今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#governance

找到 30 篇相关文章

AI 资讯

Why Enterprise AI Governance Should Start at the Access Path

Many enterprise AI governance discussions start with frameworks. Frameworks are useful. They help organizations define principles, roles, controls and accountability. But when an enterprise starts using generative AI in real workflows, the practical governance problem often appears somewhere much more specific: the AI access path. That is the moment when an employee, application, copilot, agent or API workflow sends a request to an AI model. At that point, governance becomes operational. The practical governance questions Before an AI request reaches a model, an enterprise may need to answer several concrete questions: Who is sending the request? What business use case is involved? What data is being sent? Which AI model is being used? Is the model approved for this use case? Should sensitive data be masked or blocked? Was the access decision recorded? Can the activity be reviewed later? Can AI usage and token cost be explained by user, department, model and use case? These questions are not only policy questions. They are architecture questions. If the enterprise cannot answer them at the access path, AI governance may remain too far away from the real system behavior. Why the access path matters Many organizations already have AI policies. But policies are often written before or after the actual AI interaction. The access path is where policy meets execution. For example, a team may approve the use of generative AI for internal productivity. But the organization still needs to understand: whether customer data is being included in prompts; whether employees are using approved or unapproved models; whether sensitive content is being sent to external services; whether different departments are using AI in very different ways; whether audit evidence exists when an incident or review happens. This is why AI governance should not only be treated as a document, committee or training program. It also needs a technical control point. A simple access governance pattern A

2026-07-14 原文 →
AI 资讯

Article: Comprehension at AI Speed: Building a Context Store for Evolutionary Architecture

AI makes the first 80% of development feel fast, but hides architectural complexity until it's too late. To prevent system instability, engineering leaders must shift from raw throughput to systemic comprehension. By unifying spec-anchored SDD, TDD, and automated fitness functions into a repo-bound "Context Store," teams can ensure AI agents and human reviewers evolve code safely. By Stella Berhe, Stephan Bragner, Vikram Maran, Anand Jayaraman

2026-07-14 原文 →
开发者

The Path to Sovereign Data: Challenges and Priorities in Local-First Computing

A panel on data ownership challenged the definition of "ownership," arguing it must extend beyond simple account control to include structural independence, interoperability, and community governance. Speakers like Zenna Fiscella, Paul Frazee, Boris Mann, and Robin Berjon emphasised the need for shared standards, unbundled platforms, and better tools to support user sovereignty. By Olimpiu Pop

2026-07-13 原文 →
AI 资讯

From Optimization to Protection: Adding a Security and Governance Agent to Your Snowflake Multi-Agent Team (Part 3)

From Optimization to Protection: Adding a Security and Governance Agent to Your Snowflake Multi-Agent Team (Part 3) In Part 1 , we built an Admin Agent for usage and cost visibility. In Part 2 , we added a Cost Optimizer Agent and an Orchestrator that routes questions to specialists. Now we close the loop with the third specialist: a Security and Governance Agent . This turns your assistant from "what happened" and "what to optimize" into a full team that also answers "what is risky right now". By the end of this post, you will have: A Security and Governance Agent with focused security tools Security semantic views mapped to natural language Orchestrator routing across Admin, Cost Optimizer, and Security agents A practical triage workflow for failed logins, privilege risk, and unauthorized access Why Add a Security Specialist? The first two agents are strong for operations and spend, but security requires a different lens: Access control and role hygiene Failed login patterns and anomaly detection Unauthorized access attempts Inactive users with active privileges Compliance-friendly audit summaries Could one large agent do everything? Sometimes. But specialized agents are easier to maintain, safer to evolve, and easier to test. Final Team Architecture User Question (natural language) | Orchestrator Agent / | \ Admin Cost Security Agent Optimizer Governance Agent \ | / Unified Response Role of each specialist Admin Agent: usage, credits, storage, operational metrics Cost Optimizer Agent: idle compute, rightsizing, optimization opportunities Security and Governance Agent: roles, privileges, failed logins, unauthorized access, audits The Security Pattern (Same Foundation as Parts 1 and 2) Step 1: Base Views Create security-focused views over SNOWFLAKE.ACCOUNT_USAGE , including: Role hierarchy and privilege grants Failed login attempts and anomaly severity Excessive or unused privileged access Unauthorized access attempts User and role audit summaries Network policy ac

