The Governed AI Factory

The AI agent your team just deployed is operating without governance.

Most organisations know they need AI governance. Few have connected the testing, approvals, and monitoring into something an auditor can actually verify. We connect it.

Book a scoping call See the framework

The evidence chain — from red team to Technical File

01Red Team ReportAdversarial testing
02Assurance RecordStructured evidence
03Agent CatalogueGoverned registry
04Runtime ManifestProduction gate
05Technical FileEU AI Act evidence

"We saw organisations spending months building AI agents — and days trying to explain them to auditors. The governance tooling existed in pieces. Nobody had connected it into a programme."

— The thinking behind OvikAI and The Governed AI Factory

Why this matters now

This happened. Recently.

These happened at real organisations in the last twelve months. Not projected risks — recorded ones.

PocketOS

APRIL 2026

A Cursor AI coding agent running Claude Opus encountered a credential mismatch and — without human approval — deleted the entire production database and all volume-level backups in a single API call. The agent quoted its own safety rules in its written confession. It had ignored them.

No agent registry. No runtime controls. No HITL. — 9 seconds, three months of customer data gone.

Microsoft 365 Copilot

JUNE 2025 · CVE-2025-32711 · CVSS 9.3

A zero-click prompt injection vulnerability required no user interaction. One crafted email. When Copilot summarised it, hidden instructions extracted data from OneDrive, SharePoint, and Teams, then exfiltrated it through a trusted Microsoft domain. Antivirus, firewalls, and static scanning all failed.

No pre-deployment red teaming. No input validation gate. — the exploit operated in natural language, not code.

Deloitte Australia

OCTOBER 2025

A $290,000 AI-assisted government welfare-compliance report contained fabricated academic citations and an invented quote attributed to a federal court judge. Undisclosed AI use. No output validation. The AI was not disclosed until a researcher discovered the fabrications months later.

No audit trail. No output validation. No human review gate. — partial refund, public retraction, regulatory scrutiny.

These are not AI failures. They are governance failures. The AI did exactly what it was asked to do. Nobody was watching.

The framework

A three-layer assurance programme, built on one decision

Three layers. Each one produces something the next layer depends on. You cannot skip Layer 1 and hope Layer 2 works. Testing an agent assumes you already know which one to build — that decision is the foundation underneath all three.

Whether you're untangling what's already live or deciding what to build next, the same four layers apply — you just enter at a different one.

00

Decide & Scope

The foundation the three layers sit on

Every AI idea in your backlog gets screened the same way: feasibility, cost, and risk tier. What comes out the other end is a ranked shortlist — the model inventory and impact assessment ISO 42001 already requires before a programme is onboarded. Nothing reaches Layer 1 untagged. Every approved use case already carries its Worker/Manager pattern and regulatory tier.

Idea intake & triage · Feasibility & cost modelling · Architecture & tier classification

Deliverable — Governed Opportunity Roadmap & Decision Log
01

Red Team & Assure

Validate before you deploy

Adversarial testing of AI agents and MCP servers before they reach production. Red team scenarios are mapped to your specific risk profile. Findings flow into a structured Assurance Record reviewed in a governed approval workflow.

Adversarial testing · Bias and quality evaluation

Deliverable — Assurance Record & Approval Evidence
02

Register & Govern

Only approved components reach production

Once an agent passes red teaming and the governed approval workflow, it is registered in a catalogue with full provenance. Every agent is issued a cryptographic identity — scoped, rotated, and revoked on decommission. Nothing unregistered or unidentified enters your production environment.

Agent catalogue · Approval workflow · Cryptographic identity per agent

Deliverable — Approved Agent Catalogue & Identity Registry
03

Operate & Monitor

Govern every decision at runtime

The governance factory sits between your users and your AI systems. Decision gates that force a human check before a high-risk action fires, PII scrubbing, human-in-the-loop routing, and full audit logging — engineered into the inference path. Post-market monitoring feeds back to Layer 1.

AI gateway · Runtime threat detection · Drift and performance monitoring

Deliverable — Audit Trail & EU AI Act Technical File

Not ready to talk yet?

Take the 10-minute self-assessment to see where your AI estate stands, or get the book for the full framework and a worked example.

The runtime architecture

The Governed AI Factory

What actually runs at inference time — the components that govern every decision your AI systems make, and the monitoring that catches problems before they reach your clients.

Orchestration core

Stateful process governance. Every agent action is bounded, sequenced, and auditable. HITL routing enforced, not advisory.

Technical governance

Before an AI agent's output reaches a customer or a downstream system, it passes through one gate: personal data stripped, malicious inputs blocked, prohibited actions refused outright. The switch that stops it is already built in — not something your team reaches for mid-incident.

External infrastructure

Foundation models as stateless workers. Append-only immutable logs. Cryptographic hashing for tamper-evident records.

A cryptographically verifiable Technical File for every governed decision. Compliance generated automatically. Not assembled after the fact.

Continuous monitoring

Drift detection

Ongoing monitoring of decision patterns across demographic and risk segments. Drift triggers a re-assessment at Layer 1.

