Skip to content
Blog

AI Agent Governance: Guides & Deep Dives

Field notes from engineers running autonomous agents in production. Architecture, security, compliance, and the comparisons that decide buying.

Start here

Four posts that frame the rest.

If you're comparing frameworks or defining a control plane, read these first — the framework comparison, the RAG/.NET comparison, the control-plane definition, and the trust-boundary argument.

Architecture

Architecture.

Trust boundaries, control planes, and how Cordum's pre-dispatch model differs from in-process governance.

GuideAgent SprawlControl Tower

Stopping Agent Sprawl: Why You Need an AI Control Tower in 2026

ServiceNow and Microsoft are tackling 'Agent Sprawl' with AI Control Towers. Learn why discovery, inventory, and shared policy enforcement are the only ways to manage a fragmented agentic estate.

Yaron TalMay 12, 202611 min read
Deep DivePolicyGovernance

5 Decision Types Every AI Agent Needs in Production

The five policy decisions that keep autonomous AI agents safe: allow, deny, require approval, constrain, and remediate.

Yaron TalMay 7, 20269 min read
Deep DiveAI GovernanceControl Plane

AI Governance in Production (2026): Policy-First Control Plane for Autonomous AI Agents

A technical guide to AI governance in production: pre-dispatch policy checks, approval binding, action constraints, output controls, and audit evidence.

Noa AvivMay 5, 202615 min read
Deep DiveKubernetesPlatform Engineering

What Kubernetes Taught Us About Governing Autonomous Systems

The agent governance problem looks like container orchestration in 2015. K8s patterns map directly to what agent fleets need.

Yaron TalMay 4, 202610 min read
Deep DiveMulti-AgentOrchestration

Multi-Agent Orchestration Needs a Control Plane, Not Another Framework

Every framework is adding multi-agent support. None solve governance across agents. When delegated agents take risky actions, you need a control plane.

Yaron TalMay 4, 202611 min read
ReleaseCordumLaunch

Introducing Cordum: The Control Plane for AI Agent Governance

Learn how Cordum adds policy enforcement, approval gates, and SIEM-ready audit trails to AI agent workflows.

Yaron TalMay 1, 20268 min read
Security

Security.

MCP firewalls, prompt-injection containment, attack-vector analyses, and runtime hardening for coding agents.

Deep DiveHardeningSecurity

MCP Firewalls and Runtime Hardening: OpenShell vs. Cordum (2026)

AI agent hardening has moved from prompt injection to 'Code Agency.' Compare OpenShell runtime isolation with Cordum's out-of-process governance and MCP firewalls.

Maya GoldfarbMay 12, 202614 min read
GuideOpenClawCordClaw

How to Secure OpenClaw Agents in Production: Complete Governance Guide (2026)

A complete guide to secure OpenClaw agents in production with deterministic pre-dispatch governance, approval gates, fail-mode controls, and audit evidence.

Maya GoldfarbMay 7, 202620 min read
Deep DiveMCPSecurity

MCP Security Risks (2026): 7 Exploitable Failure Modes and How to Detect Them

A production guide to MCP security risks with attacker preconditions, blast radius scoring, detection queries, and containment runbooks.

Maya GoldfarbMay 4, 202614 min read
Deep DivePolicy as CodeAI Agents

Policy as Code for AI Agents (2026): Rule Design, Simulation Gates, and Safe Rollouts

A production guide to policy as code for AI agents: deterministic decisions, constraints, simulation workflows, rollback strategy, and audit-ready evidence.

Maya GoldfarbMay 3, 202614 min read
Deep DiveSafety KernelAI Agents

LLM Safety Kernel for AI Agents (2026): Deterministic Policy Decisions and Runtime Guardrails

A production guide to building an LLM safety kernel for AI agents: deterministic policy outcomes, approval binding, constraints, and output safety controls.

Maya GoldfarbMay 2, 202613 min read
Deep DiveSecurityGovernance

AI Agent Security Risks Enterprise Teams Miss: Why 74% See an Attack Vector (2026)

A data-driven enterprise guide to AI agent security risks with top-source gap analysis, runtime control matrix, policy code, and rollout tradeoffs.

