In this pillar
Field notes
5 posts · one defensible answer per question.
cornerstone · AI Governance & EvidenceWhat a Governed Control Plane Actually Looks LikeAn AI control plane decides what your AI systems may do, routes their requests, and records what happened. A governed one adds machine-readable capability declaration, regulatory classification, and verifiable evidence.spoke · AI Governance & EvidenceTamper-Evident Audit Logs: Why Signed Beats LoggedA tamper-evident audit log proves it has not been altered instead of asking you to trust it. How a hash chain makes tampering detectable, what an ed25519 signature adds, and why 'verify it yourself' beats 'trust our logs'.spoke · AI Governance & EvidenceAI Capability Declaration: A Manifest Your Build Can CheckAI capability declaration is a machine-readable manifest of what each agent, tool, and model may do — its inputs, outputs, permissions, and the data it touches. Why prose policy drifts, how a declared manifest fails the build instead, and how it composes with MCP.spoke · AI Governance & EvidenceClassifying AI Systems Under the EU AI ActThe EU AI Act sorts AI systems into four risk tiers — unacceptable, high, limited, and minimal — and the obligations follow the tier. What the tiers are, how a system gets classified by its use, and why classification should be a property of the system rather than a spreadsheet.spoke · AI Governance & EvidenceSigned Deploys: Proving Your Supply Chain Instead of Trusting ItSoftware supply chain security means verifying the artifact you ship and how it was built — not trusting the pipeline. Here is how, with a worked example.
The teardown, in your inbox