The difference is what an auditor and a court accept as evidence.
Read →Concepts6 min read
The four-eyes principle for AI workflows
Four-eyes means a second named person — not a second model — signs the work. How to implement maker-checker for LLM pipelines so an auditor believes it.
Read →Concepts6 min read
What is an AI agent control plane?
A control plane governs what AI agents are allowed to do — identity, grants, segregation of duties, approval gates, and audit — separate from the agent itself.
Read →Concepts6 min read
What is maker-checker?
Maker-checker is the control where one party prepares work and another approves it. Banks and manufacturers ran it for decades. Now it governs AI agents.
Read →Concepts6 min read
Who is accountable when an AI agent acts?
Accountability does not transfer to a model. Named principals, human gates on the decisions that matter, and a record tying every action to who authorized it.
Read →Integration
5 articlesIntegration6 min read
Govern Claude Agent SDK agents
A proxy session makes MakerChecker the authorization point and the evidentiary record while the Claude Agent SDK keeps executing the tools.
Read →Integration6 min read
Govern your CrewAI agents
Wrap the tools your CrewAI crew already uses so every call gets a grant check, segregation of duties, and an audit entry — no re-platforming.
Read →Integration6 min read
Govern your LangChain agents
Wrap your LangChain and LangGraph tools in a governed adapter — same name, same schema, plus a grant check, segregation of duties, and an audit entry per call.
Read →Integration6 min read
MCP-native AI agent governance
MCP lets an agent call any tool a server exposes. Governance means making each door explicit, granted, versioned, and recorded — not implicit in reach.
Read →Integration6 min read
Wrap existing AI agents, do not migrate
Governing AI agents should not mean rebuilding them. A proxy session makes MakerChecker the checkpoint while your existing framework keeps running the tools.
Read →See it for yourself
Reading is one thing. Watch it block an agent.
One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.
Designed against the rules your auditors already enforce.