AI governance & assurance

Defend your AI to the board.

Your teams want AI everywhere. Your board wants proof it's safe. Governed enforces the access controls you already trust before any model sees your data, and turns every AI decision into board-ready evidence.

  • AI sees only what each person is cleared to see
  • Restricted data never reaches the model
  • Every decision is provable, on demand
  • Works with the AI you already chose
AI Decision · Assurance Record✓ AUDIT-READY

Natural-language question from a sales VP.

Resolved to her Salesforce identity; only her permissions apply.

Object, record, and field checks. Live, never cached.

Amount and SSN removed before the prompt was built.

Written to an append-only ledger. Replayable on demand.

Replayable for audit, board, or regulator
actor
jane.smith@acme
enforce
object · record · field
stripped
Amount, SSN__c
model
claude-sonnet-4-6
tier
native_user_session
hash
9f2c…a71b
status
VERIFIED
Salesforce · in productionSOC 2 Type I · in progress3 provisional patentsModel-agnostic
Built for your engineers, too →

Platform

One governed control plane.

Permissions enforced before the model, every action on the record, across the systems you already run.

live governed request
Identity mapped · Jane Smith
Permissions enforced
2 restricted fields withheld
Answer generated
Evidence recorded ·VERIFIED

replayable from the ledger

Strip, don't mask

Restricted data is removed before the prompt exists. Not hidden. Gone.

Enforced before the model

Object, record, and field permissions. Live, never cached.

Deploy anywhere

SlackTeamsSalesforceSDK

Model-agnostic

ClaudeGPTGeminiyour own

Trusted, and honest about it

Salesforce · in productionSOC 2 Type I · in progress3 provisional patentsGAR · open spec

ServiceNow & SAP in design-partner co-development.

The defensible moat

Most AI masks. AIGIS strips.

Masking hides the value of a restricted field. Stripping removes the field entirely. The difference matters because a model that can see a field name can still reason about it, reference it, and surface it in a response.

Industry default

Masking

What the LLM sees:

  • Account.NameAcme Corp
  • Account.AnnualRevenue[MASKED]
  • Contact.SSN__c[MASKED]
  • Account.OwnerJ. Smith

The model still knows SSN__c and AnnualRevenue exist. It can reference those field names, draw inferences from their presence, and include them in its response.

AIGIS approach

Stripping

What the LLM sees:

  • Account.NameAcme Corp
  • Account.OwnerJ. Smith
  • restricted fields are never sent to the model

The model has no way to know SSN__c exists. The field is removed before the prompt is built, so there is nothing to reference, infer, or accidentally surface in a response.

For the technically curious: Salesforce Agentforce honors object and field-level security at query time. AIGIS adds a second layer that removes fields from the prompt context before the LLM ever sees them, so model output cannot leak structural metadata. Both approaches enforce permissions. Only one enforces them on the model itself.

How it works

A governed request, start to finish.

Every request runs the same governed path before anything is read, written, or sent to a model. Here's what one looks like.

governed.dev/console · governed run
RequestEnforceGenerateEvidence

Live governed request

Map identity
Jane Smith · Sales · only what she can access
Enforce permissions
object, record, and field, live, never cached
Withhold restricted fields2 withheld
Amount and SSN removed before the prompt
Generate
answer synthesized over permitted data only
Record evidence AUDIT-READY
Assurance Record · per-user tier
Governed answer · evidence attached
Renewals at risk
$4.2M
Accounts surfaced
18
Fields withheld
2
Enforcement
per-user
every step above is replayable from the ledger

Enforced before the model

Object, record & field permissions
Strip inaccessible fields before the prompt
Human approval for writes

Setup paths

Hosted, hybrid, or customer-hosted from the same governed product.

AIGIS is isolated by design. Teams can choose a paid managed launch, move the data-touching runtime into their own cloud, or run the governed data plane fully inside their boundary.

Paid activation

AIGIS-hosted

Request an AIGIS-hosted activation; runtime work starts only after paid approval.

  • Paid commercial activation first
  • BYO production model keys
  • Runtime provisioned after approval
Apply for hosted deployment

Paid hybrid activation

Hybrid

Request a hybrid activation; Governed operates the experience while your sensitive data plane runs in your cloud.

  • Customer-hosted MCP runtime
  • BYO production model keys
  • Optional audit replication
Plan hybrid setup

Paid private activation

Customer-hosted

Request a customer-hosted activation; your team runs the full governed data plane in your environment.

  • Dedicated runtime boundary
  • Customer-managed database and audit store
  • Deployment kit and upgrade path
Scope customer-hosted setup

For your engineers

Built for your engineers, too.

A few lines to govern any AI call. Object, record, and field permissions enforced, restricted fields stripped, and an evidence record emitted, automatically.

from governed import Governed

gv = Governed(api_key="gv_live_…")

answer = gv.query(
    "which renewals are at risk this quarter",
    as_user="j.smith@acme",   # enforced as this user
)
# → permissions enforced · 2 fields stripped · evidence record emitted
GAR · evidence record
actor
j.smith@acme
enforce
object · record · field
stripped
Amount, SSN__c
model
claude-sonnet-4-6
tier
native_user_session
hash
9f2c…a71b
status
VERIFIED

Trust

Credible, and honest about what's real.

No invented logos, no overstated certifications. Here is exactly where we stand, and where to verify it.

SOC 2 Type I · in progress

Audit initiated. Not yet complete.

Salesforce · in production

Real 3-tier enforcement: object, field, and record level.

ServiceNow & SAP · design-partner co-development

Active co-development. Enforcement asymmetry is disclosed on every pitch.

Model-agnostic · bring your own key

Claude, GPT, Gemini, open-source, or self-hosted. No lock-in.

3 provisional patents

Filed on permission-provenance enforcement mechanisms.

GAR · open-spec candidate

Governed Audit Record v1 — an auditor-grade provenance format for enterprise AI.

We disclose our enforcement asymmetry on every page: Salesforce enforcement is production-grade today; ServiceNow and SAP are active design-partner co-development. You will always know exactly what is enforced where.

Next step

Put one governed workflow under review.

Use a Salesforce-first governance review to inspect the permission path, the provenance ledger, and the current ServiceNow and SAP design-partner boundaries.

Governed | AI Control Plane for the Headless Enterprise