AI Governance

Ants' AI Governance Platform (AIGP) delivers end-to-end governance, compliance, and risk management for enterprise AI systems — ensuring every AI agent, model, and workflow operates within policy, regulatory, and ethical boundaries.

Why AI Governance?

As enterprises scale AI adoption, ungoverned deployment of agents creates systemic risk. AI agents are probabilistic systems that can drift from intended behavior, violate regulatory requirements, and expose sensitive data — all without detection unless governed proactively.

AIGP addresses this by providing a unified governance layer across all AI operations, with built-in policy enforcement, continuous compliance monitoring, and automated evidence collection.

Key Capabilities

1. AI Policies

Define, enforce, and audit policies across your entire AI estate:

// Create and enforce AI policies
const policy = await ants.governance.createPolicy({
  name: 'production-agent-policy',
  scope: 'all_agents',
  rules: [
    {
      type: 'data_classification',
      action: 'block',
      conditions: { pii_detected: true, environment: 'production' }
    },
    {
      type: 'model_approval',
      action: 'enforce',
      conditions: { approved_models_only: true }
    },
    {
      type: 'token_quota',
      action: 'throttle',
      conditions: { daily_limit: 1000000 }
    },
    {
      type: 'output_guardrail',
      action: 'block',
      conditions: { toxicity_threshold: 0.7, bias_threshold: 0.5 }
    }
  ],
  escalation: {
    channels: ['security-team', 'compliance-team'],
    integrations: ['servicenow', 'pagerduty']
  }
})
 
// Policies are continuously enforced at runtime
// Violations trigger automated alerts and escalation

# Monitor policy compliance across agents
compliance = ants.governance.get_compliance_status({
    'period': 'last_7_days',
    'group_by': 'agent'
})
 
for agent in compliance.agents:
    print(f"Agent: {agent.name}")
    print(f"  Policy Violations: {agent.violations}")
    print(f"  Compliance Score: {agent.score}%")
    print(f"  Drift Events: {agent.drift_events}")
    print(f"  Last Audit: {agent.last_audit}")

2. AI Compliance & Evidence Collection

Generate audit-ready compliance reports aligned to EU AI Act, California AI regulations, NIST AI RMF, ISO/IEC 42001, SOC2, GDPR, and HIPAA. AIGP automates evidence collection across every agent's lifecycle:

// Generate compliance BOM (Bill of Materials) report
const report = await ants.governance.generateComplianceReport({
  frameworks: ['EU_AI_ACT', 'CA_AI_ACT', 'NIST_AI_RMF', 'ISO_42001'],
  period: 'Q4-2025',
  includeDetails: {
    agentLifecycle: true,       // Creation date, ownership, versions
    dataAccessScope: true,      // What data each agent accesses
    transactionVolumes: true,   // Usage patterns and volumes
    activityStatus: true,       // Active, dormant, deprecated
    openCVEs: true,             // Known vulnerabilities
    policyCompliance: true,     // Policy adherence history
    driftEvents: true           // Behavioral drift incidents
  }
})
 
// Export audit-ready evidence package
await report.export({
  format: 'pdf',
  filename: 'AIGP_Compliance_Q4_2025.pdf',
  includeEvidences: true,
  includeTimestamps: true,
  digitalSignature: true
})

# Collect evidences for regulatory audit
evidences = ants.governance.collect_evidences({
    'scope': 'all_agents',
    'frameworks': ['EU_AI_ACT', 'ISO_42001'],
    'evidence_types': [
        'agent_inventory',          # Complete agent registry
        'risk_assessments',         # Risk classification per EU AI Act
        'data_lineage',             # Data flow documentation
        'model_cards',              # Model documentation
        'policy_enforcement_logs',  # Policy compliance history
        'incident_reports',         # Security and drift incidents
        'human_oversight_records',  # Human-in-the-loop evidence
        'impact_assessments'        # AI impact assessments
    ]
})
 
print(f"Total evidences collected: {evidences.total}")
print(f"Frameworks covered: {', '.join(evidences.frameworks)}")
print(f"Audit readiness: {evidences.readiness_score}%")

3. Active Drift Detection

Continuously monitor AI agents for behavioral drift — detecting when agents deviate from approved baselines, policies, or expected outputs:

// Configure drift detection
await ants.governance.configureDriftDetection({
  monitoring: {
    behavioral_drift: true,    // Output quality changes
    policy_drift: true,        // Policy compliance deviation
    performance_drift: true,   // Latency and throughput changes
    data_drift: true,          // Input distribution shifts
    model_drift: true          // Model performance degradation
  },
  baselines: {
    update_frequency: 'weekly',
    sensitivity: 'high',
    min_sample_size: 1000
  },
  alerting: {
    channels: ['governance-team'],
    integrations: ['servicenow', 'pagerduty', 'slack'],
    severity_mapping: {
      behavioral_drift: 'critical',
      policy_drift: 'critical',
      performance_drift: 'high',
      data_drift: 'medium'
    }
  },
  response: {
    auto_quarantine: true,     // Isolate drifting agents
    auto_rollback: false,      // Require human approval
    kill_switch: true          // Emergency shutdown capability
  }
})