2026-07-10 原文 →
开源项目

How GitHub gave every repository a durable owner

GitHub had over 14,000 repositories. Fewer than half had clear ownership. Here's how we gave every active repository a validated owner in under 45 days, archived the rest, and made ownership the foundation for everything that followed. The post How GitHub gave every repository a durable owner appeared first on The GitHub Blog .

2026-07-10 原文 →
AI 资讯

You Can't Secure What You Can't See: Shadow AI and the Inventory Problem

Part 1 of "Trust the Machine" -> a series on building AI infrastructure that is secure, compliant, and governable by design. Most organizations can produce an accurate catalog of the web services they operate. Far fewer can produce an equivalent catalog of the AI systems they run — the models, fine-tunes, retrieval pipelines, agents, and third-party AI APIs now embedded throughout their products and internal tooling. This asymmetry defines the state of AI security in 2026. Adoption has outpaced oversight. Industry reporting this year has described a surge in enterprise AI activity on the order of 83% year over year, with governance and visibility lagging well behind. The consequence is a large and only partially mapped attack surface — one that many organizations cannot fully enumerate, let alone defend. Every mature security program rests on a single first principle: you cannot protect what you cannot see. Artificial intelligence is no exception. Before threat-modeling an agent or authoring a guardrail, an organization must be able to answer a deceptively difficult question: what AI is running across the environment, and who is accountable for it? This post examines how to build that answer. The rise of shadow AI Shadow IT — the unsanctioned adoption of tools outside official channels has been a recognized challenge for decades. Shadow AI is its faster-moving successor, and it appears in more forms than most inventories are designed to detect: Embedded API calls. A product team integrates a hosted model in a few lines of code and an API key, with no formal review. Copilots and assistants enabled across existing SaaS platforms, frequently activated by the vendor rather than the customer. Fine-tunes and adapters trained on internal data and stored in locations that fall outside standard scanning. Agents and automations that have incrementally acquired the ability to act—filing tickets, sending communications, initiating transactions—one permission at a time. Model de

2026-07-08 原文 →
AI 资讯

GitHub Copilot's enterprise managed-settings.json is now GA

GA in a sentence GitHub moved its enterprise managed-settings.json to general availability on July 1, giving GitHub Enterprise Cloud admins a single JSON file that overrides Copilot behaviour in VS Code and Copilot CLI for anyone holding a Copilot Business or Copilot Enterprise seat issued from the enterprise or one of its organizations. The changelog frames it as a place to define AI standards for the tenant. In practice it is a supported home for Copilot policy that shipped one setting at a time in beta up to this point. The five keys the file accepts Five keys are documented at GA: extraKnownMarketplaces , enabledPlugins , strictKnownMarketplaces , disableBypassPermissionsMode , and model . Together they configure trust for extra plugin marketplaces, the enabled-plugins list, strict enforcement of the known-good marketplace list, whether Copilot CLI and the VS Code extension can run in bypass-permission mode, and which model a user is allowed to pick. Value shapes are not enumerated in the changelog itself; the docs page is the reference for the schema. How the file reaches a client The file lives at copilot/managed-settings.json inside the .github-private repository of the organization the enterprise nominates for the role. There is a backward-compatible path at .github/copilot/settings.json for tenants already using the older layout. Copilot clients fetch the file from the server on every authentication, hold it in memory, and refresh it hourly, per the changelog. That server-side file takes precedence over the file-based config a user may have on their own machine. Setup runs through the AI Controls tab in enterprise settings, or the equivalent API endpoint, where an admin picks the hosting organization. Anyone who followed the June rollouts of disableBypassPermissionsMode and strictKnownMarketplaces will recognise the same file and the same repo. GA is what turns the plumbing into a supported product surface. Where it will trip you Two operational details are

