Lesson 12 / 12
Governing AI across tenants
Governed AI is human-in-the-loop, and at org scale the governance has to be consistent across every tenant. Key points:
- Every model call and every tool an agent touches routes through the governed gateway. Per-tool authorization is checked against policy and is closed by default: no matching allow rule means no action.
- Sensitive actions pause for a person. The agent proposes, a reviewer in an approval inbox decides, and the approval lands in the audit trail. Nothing irreversible runs unattended.
- Each agent gets scoped credentials held in a secrets store, and usage is metered per tenant and per caller. At org scale this is what makes AI spend attributable and AI authority bounded, tenant by tenant.