Override rate monitoring

Tracks how often HITL reviewers override AI recommendations. Systematic overrides indicate model drift or guideline change.

Anomaly signals

Real-time detection of outputs that diverge from the established decision pattern — hallucination, prompt injection, and boundary breaches.

Identity layer

Every agent carries a governed cryptographic identity — unique, short-lived, automatically rotated, and revoked on decommission. No static credentials. No orphaned agents.

Feedback loop to Layer 1

Post-market findings trigger a new red team intake workflow. The governance lifecycle closes continuously.

Services

What we deliver

Each engagement ends with something tangible — a report, a registered catalogue, a working programme. We do not deliver slide decks about governance. We build it.

AI Opportunity Discovery & Prioritization

Structured intake, feasibility screening, weighted scoring, TCO modelling, and architecture classification for competing AI ideas — before any of them reach a build decision. Every approved use case exits pre-tagged with its regulatory tier and Worker/Manager classification for a direct Layer 1 handoff.

LAYER 0

AI Agent Red Teaming

Structured adversarial testing of AI agents and MCP servers before deployment. Prompt injection, data leakage, hallucination probing, and boundary testing — every finding flows into an Assurance Record and a governed approval workflow.

LAYER 1

Governed Agent Registry

Design and implementation of a governed agent catalogue. Approval workflow integration, version control, expiry trigger management, and production gate enforcement. Shadow AI eliminated at the gate.

LAYER 2

Runtime Governance Factory

An AI gateway with PII scrubbing and audit logging sits between your users and your models. Inline threat detection blocks adversarial inputs and jailbreaks before they execute. Human-in-the-loop routing enforces oversight, not just advises it. The result: a Technical File generated automatically, not assembled after an auditor asks for one.

LAYER 3

AI Agent Identity Governance

Every AI agent issued a cryptographic identity — short-lived, automatically rotated, and revoked on decommission. Zero static API keys. No orphaned credentials. No ungoverned agents in production. Native integration with your existing enterprise identity infrastructure.

LAYER 2

Regulatory Alignment

We map your controls to whichever framework governs you — EU AI Act Articles 9, 12, and 72, ISO 42001 controls A.5 through A.7, or RBI's draft Model Risk Management guidance for banks and NBFCs. One evidence package, ready for whichever auditor asks. Take the maturity assessment →

ALL LAYERS

The outcome

What your AI estate looks like after the programme

When the programme is in place, three things change. Audits stop being emergencies. Shadow AI stops being a board-level risk. And drift gets caught by the system — not by a client complaint.

Audit ready in minutes

When a regulator, a board member, or a client asks how your AI systems make decisions — you have the answer. A cryptographically verifiable Technical File covering every governed decision, generated automatically.

Shadow AI eliminated at the gate

Every AI agent in your production environment is registered, versioned, and approved. Nothing unapproved executes. The governance gap that caused PocketOS, the Deloitte fabrications, and the Copilot breach cannot exist in a governed estate.

Governance that does not slow you down

The approval workflow runs in parallel with development. Red teaming happens before deployment, not instead of it. The three-layer programme is engineered into the inference path — not bolted on after the fact.

Continuous assurance, not point-in-time

Post-market monitoring detects drift, bias, and anomalies before they become incidents. Findings feed automatically back to Layer 1 for re-assessment. The lifecycle closes continuously — not annually at audit time.

Regulatory alignment

Built for the EU AI Act, ISO 42001, and RBI's draft MRM guidance

The obligations are real and the deadlines have dates. The three-layer programme does not produce compliance documentation after the fact — it generates evidence as a byproduct of the work.

EU AI Act

Lifecycle compliance

Articles 9, 12, and 72 map directly to the three layers. Risk management, record-keeping, and post-market monitoring are covered in a single connected programme.

Article 9 — Risk management across the full lifecycle

Article 12 — Automatic audit logging at every inference

Article 72 — Post-market monitoring with feedback loop

ISO/IEC 42001

AI Management System controls

The three-layer programme operationalises controls A.5, A.6, and A.7 by design — not as a documentation exercise. Certification evidence is produced automatically.

A.5 System Life Cycle — Versioning and deployment traceability via governed agent catalogue

A.6 Data & Resources — PII masking and tool isolation at the gateway

A.7 Risk Mitigation — Real-time telemetry and drift detection via the factory

December 2027

Enforcement is approaching

"Build the programme now. Arrive at December 2027 with evidence already assembled."

Annex III high-risk AI system enforcement begins 2 December 2027 — pushed from August 2026 by the Digital Omnibus agreement of May 2026. The obligations didn't change. The runway did.

About OvikAI

OvikAI helps technology and risk leaders in regulated industries deploy AI agents with confidence. We connect the tools, evidence, and approvals they already have into one governed programme — turning AI governance from a compliance burden into a defensible practice.

Start with one conversation.

We map your current AI estate against the three-layer framework, identify the highest-priority gaps, and tell you where to start. No proposal until you have seen the diagnosis.

Book a scoping call →

Before you book, you will be asked one question — what are you deploying and what is the governance concern. It helps us make the call useful rather than generic.

Or email hello@ovikai.com directly.