2026-07-05 原文 →
AI 资讯

Cloudflare Details Unified Data Platform Where Billing Workloads Account for 53% of Queries

Cloudflare details Town Lake, an internal unified data platform, and Skipper, an AI analytics agent unifying access to operational, billing, security, and business data. The platform processed ~91K billing queries, with billing forming majority usage. Built on a lakehouse architecture using Trino, Iceberg, R2, and DataHub, it enables governed cross-system analytics and natural language access. By Leela Kumili

2026-07-03 原文 →
AI 资讯

[Databricks on AWS #0] The Target Architecture: Isolating Prod, Dev, and Sandbox with Unity Catalog

📚 Series: Databricks on AWS (Part 0, prologue) The Target Architecture ← you are here Building a Databricks AI Platform on AWS RBAC with Function-Role Groups Compute Governance: Pools, Policies, Clusters The BOOTSTRAP_TIMEOUT Mystery Fixing It with AWS PrivateLink How We Structure the Terraform Before the build story, here's the destination. This is the target-state data architecture we designed the whole platform toward — the three principles that shaped every later decision, and the Unity Catalog governance model that keeps production data safe from human hands. The rest of this series is a build log: workspaces, RBAC, compute, the networking rabbit hole, the Terraform layout. But every one of those decisions was made in service of a target picture we drew first . This post is that picture — the "to-be" architecture, not the scaffolding we happened to have up on any given week. It's built on three things Databricks basically hands you if you lean into them: the Lakehouse (one store, ACID tables, no separate warehouse to sync), the Medallion architecture (raw → cleaned → integrated → business, each layer a promotion), and Unity Catalog as the single governance plane across all of it. The interesting part isn't reciting those three buzzwords — it's the specific way we wire them so that prod, dev, and analyst sandboxes never step on each other. Three principles, and everything follows Almost every concrete rule later in this series is a consequence of one of these three. 1. Nobody touches production by hand. Create, update, delete in prod data happens only through an automated, code-reviewed pipeline running as a service principal. Human accounts don't get write on prod — not analysts, not engineers, not admins. The blast radius of a bad afternoon is capped at whatever a person can do with read-only. This one principle is why the whole "promote" flow later exists. 2. Never copy production to look at it. If an analyst wants to explore the gold layer, they read it in p

2026-07-02 原文 →
AI 资讯

AGENTS.md Is Not Enough for Safe AI Agent Execution

Overview AGENTS.md is useful. It gives AI coding agents a place to find repo-specific guidance: how to behave what conventions matter what areas need extra caution what kinds of changes should trigger review That is a meaningful improvement over sending an agent into a repo with no instructions at all. But AGENTS.md is not enough. It can tell an agent to be careful. It cannot, by itself, make execution safe, verification trustworthy, or review inspectable. For that, a repository needs more than instructions. It needs: declared safe commands a canonical verification path receipts that show what actually ran That is the difference between agent guidance and execution governance. Instructions Help. They Do Not Govern Execution. An instruction file is still prose. That means it can express intent, but it does not automatically create operational truth. For example, AGENTS.md can say: run the right checks before handoff avoid destructive commands do not edit generated files ask before touching infrastructure Those are good rules. But notice what they leave unresolved: which checks are the right ones which commands are actually safe which paths are protected structurally versus only suggested what should count as evidence that verification happened how to tell whether a failure came from code, setup, or drift That is where many agent workflows still break down. The agent may follow the spirit of the instructions and still take the wrong execution path. Safe Commands Need To Be Explicit One of the biggest gaps in agent-oriented repos is that they often declare guidance without declaring a safe command surface. The repo may tell the agent: Run tests before you finish. But that still leaves a dangerous amount of interpretation. Which task is safe? Is it: npm test pnpm test make check docker compose run test a narrower unit-test path the CI workflow itself And if several exist, which one is canonical for a routine code change? The repo should not force the agent to infer that

