AI governance — from credential to codebase
Board policy as a YAML file the risk team owns. Annexure VI as a database query. Every governance recommendation rendered as a file path in a Go repository.
Archive
103 posts · Page 5 of 9. ← Blog
Agentic security in production — the operations playbook
Twelve months of running multi-agent AI in a regulated context. SLIs that matter, the incident runbook, drift detection, continuous adversarial testing, secret rotation, compliance posture as code.
Annexure VI as a query
The RBI FREE-AI incident reporting form, expressed as a Go struct and a Postgres table. Every entry is an auto-generated artefact from the runtime — not a form an operator fills in retrospectively.
RBI FREE-AI implementation notes — 26 recommendations to file paths
Every one of the 26 RBI FREE-AI recommendations, mapped to a specific file in a working multi-agent platform. What's ✅ done, what's 🟡 partial, what's ⚪ honest gap.
Why Go for production agentic AI
Stdlib over libraries, single binary over framework, fail-closed defaults over forgiveness. The boring-on-purpose case for choosing Go to ship a multi-agent system into a regulated environment.
BCP for AI — forced-failure drills
Fallback agents plus a CI step that replaces the primary agent with one that always errors. If the fallback doesn't produce a usable answer, the PR can't merge.
Sovereign AI is a policy, not a slide
Classification → provider allowlist. A pii-classified message can only reach a provider whose region is in the allowlist for pii. Sovereignty as a runtime gate, not a checkbox.
NPCI rail routing with human-in-the-loop
UPI, IMPS, NEFT, RTGS — which rail to use depends on amount, urgency, window, success-rate history. A deterministic chooser with a HITL gate above ₹2 lakh.
Policy as code, without the risk team having to ship code
A tiny CEL-style DSL plus a board-approved YAML file. The risk team adds a governance rule by editing a config file; engineering ships the rule by restarting the service.
Deterministic KYC, the LLM just talks
PAN check-digit validation, Aadhaar offline KYC, DigiLocker, PEP/sanctions — all in Go code, not in a prompt. The LLM's job is to translate the verdict into something a human can read.
Production agentic AI on Kubernetes — Ch 9 patterns vs reality
Field notes from running multi-agent AI on K8s. The patterns the book recommends, the ones that survived contact with production, and the ones that broke in interesting ways.
Agentic architecture on MARA — the seven load-bearing pieces
Microsoft's Multi-Agent Reference Architecture in Go. Protocol, registry, bus, governance, orchestration, observability, evaluation — and how the seven hold each other up.