Maya GoldfarbApr 27, 202616 min read
Compliance

Compliance.

EU AI Act, SOC 2, ISO 42001, audit trails, and the evidence regulated buyers' auditors expect.

GuideAudit TrailCompliance

AI Agent Audit Trails: Compliance Guide for Production Teams

A practical guide to designing immutable AI agent audit trails for compliance, incident response, and governance reviews.

Noa AvivMay 5, 202612 min read
Deep DiveGovernanceMaturity Model

The Agent Governance Maturity Model: Where Does Your Org Stand?

Most companies are at Level 0. Companies shipping agents to production are at Level 3+. A 5-level framework to assess and improve your governance posture.

Noa AvivMay 4, 202610 min read
Deep DiveGovernanceAI Agents

Why 40% of AI Agent Projects Will Fail (and How Governance Prevents It)

Gartner predicts 40% of agentic AI projects will be canceled by 2027. The root cause is not bad models. It is deploying without governance.

Noa AvivApr 28, 202610 min read
Deep DiveAudit TrailAI Agents

AI Agent Audit Trail (2026): Decision-Level Evidence for Autonomous Workflows

A production guide to AI agent audit trails: decision records, approval lineage, policy snapshots, and run timelines you can defend in real audits.

Noa AvivApr 28, 202612 min read
GuideIncident ResponseRunbook

AI Agent Incident Response Runbook: Severity, Triage, and Recovery Steps (2026)

A practical AI agent incident response runbook with severity triggers, first-15-minute checks, and concrete recovery commands.

Noa AvivApr 26, 202612 min read
GuideComplianceSOC 2

AI Agent Compliance Mapping: SOC 2, ISO 27001, NIST AI RMF Runtime Playbook (2026)

Map autonomous AI agent controls to SOC 2, ISO 27001, and NIST AI RMF using runtime evidence contracts and approval integrity checks.

Noa AvivApr 21, 202614 min read
Comparisons

Comparisons.

How Cordum stacks up against IBM watsonx, Microsoft AGT, Temporal, LangGraph, and the agent framework field.

GuideControl PlaneComparison

The 2026 Agentic Control Plane Buying Guide: IBM vs Microsoft vs Cordum

Compare the top AI agent control planes in 2026: IBM watsonx Orchestrate, Microsoft Agent 365, and Cordum. Learn about the 'Control Plane Buying Checklist' including RBAC, SSO, and policy-as-code.

Yaron TalMay 12, 202615 min read
ComparisonComparisonCrewAI

CrewAI vs AutoGen (2026): Which Multi-Agent Framework Should You Ship?

A production-first CrewAI vs AutoGen comparison with migration risk, failure-mode testing, and governance patterns.

Yaron TalMay 8, 202613 min read
ComparisonComparisonTemporal

Temporal vs LangChain (2026): Durable Agent Architecture

Temporal vs LangChain is a layering decision: LangChain for agent logic, Temporal for durable execution, with practical thresholds and tradeoffs.

Yaron TalApr 30, 202612 min read
ComparisonComparisonTemporal

Temporal vs LangGraph (2026): Durable Agent Architecture

Temporal vs LangGraph for production AI agents: durability semantics, failure thresholds, and two-layer architecture patterns with working code.

Yaron TalApr 29, 202613 min read
ComparisonComparisonMCP

MCP vs A2A vs CAP (2026): Protocol Boundaries, Governance Gaps, and a Production Blueprint

A technical comparison of MCP, A2A, and CAP with policy gates, approval flow, and deployment tradeoffs for production autonomous AI agents.

Maya GoldfarbApr 24, 202613 min read
ComparisonComparisonReliability

Temporal vs Cordum (2026): AI Agent Governance Comparison

A practical comparison of Temporal and Cordum for AI agents, with concrete retry semantics, rollback behavior, and governance architecture patterns.

Yaron TalApr 19, 202612 min read
All listed posts

Browse by category.

