Start with the action your buyer worries about.
Do not start with a governance program. Start with the first action that would delay rollout or procurement: release a payment, submit prior auth, update a claim, write client data, change a case, message a customer, or touch production.
What to govern first
The sale stalls on one concrete question: what stops the agent from doing the wrong thing? Wrap the agent once, return allow, review, or deny, then show the decision record.
01
Choose the action
Payment, prior auth, claim, export
02
Set the outcome
Allow safe, review risky, deny forbidden
03
Show the record
actor, policy, verdict, approver
Where the pull is strongest
The strongest commercial pull is not generic agent safety. It is startups and vendors selling agents into workflows where a buyer already asks for policy, approval, and evidence before production.
Buyer shape
Agentic payments and banking
First risky workflow
Release a payment, refund, payout, or transfer
Buyer asks
Show the approval record before money moved.
Buyer shape
Lending and wealth platforms
First risky workflow
Update borrower, advisor, client, or MCP-mediated account data
Buyer asks
Which tenant or firm policy allowed this write?
Buyer shape
Prior-auth and claims vendors
First risky workflow
Submit payer request, update claim, or send appeal
Buyer asks
Can we audit the PHI or payer action before scale?
Buyer shape
Insurance workflow vendors
First risky workflow
Triage submission, send carrier message, or update claim
Buyer asks
What record satisfies carrier or security review?
Buyer shape
Voice and CX agents
First risky workflow
Issue refund, apply credit, update record, or trigger workflow
Buyer asks
Which customer-facing actions wait for review?
Buyer shape
Public sector and regulated SaaS
First risky workflow
Update case, change procurement, export CUI, or send agency message
Buyer asks
What record can continuous monitoring inspect?
Regulated industries
Stripe refunds, Modern Treasury ACH/wires, Plaid data access, invoice approval, treasury ops, and trading or rebalancing actions need authorization before money moves.
Epic, Cerner, FHIR, and EHR-style workflows need PHI boundaries, minimum-necessary access, and clinical human review before healthcare agents act.
Guidewire, Duck Creek, and Salesforce insurance workflows need claims payout thresholds, underwriting authorization, SIU escalation, and medical-record access controls.
European companies deploying regulated AI agents need operational evidence for Article 14 human oversight, Article 12 logs, and deployer controls.
Case updates, benefits workflows, procurement actions, and CUI-touching agents need tool-call evidence for agency security review and continuous monitoring.
SSO is identity. Enterprise AI governance needs tenant isolation, governed tool calls, SOC 2/GDPR decision records, and review paths.
Agent types
Enforce attorney-client privilege boundaries, restrict document access by matter, and block confidential case disclosures.
Govern swap limits, bridge protocols, liquidity caps, and approvals for high-value on-chain actions before they become irreversible.
Constrain navigation, form submission, downloads, and cross-domain movement before browser agents act.
Gate shell commands, deploy steps, and infrastructure writes before production state changes.
Evaluate SQL intent, row scope, and PII exposure before the query or export leaves the governed path.
Limit what support agents can read and write, require escalation for refunds above thresholds, and block unauthorized account changes.
Stop unauthorized discounts, CRM writes, and proposal promises before they reach a customer.
Limit source access, enforce citation requirements, and block extraction or storage outside permitted research scope.
Cap refunds and discounts, gate inventory writes, and block store credit or order overrides outside policy.
Restrict access to employee PII, enforce role boundaries on hiring and termination actions, and require human approval for compensation changes.
Hold paid-spend changes, audience exports, and campaign sends until policy or a reviewer allows them.
Protect FERPA-covered records, restrict grade writes, and keep AI tutors inside teacher-defined curriculum and tool scopes.
Cap listing edits, gate price changes, and prevent agents from sending contracts or scheduling closings without human approval.
Cap purchase-order value, restrict vendor onboarding, and require approval for shipment reroutes or contract amendments.
Gate MES and SCADA writes, restrict production-line parameter changes, and require sign-off for batch release actions.
Restrict CPNI exposure, cap provisioning changes, and gate any governed tool call that touches network configuration or customer billing.
Protected actions
Runtime authorization for issuing refunds: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for releasing payments: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for sending wires: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for sending crypto transfers: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for placing trades: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for creating purchase orders: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for changing vendor bank details: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for approving invoices: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for running SQL queries: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for exporting customer data: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for sending customer emails: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for updating CRM records: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for deploying to production: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for running shell commands: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for deleting files: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for closing support tickets: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for writing EHR records: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for paying claims: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for making underwriting decisions: policy checks, approval thresholds, and decision records before the agent acts.
Runtime authorization for changing compensation: policy checks, approval thresholds, and decision records before the agent acts.
Related resources
Put one high-risk workflow under control.