A chatbot invents a refund policy and a tribunal holds you to it. A voice agent quietly runs on a model you'd never clear for public work. Something goes wrong — and there's no record of why. We put a governance layer in front of your AI: every use case classified, gated, decided by a human, and documented.
● 24–48 hour brief · no pitch deck · no commitment
The technology works. That's the problem — it acts. When an AI agent talks to your customers, your residents, or your staff with no governance layer in front of it, these are the failure modes that show up in the headlines and the lawsuits.
A support chatbot states a policy you never offered. Courts and tribunals have already ruled the organization is bound by what its bot said.
Hidden instructions buried in a user message, an email, or a document override the system prompt — and the agent leaks data or takes an action no one authorized.
PII and privileged records flow into a third-party model that retains them. You can't recall it, and you may not even know it left.
The agent is quietly running on a foreign-adversary model. For public-sector and regulated work that's a hard stop — and most teams don't check.
When it goes wrong, there's no trail: no record of what the AI was allowed to do, who approved it, or why it decided what it did. You can't answer the auditor.
An agent meant to draft starts deciding — eligibility, pricing, who gets a service — with no human in the loop and no one who chose to let it.
We don't slow your AI down — we put a thin, inspectable layer in front of it. Each use case runs the same path. The engine does the sorting and the paperwork; the call stays with a person.
Sort the use case into a risk tier from its purpose, data, and who it touches — mapped to a recognized risk framework, not a gut feel.
Run it through policy checks: foreign-model hard stop, data-residency, human-handoff, retention. Anything unresolved becomes a question, not a silent pass.
Approve, approve-with-conditions, or hold for review. High-risk and rights-affecting use cases are routed up to a person — never settled at the tooling layer.
Every run produces a decision card and an audit trail: the tier, the gates, the conditions, the authorities cited, and who signed off.
The gates aren't a slideshow of principles — they're concrete checks the engine applies to every use case, mapped to the authorities your reviewers and auditors already answer to.
A foreign-adversary model anywhere in the path stops the use case cold. Aligned with Virginia EO 46, grounded in the federal 15 CFR 7.4 adversary-nation list — the check most teams skip.
Each classification and gate maps to the Govern / Map / Measure / Manage functions, so the output speaks the framework your stakeholders expect.
For public-sector work, tiers align with Virginia's enterprise risk model (VITA EA-225) and the relevant executive orders — cited inline, not assumed.
Rights-affecting and high-risk use cases require a documented human decision before production. No autonomous sign-off.
Every stage is persisted — inputs, gates, conditions, escalation, sign-off — so the record exists before the question is ever asked.
Data sensitivity and model provenance are first-class inputs. The method is model-agnostic; for regulated and public-sector work it runs on US-domiciled, open-weight models on GovCloud-eligible infrastructure — no foreign-adversary models, scoped to the deployment we configure with you.
Tell us where your AI is running today. We run up to three of your real use cases through the governance layer and send back a plain-English brief — what passes, what holds, and what you'd want to fix before an auditor or a customer finds it first.
The method is public. The governance framework these gates are built on is open for review on GitHub — read it before you ever talk to us.
github.com/Obsidian757/ai-governance-framework →
Illustrative output. A method and framework, openly documented — not a certified product.
No obligation — the brief stands on its own. If you want to act on it, there's a clear path, sized to where you are.
A full pass across your AI use cases — every one classified, gated, and documented, with a prioritized remediation plan and decision cards you can hand to leadership or an auditor.
A workshop with your team to stand the governance layer up inside your own process — intake, gates, and the human-decision checkpoint, mapped to NIST AI RMF.
Recurring review as you ship new AI — each use case governed before it goes live, with an audit trail that stays current for the next audit or board question.
No pitch deck. No commitment. Tell us what you're running and we'll send back where you stand.