Filter the editorial set by Guide, Comparison, Deep Dive, or Release. Operational runbooks live under /blog/* but are kept off the index to keep this page scannable.

GuideControl PlaneComparison

The 2026 Agentic Control Plane Buying Guide: IBM vs Microsoft vs Cordum

Compare the top AI agent control planes in 2026: IBM watsonx Orchestrate, Microsoft Agent 365, and Cordum. Learn about the 'Control Plane Buying Checklist' including RBAC, SSO, and policy-as-code.

May 12, 2026 15 min read
GuideAgent SprawlControl Tower

Stopping Agent Sprawl: Why You Need an AI Control Tower in 2026

ServiceNow and Microsoft are tackling 'Agent Sprawl' with AI Control Towers. Learn why discovery, inventory, and shared policy enforcement are the only ways to manage a fragmented agentic estate.

May 12, 2026 11 min read
Deep DiveHardeningSecurity

MCP Firewalls and Runtime Hardening: OpenShell vs. Cordum (2026)

AI agent hardening has moved from prompt injection to 'Code Agency.' Compare OpenShell runtime isolation with Cordum's out-of-process governance and MCP firewalls.

May 12, 2026 14 min read
Deep DiveArchitectureGovernance

In-Process vs Out-of-Process AI Agent Governance: Trust Boundary Matters (2026)

Microsoft AGT, Galileo, and APort run in-process. Cordum runs out-of-process. Why trust boundary separation decides whether your AI agent governance survives compromise — and what regulated buyers' auditors expect.

May 1, 2026 12 min read
Deep DiveDeterministic AIAI Agent Governance

Defining Deterministic AI: Data vs Execution-Layer Control

Learn how data-layer accuracy, model probability, and execution-layer control differ, and why autonomous agents need deterministic governance.

Apr 30, 2026 9 min read
GuideComplianceEU AI Act

AI Agent Compliance: EU AI Act, NIST, and Global Regulations (2026 Guide)

August 2, 2026 is the EU AI Act high-risk deadline. Maps Articles 9, 12, 13, and 14 to specific technical controls for autonomous AI agents. Covers EU, US, Singapore, China, and ISO 42001.

Apr 9, 2026 22 min read
GuideAgentic AIGovernance

Agentic AI Governance: What It Means and How to Implement It (2026)

Agentic AI governance is the control layer for autonomous agents that act, decide, and delegate independently. Learn the architecture, decision model, and implementation patterns.

Apr 9, 2026 14 min read
GuideMulti-AgentGovernance

Multi-Agent System Governance: How to Govern Agent Fleets in Production (2026)

When agents delegate to other agents, governance becomes a fleet problem. Learn how to enforce policies, approvals, and audit trails across multi-agent systems with shared and per-agent rules.

Apr 9, 2026 12 min read
GuideHITLGovernance

What Is Human-in-the-Loop AI? A Clear Guide for Engineering Teams (2026)

Human-in-the-loop AI means a system cannot proceed without explicit human action at defined checkpoints. Learn how HITL works, where it matters, and how to implement it beyond prompt instructions.

Apr 7, 2026 10 min read
GuideControl PlaneArchitecture

What Is an AI Agent Control Plane? Definition and Architecture (2026)

An AI agent control plane is the governance layer that manages policy decisions, approvals, and audit trails across autonomous agent fleets. Learn the architecture and why frameworks alone are not enough.

Apr 7, 2026 11 min read
ComparisonLangChainLlamaIndex

LangChain vs LlamaIndex vs Semantic Kernel: Which Breaks First? (2026)

All three break without governance. 6 production failure modes — retry storms, state loss, approval bypass — mapped per framework with decision criteria.

Apr 7, 2026 18 min read
Deep DiveClaude Code LeakAgent Control Plane

Claude Code Leak Analysis (2026): What 500K+ Lines Reveal About Agent Permissions

Deep analysis of the Claude Code source leak. What the exposed harness reveals about permissions, context governance, and the controls every AI agent team should implement now.

