AI Governance
AI Pilot provides enterprise AI governance across access, cost, safety, and data protection controls.
Recommended reading path
| Topic | Purpose | Link |
|---|---|---|
| AI Pilot overview | Architecture and flow | Control Core AI Pilot |
| Capability matrix | CRDs vs ext_proc vs PBAC | Capability matrix |
| Per-bouncer operations | Configure LLM/cost/safety by bouncer | AI Pilot |
| Prompt control model | Enterprise prompt security controls and actions | Prompt Security Controls |
| Incident handling | Failure patterns and fixes | AI Pilot Troubleshooting |
Governance model visual
Click to enlarge
Multi-framework agent governance
Control Core provides unified authorization for AI agents regardless of the orchestration framework. Whether agents are deployed through Salesforce Agentforce, Microsoft Azure AI Foundry, custom LangChain pipelines, or any other platform, the Bouncer intercepts and normalizes agent context into a single x-controlcore-agent-context header.
Click to enlarge
The Bouncer remains framework-agnostic — it forwards all vendor-specific headers into OPA input generically. Controls authored in the Control Plane determine what each agent framework may access, which capabilities are permitted, and what data classification restrictions apply. This means you can enforce consistent governance across heterogeneous agent ecosystems without maintaining separate control sets per vendor.
What enterprises typically configure
- Model access restrictions by role/environment
- Token-aware budgets and fallback routing
- Prompt injection/jailbreak/exfiltration controls
- PII and secret redaction policies
- Exception handling with allowlists and trusted domains
- Agent capability restrictions per framework and identity
- Cross-framework data classification enforcement
- Temporal access windows for autonomous agents