Kyndryl, which is the leading global provider of mission-critical enterprise technology services, announced the launch of its policy-as-code offering for governing agentic AI workflows to help remove barriers to the widespread deployment of large-scale AI agents in highly regulated industries and complex environments. This is a major leap forward in addressing one of the largest challenges currently faced by the burgeoning AI Agents market: trust, compliance, and control operations.
Agentic AI autonomous, decision-capable artificial intelligence agents that can perform multi-step tasks without constant human intervention are proving to be increasingly popular with enterprises aiming to increase efficiency, automate processes, and produce actionable results. However, apprehensions regarding security, compliance, and predictability have slowed down their adoption in sectors such as finance, services, supply chain, healthcare, and so on. In Kyndryl’s research, 31% of customers have mentioned that their apprehension is regulatory or compliance.
Policy as Code: A New Trust Layer for Enterprise AI
Kyndryl’s new policy-as-code capability translates organizational rules, operational controls and regulatory requirements into machine-readable policies that govern how AI agents execute workflows within an enterprise environment. Embedded within the Kyndryl Agentic AI Framework, the policy layer provides deterministic execution meaning agents are restricted to pre-defined, approved actions minimizing risk and improving auditability.
The key features highlighted are:
- Deterministic Execution: The AI agent operation is restricted only to the tasks and decisions that are allowed within the policies that have been previously defined.
- Guardrails against hallucinations: The system establishes controls to prohibit any surprising behaviors the agent may realize and attempt to perform beyond its allowed range of behaviors.
- Audit by design transparency: Every action performed by an AI agent can be traced and explained, helping auditors to monitor such activities.
- Human supervision dashboards: Through this, the system ensures operators can supervise human actions, thus ensuring the oversight role of human operators is maintained.
“Kyndryl’s policy as code capability overcomes limitations of conventional AI agent controls and provides the structure customers need as they adopt agentic AI solutions,” said Ismail Amla, Senior Vice President, Kyndryl Consult. “By embedding and codifying business and regulatory requirements directly into AI agent operations, we can help customers execute AI workflows that are governed, transparent, explainable and aligned with their organizational requirements.”
Why This Matters for the AI Agents Industry
Agentic AI has rapidly moved from research labs and pilot programs into serious enterprise consideration. Unlike traditional generative AI tools which mainly provide text or image output agentic systems can act, interfacing with internal systems, executing transactions, making decisions based on logic and data, and orchestrating downstream tasks. However, that autonomy introduces new classes of operational risk, including unexpected decision paths, compliance violations and systemic failures.
This is exactly where a governance structure like Kyndryl’s is important, as it is capable of helping enterprises deal with this kind of complexity. This is because it enables detailed policies to be enforced automatically, ensuring that enterprises can implement AI agents knowing very well that their operations are consistent with any regulatory requirements – a requirement that is critical for sectors such as finance and health, where breaches can attract huge fines.
Such a development is also consistent with broader trends within the industry. As organizations start to move from the proof of concept phases for the use of agentic AI systems into full-scale production usage of the technology, governance, audit, and overall oversight of the use of such systems are being viewed not as nice-to-have, but as must-have aspects of the overall ROI potential for the technology. In fact, there are indications within the broader industry trends that failings in the overall governance models for the use of AI agents are leading many projects to be scrapped due to cost concerns as well as the overall ROI unknown. Gartner is indicating that as many as one in five agentic AI projects will fail without appropriate control.
Also Read: BotGauge AI Raises $2M for Autonomous QA at Engineering Speed
Business Impact and Strategic Implications
For Enterprises:
Kyndryl’s solution offers businesses the hands-on resources to incorporate governance into agentic AI systems on day one, minimizing dependence on manual processes and ad hoc oversight. This not only enhances the compliance position but also speeds digital business, expediting decision making, and has the potential to materially lower business costs. Audit-ready systems also allow businesses to strengthen their approach to managing risks, which is an ever-more important differentiator in an increasingly heavily regulated environment.
For the AI Ecosystem:
The entry of Kyndryl in the agentic AI governance domain reflects the maturity of the industry. The initial discussion was around the need for a more intelligent agent, and now the conversation is changing towards the safe scaling of AI. Policy-as-code is expected to form the base layer of all AIOps platforms, just like CI/CD and DevOps have become the norm for the cloud infrastructure space during the last decade.
For Regulators and Policymakers:
By embedding compliance into the technology, organizations can more easily prove their adherence to, for example, data privacy requirements, financial reporting requirements, or industry-specific regulations. The trend towards embedding compliance into technology has the potential to inform emerging regulations around AI because it shows one way of achieving governance of AI technologies with business operations.