Apr 2, 2026 14 min read
Deep DiveSecurityGovernance

AI Agent Security Risks Enterprise Teams Miss: Why 74% See an Attack Vector (2026)

A data-driven enterprise guide to AI agent security risks with top-source gap analysis, runtime control matrix, policy code, and rollout tradeoffs.

Apr 27, 2026 16 min read
GuideOpenClawCordClaw

How to Secure OpenClaw Agents in Production: Complete Governance Guide (2026)

A complete guide to secure OpenClaw agents in production with deterministic pre-dispatch governance, approval gates, fail-mode controls, and audit evidence.

May 7, 2026 20 min read
Deep DiveGovernanceSecurity

Pre-Dispatch Governance for AI Agents vs Post-Hoc Safety (2026)

A technical comparison of pre-dispatch governance for AI agents and post-hoc safety with real control-plane timing, fail modes, and validation checks.

Apr 23, 2026 10 min read
Deep DiveOrchestrationArchitecture

AI Agent Orchestration Patterns: Cordum Architecture Deep Dive (2026)

A production guide to AI agent orchestration with code-accurate control-plane architecture, reliability guardrails, and rollout runbooks.

Apr 24, 2026 13 min read
Deep DiveSecurityGovernance

Prompt Injection vs Out-of-Process Governance for AI Agents (2026)

A production guide to prompt-injection mitigation for AI agents using out-of-process governance, fail-mode controls, and deterministic action boundaries.

Apr 22, 2026 11 min read
GuideIncident ResponseRunbook

AI Agent Incident Response Runbook: Severity, Triage, and Recovery Steps (2026)

A practical AI agent incident response runbook with severity triggers, first-15-minute checks, and concrete recovery commands.

Apr 26, 2026 12 min read
GuideComplianceSOC 2

AI Agent Compliance Mapping: SOC 2, ISO 27001, NIST AI RMF Runtime Playbook (2026)

Map autonomous AI agent controls to SOC 2, ISO 27001, and NIST AI RMF using runtime evidence contracts and approval integrity checks.

Apr 21, 2026 14 min read
ComparisonComparisonCrewAI

CrewAI vs AutoGen (2026): Which Multi-Agent Framework Should You Ship?

A production-first CrewAI vs AutoGen comparison with migration risk, failure-mode testing, and governance patterns.

May 8, 2026 13 min read
ComparisonComparisonTemporal

Temporal vs LangGraph (2026): Durable Agent Architecture

Temporal vs LangGraph for production AI agents: durability semantics, failure thresholds, and two-layer architecture patterns with working code.

Apr 29, 2026 13 min read
ComparisonComparisonTemporal

Temporal vs LangChain (2026): Durable Agent Architecture

Temporal vs LangChain is a layering decision: LangChain for agent logic, Temporal for durable execution, with practical thresholds and tradeoffs.

Apr 30, 2026 12 min read
GuideObservabilityMonitoring

AI Agent Observability: Monitoring, Debugging, and Auditing Autonomous Agents (2026)

Traditional APM does not work for autonomous agents. Learn the three pillars of AI agent observability: decision tracing, behavioral drift detection, and governance audit trails.

Apr 9, 2026 13 min read
GuideAgent SprawlSecurity

AI Agent Sprawl: Why Ungoverned Agent Fleets Are Your Next Security Crisis (2026)

40% of enterprise apps will embed AI agents by 2026. Most teams have no inventory, no shared policies, and no audit trail across agents. Here is how to get control before sprawl becomes a breach.

Apr 9, 2026 11 min read
Deep DiveMCPSecurity

MCP Security Risks (2026): 7 Exploitable Failure Modes and How to Detect Them

A production guide to MCP security risks with attacker preconditions, blast radius scoring, detection queries, and containment runbooks.

May 4, 2026 14 min read
GuideProductionChecklist

AI Agent Production Deployment Checklist (2026): 20 Controls with Pass/Fail Gates

A production AI agent checklist with 20 controls and pass/fail launch gates, including policy checks, canary thresholds, and rollback drills.

