Skip to content
Home/Resources
Resources

Guides, research and insights on AI and data governance.

Perspectives and clear definitions on semantic governance, governed RAG, agent governance and AI compliance.

Artifacts

Kynexa artifacts.

Architecture and security materials for technical and procurement review - available on request.

Architecture brief

On request

How the control plane deploys single-tenant and keeps data at source.

View architecture

Security overview

On request

Security architecture, controls and the posture monitoring summary.

Visit Trust Center

Reference architecture

On request

Reference diagrams for governed RAG and the LLM gateway.

View reference

Governed RAG guide

On request

How policy-aware retrieval and context assembly work end to end.

Read more

Agent governance checklist

On request

What to govern before putting agents into production.

Read more

Security package

On request

SOC 2 documentation and an architecture overview.

Request package
From the blog

Pillar-and-spoke thinking.

Blog

From audit trail to compliance evidence: ISO 42001 and the NIST AI RMF

Standards like ISO 42001 and the NIST AI RMF ask you to demonstrate control over AI, not just claim it. Demonstration needs evidence, and the audit trail is where that evidence comes from.

Blog

AI BOM: a bill of materials for every AI interaction

Software has a bill of materials. AI needs one too: a record of the models, data, and tools that went into a system and into each interaction. Here is what an AI BOM is and why the audit trail is where it comes from.

Blog

Why your application logs are not an AI audit trail

Your systems already log plenty. So why can you still not reconstruct what an AI did and why? Because application logs answer a different question, in a different shape, in a different place.

Blog

The AI audit trail: what enterprise AI needs to record, and why it is different

When an AI system makes a decision, can you reconstruct what happened and why? An AI audit trail is the structured record that makes the answer yes. It is not the same thing as an application log.

Blog

What to log on every MCP tool call, and why

Tool calls are where agents act on the world, so the record of tool calls is the record of what your AI actually did. Here is exactly what to capture, and why each field matters when something goes wrong.

Blog

Scoped credentials: least privilege for agent tool calls

A tool with broad credentials hands its full power to any agent that can call it. Scoping credentials and parameters to the approved purpose is how you stop an agent from borrowing access it was never meant to have.

Blog

Building an approved MCP server and tool registry

You cannot govern tools you cannot see. An approved registry of MCP servers and tools is the inventory that everything else in tool governance depends on. Here is what belongs in it.

Blog

MCP governance: giving agents tools without giving up control

The Model Context Protocol lets agents discover and call tools across your enterprise. That is exactly what makes agents useful, and exactly what expands the control surface. Here is how to govern it.

Blog

Human-in-the-loop approvals for high-impact agent actions

Not every agent action should be allowed automatically, and not every risky one should be blocked. For high-impact actions, the right control is often a human approval in the path. Here is how to design that well.

Blog

The hand-off problem: governing what one agent passes to another

When one agent hands work to another, it usually hands over context too. That context can carry data the receiving agent was never meant to use. The hand-off is the moment most multi-agent systems leak.

Blog

Agent identity: why every agent needs an owner, a purpose, and a lifecycle

You cannot govern what you cannot name. Treating each agent as an identity with an owner, a purpose, and a lifecycle is the unglamorous foundation that makes everything else in agent governance possible.

Blog

Agent governance: a practical guide to controlling autonomous AI in the enterprise

An AI agent does not just answer questions. It takes actions, calls tools, and hands work to other agents. Each of those moments is a place control can slip. Agent governance is how you keep it.

Blog

Citations and lineage: how to make a RAG answer you can defend

A confident answer with no sources is a liability. Citations and lineage turn a RAG response into something a user can verify and an auditor can reconstruct.

Blog

Chunk-level sensitivity: why RAG governance has to start at ingestion

You cannot govern at retrieval what you failed to understand at ingestion. Classifying sensitivity at the chunk level is the quiet foundation that makes governed RAG possible.

Blog

Relevance is not permission: the assumption that makes RAG leak

A vector database ranks chunks by how relevant they are to a question. It has no idea whether the person asking is allowed to see them. That single gap is where most RAG leaks begin.

Blog

Governed RAG: how to put retrieval-augmented generation into production without leaking your own data

Retrieval-augmented generation is the quickest way to get value from your own data and the quickest way to expose it. Governed RAG closes that gap by applying policy to retrieval and context assembly. Here is the full picture.

Blog

From deadline to durability: governing AI when the rules keep changing

AI regulation keeps shifting including EU AI Act timelines. Why durable, regulation-agnostic governance beats chasing a single enforcement date.

Blog

One control plane vs platform-native governance

Platform-native governance is strong inside its own estate but stops at the boundary. Why a neutral control plane fits a heterogeneous AI stack.

Blog

Govern before AI reasons: why output guardrails break at scale

Output guardrails act after the model has already reasoned. Here's why that's fragile at enterprise scale and what governing before reasoning looks like.

Blog

Agent memory is your next governance gap

AI agents remember across turns, sessions and users. Most teams don't govern what's retained or recalled. Why memory is a first-class governance object.

Blog

What a CISO should ask before approving an enterprise AI assistant

A practical checklist for security leaders evaluating an internal AI assistant or copilot: access, inference, memory, audit and shadow AI.

Blog

Governed RAG: a reference pattern for putting retrieval into production

A practical pattern for production RAG: policy-aware retrieval, redaction, citations and lineage, so answers respect role, intent and sensitivity.

Blog

Semantic leakage: the AI risk your DLP can't see

AI can reveal sensitive information through inference: surfacing a restricted conclusion with no restricted file ever accessed. Why file-level controls miss it.

Blog

Why most enterprise AI pilots stall (and why it's a context problem, not a model problem)

About 95% of enterprise GenAI pilots never reach measurable impact. The cause is usually the context and governance gap, not the model.

All posts
Get started

See Kynexa govern your AI — in 30 minutes.

Bring a real use case. We'll show governed retrieval, reasoning and audit on your stack.