2026-07-01 原文 →
AI 资讯

frontier models are becoming cloud procurement

The interesting part of OpenAI and Codex on AWS is not that another cloud menu got more model names. That part is useful. Enterprises want strong models. Developers want Codex closer to their infrastructure, data, and deployment machinery. The interesting part is that frontier AI is being pulled into the same boring machinery that already governs everything else companies run: procurement, IAM, billing commitments, region policy, audit logs, support contracts, data boundaries, and security review. That sounds like paperwork. It is also how enterprise software becomes real. model access was the easy problem For a while, AI adoption was framed as an access problem. Can we call the model? Can we get enough rate limit? Can we wire the SDK into our product? Can the coding assistant see enough of the repo to be useful? Those are real questions. They are not the end of the story. The next set is much more familiar to anyone who has operated software inside a company: which account owns this usage, which data can cross the boundary, who can create agents, which region runs inference, how the bill is allocated, and what evidence exists when an incident involves model output. That is the part where the demo becomes a platform. OpenAI on AWS matters because many companies already have that platform muscle in AWS. They have IAM, billing, private networking, audit trails, procurement paths, compliance evidence, cost allocation tags, and teams whose job is to make all of this survivable. Putting a frontier model behind that machinery does not make the hard parts disappear. It makes them legible. bedrock is a procurement surface Amazon Bedrock is usually described as a managed model service, which is true and also undersells the point. For enterprises, Bedrock is a procurement and control surface. If OpenAI models and Codex are available through Bedrock, a company can route adoption through an existing cloud relationship instead of creating a new vendor path for every team that wa

2026-06-30 原文 →
AI 资讯

AI Governance for Law Firms: What Policy Can't Catch

Where AI incidents in legal actually come from, and what infrastructure (not policy) prevents them. Blake Aber · Predicate Ventures · 2026 The policy layer is table stakes. It isn't enough. When Sullivan & Cromwell apologized to a federal bankruptcy judge in April 2026 for AI hallucinations in a court filing, the firm's apology letter said the firm had policies. Safeguards existed. Those safeguards weren't followed. That framing, "the safeguard existed but wasn't followed," is how a policy failure gets described. But something more specific happened: a hallucination was generated, wasn't caught at generation time, wasn't caught at review time, and made it into a document that got filed. That's not a policy problem. It's an infrastructure problem. The distinction matters because it determines what you build next. What policy can and can't do Policy is a promise made before the event. A well-written AI acceptable-use policy says: don't submit output you haven't reviewed; verify citations before they go into a document; a human must approve anything client-facing. This works when the human executing the task has time, attention, and professional accountability in that moment. It fails when one of those is missing: a deadline, a junior practitioner, a late-night run. Policy can't: Verify a citation at the point of generation Flag output that has drifted below a confidence threshold Stop hallucinated text from appearing in a draft before a human ever sees it Detect when the underlying model is behaving differently than it was in testing Policy can: Set the expectation that review must happen Define who bears accountability when it doesn't Create a paper trail after the fact One of those is prevention. The other is compliance. What infrastructure does instead An AI harness layer operates at the point of generation, not at the point of review. This reflects a broader reality that production AI is mostly harness and very little model . For legal work specifically, three com