# Review drift events
drift_events = ants.governance.get_drift_events({
    'period': 'last_30_days',
    'severity': ['critical', 'high']
})
 
for event in drift_events:
    print(f"Agent: {event.agent_name}")
    print(f"  Drift Type: {event.drift_type}")
    print(f"  Severity: {event.severity}")
    print(f"  Baseline Deviation: {event.deviation}%")
    print(f"  Action Taken: {event.action}")
    print(f"  Resolved: {event.resolved}")

4. PII Detection & Protection

Automatically identify and protect sensitive data across all AI interactions:

// AgenticAnts automatically detects PII
const trace = await ants.trace.create({
  name: 'customer-query',
  input: 'My SSN is 123-45-6789 and email is john@example.com'
})
 
// Dashboard shows:
// - PII Types: SSN, Email
// - Action: Automatically redacted
// - Alert: Security team notified
// - Audit Log: Created
 
// Query PII detections
const pii = await ants.secops.getPIIDetections({
  period: 'last_24h'
})
 
console.log(`Total PII detected: ${pii.total}`)
console.log(`Types: ${pii.types.join(', ')}`)
console.log(`Redacted: ${pii.redacted}`)

5. Security Guardrails

Prevent policy violations with configurable guardrails:

# Configure guardrails
ants.secops.create_guardrail({
    'name': 'content-policy',
    'rules': [
        {
            'type': 'no_pii',
            'action': 'redact',
            'severity': 'high'
        },
        {
            'type': 'no_toxic_content',
            'action': 'block',
            'threshold': 0.8
        },
        {
            'type': 'no_financial_advice',
            'action': 'warn',
            'notify': ['compliance@company.com']
        }
    ]
})
 
# Guardrails automatically enforced
response = agent.run(query)  # Checked against all rules

6. RBAC & Access Control

Fine-grained permissions for teams, projects, and data:

# Define roles hierarchy
roles = {
    'viewer': ['traces.read', 'metrics.read'],
    'developer': ['viewer', 'traces.write', 'projects.read'],
    'admin': ['developer', 'users.manage', 'settings.write'],
    'security': ['admin', 'audit.read', 'compliance.manage']
}
 
for role_name, permissions in roles.items():
    ants.secops.create_role(role_name, permissions)
 
# Assign to user
ants.secops.assign_role('user@company.com', 'data-scientist')

7. Incident Response & Escalation

Automated policy drift detection and incident response workflows integrated with ServiceNow and PagerDuty:

# Create security incident
incident = ants.secops.create_incident({
    'type': 'policy_violation',
    'severity': 'critical',
    'description': 'Agent drifted from approved behavior baseline',
    'agent_id': 'agent_456',
    'drift_details': {
        'type': 'behavioral',
        'deviation': 23.5,
        'baseline_id': 'baseline_v2'
    }
})
 
# Automated response with escalation
ants.secops.respond_to_incident(incident.id, {
    'actions': [
        'quarantine_agent',
        'notify_governance_team',
        'create_servicenow_ticket',
        'page_on_call_via_pagerduty',
        'enable_additional_monitoring',
        'collect_evidence_snapshot'
    ]
})

AI Agent Lifecycle Governance

AIGP tracks every agent through its full lifecycle:

Lifecycle Stage	AIGP Coverage
Discovery	Auto-discover first-, second-, and third-party agents including Shadow AI
Inventory	Real-time registry with ownership, classification, and risk scoring
Policy Assignment	Attach governance policies based on risk tier and data sensitivity
Runtime Monitoring	Continuous drift detection, PII scanning, and compliance checks
Evidence Collection	Automated audit trail with timestamped compliance artifacts
Reporting	BOM reports for EU AI Act, CA AI Act, NIST RMF, ISO 42001
Incident Response	Automated escalation via ServiceNow and PagerDuty
Retirement	Controlled decommissioning with data lineage preservation

Sub-Sections

AI Governance encompasses cost management and resilience as integral parts of a governed AI operation:

AI Cost — Financial visibility, token monitoring, budget management, and ROI analytics for governed AI spend
AI Resilient — Performance monitoring, SLO management, incident response, and availability tracking

Detailed Topics

PII Detection - Protect sensitive data
Security Guardrails - Enforce output policies
Compliance & Auditing - Meet regulatory requirements
Access Control (RBAC) - Set up permissions
Data Privacy - Encryption and residency

Set Up AI Policies →

Slack Integration PII Detection