2026-06-29 原文 →
AI 资讯

The Ownership Dyad

Why AI programs at PE portfolio companies stall at the same organizational seam, and what to do about it. Blake Aber · Predicate Ventures · 2026 There's a failure mode I've watched play out at enough portfolio companies that I've given it a name: the ownership dyad. It goes like this. The AI program is running. The product manager owns the roadmap (what the AI should do). Engineering owns the deployment (how it does it). Both parties are competent. Both are aligned on the goal. And the AI initiative quietly stalls anyway, usually somewhere between the promising pilot and the production system that was supposed to follow. The mechanism is diffuse accountability at the decision layer. What the dyad looks like in practice In the average portco planning meeting, the PM and the engineering lead sit across from each other. The PM has a change request: "The model is producing summaries that miss the key clause in contracts above a certain length. We should fix this." Engineering hears this and wants to know: is this a prompt change or a model change? Either requires scoping, and scoping requires the PM's input on acceptable behavior. So engineering asks the PM. The PM says "whatever's best technically." Engineering ships a prompt change. The next month, the same issue appears in a different context. The PM brings it back. Neither person is wrong. Neither person is slacking. The problem is structural: there's no single person who can describe (precisely and completely) what the AI should produce, evaluate whether it's producing it correctly, and approve a change to the system without requiring the other party's sign-off. The dyad looks like shared ownership. It functions as diffuse accountability. No one is in charge of the model's behavior. The failure mode at month nine Most portco AI programs that make it through a successful pilot still die quietly around month nine of production. The most common reason is not that the model got worse. It's that the harness around the m

2026-06-29 原文 →
AI 资讯

Article: Virtual panel: Security in the Machine Age: Expert Insights on AI Threat Evolution

This virtual panel brings together AI security experts to examine the evolution of AI-driven threats, from prompt injection and data poisoning to agent abuse and AI-powered social engineering. The discussion explores emerging attack patterns, incident response challenges, and the changes security teams must make as AI systems become more autonomous and integrated into critical workflows. By Claudio Masolo, Elham Arshad, Sabri Allani, Vijay Dilwale, Igor Maljkovic

2026-06-29 原文 →
AI 资讯

AI Is Moving up the Software Lifecycle: From Code Review to PRD Governance

Technology companies are extending AI beyond code generation into earlier stages of the software lifecycle, including PRD validation, design inputs, and code review. Initiatives from Uber, DoorDash, and Cloudflare highlight a shift toward AI-driven governance layers that evaluate engineering artifacts before implementation while preserving human oversight across the development pipeline. By Leela Kumili

2026-06-24 原文 →
AI 资讯

The agent plan had every step except where to stop

I've been running multi-slice agent plans in the Codenames AI repo — Renovate migrations, content-pipeline skills, dependency upgrades. I split multi-PR work into slices (usually one pull request each), each backed by a markdown file with file paths, verification commands, and merge-safe acceptance criteria. You do not need Cursor to recognize the shape: any agent workflow that can open branches, push commits, or merge PRs from a written plan has the same gap. In my setup I paste each slice into a fresh agent chat as a delegation prompt — not a ticket summary, but executable instructions — and start a new chat when that PR is ready. I assumed the checklist was enough. The plan described what to build. I treated how far the agent could go as implicit. Then an agent merged a pull request I expected to review first. The merge that reframed planning The trigger was mundane. During the first slice of a Renovate migration, an agent regrouped dependency buckets in renovate.json — config-only, no version bumps, no runtime behavior. It ran lint and typecheck, opened the pull request, and merged it. The change itself was reasonable. Config-only renovate.json regrouping is exactly the kind of slice you'd want off your plate. What surprised me was the absence of a documented stop line . The migration plan described the edit, the verification commands, and the acceptance criteria. It did not say whether the executing agent should stop at "open PR" or continue to "merge after green checks." The plan was an implementation spec. The agent treated it as permission to finish the job. Implementation specs vs authority handoffs Traditional engineering plans answer: what work should happen, in what order, with what verification? Agent plans increasingly need a second answer: how much autonomy does the next actor get? Those questions diverge the moment an agent can take repository actions — create branches, push commits, open pull requests, merge — instead of only recommending diffs in c

2026-06-19 原文 →