Apr 15, 2026 13 min read
GuideAudit TrailCompliance

AI Agent Audit Trails: Compliance Guide for Production Teams

A practical guide to designing immutable AI agent audit trails for compliance, incident response, and governance reviews.

May 5, 2026 12 min read
GuideOpenClawGovernance

OpenClaw Governance: Add Guardrails in Production

A step-by-step tutorial for adding policy checks, approvals, and audit trails to OpenClaw workflows using an agent control plane.

Apr 1, 2026 11 min read
ReleaseCordumLaunch

Introducing Cordum: The Control Plane for AI Agent Governance

Learn how Cordum adds policy enforcement, approval gates, and SIEM-ready audit trails to AI agent workflows.

May 1, 2026 8 min read
Deep DivePolicyGovernance

5 Decision Types Every AI Agent Needs in Production

The five policy decisions that keep autonomous AI agents safe: allow, deny, require approval, constrain, and remediate.

May 7, 2026 9 min read
Deep DiveKubernetesPlatform Engineering

What Kubernetes Taught Us About Governing Autonomous Systems

The agent governance problem looks like container orchestration in 2015. K8s patterns map directly to what agent fleets need.

May 4, 2026 10 min read
Deep DiveMulti-AgentOrchestration

Multi-Agent Orchestration Needs a Control Plane, Not Another Framework

Every framework is adding multi-agent support. None solve governance across agents. When delegated agents take risky actions, you need a control plane.

May 4, 2026 11 min read
Deep DiveGovernanceMaturity Model

The Agent Governance Maturity Model: Where Does Your Org Stand?

Most companies are at Level 0. Companies shipping agents to production are at Level 3+. A 5-level framework to assess and improve your governance posture.

May 4, 2026 10 min read
GuideCoding AgentsMCP

Why Coding Agents Need a Control Plane

Claude Code, Cursor, and Devin have access to your repos, CI/CD, and secrets. Most teams hope the model behaves. Here is how to add policy enforcement and approval gates.

Apr 24, 2026 11 min read
GuideFinOpsCost Governance

Agent FinOps: How to Stop AI Agents from Burning $10K in Tokens

When AI agents autonomously chain API calls, costs compound faster than dashboards can show. Policy-level budget enforcement evaluates cost before execution.

Apr 18, 2026 11 min read
Deep DiveGovernanceAI Agents

Why 40% of AI Agent Projects Will Fail (and How Governance Prevents It)

Gartner predicts 40% of agentic AI projects will be canceled by 2027. The root cause is not bad models. It is deploying without governance.

Apr 28, 2026 10 min read
ComparisonComparisonMCP

MCP vs A2A vs CAP (2026): Protocol Boundaries, Governance Gaps, and a Production Blueprint

A technical comparison of MCP, A2A, and CAP with policy gates, approval flow, and deployment tradeoffs for production autonomous AI agents.

Apr 24, 2026 13 min read
ComparisonComparisonReliability

Temporal vs Cordum (2026): AI Agent Governance Comparison

A practical comparison of Temporal and Cordum for AI agents, with concrete retry semantics, rollback behavior, and governance architecture patterns.

Apr 19, 2026 12 min read
Deep DiveCAPProtocol

CAP Protocol Capabilities (2026): BusPacket, Safety Decisions, Heartbeats, and Deterministic Rollback

A technical guide to CAP protocol capabilities: typed envelopes, pre-dispatch policy decisions, approval binding, checkpoint heartbeats, and compensation-safe rollback.

Apr 18, 2026 14 min read
GuideMCPGovernance

MCP Governance (2026): Policy Gates for MCP Servers

A production architecture guide for MCP governance with pre-dispatch policy evaluation, approval gates, output safety, and operational SLOs.

Apr 28, 2026 15 min read
ReleaseReleaseAnnouncement

Cordum v0.1.0 Release Notes: AI Agent Governance Control Plane

Technical release notes for Cordum v0.1.0: policy-first AI agent control plane with approvals, constraints, and audit-ready evidence.

Apr 21, 2026 7 min read
GuideGuideProduction

How to Deploy AI Agents in Production (2026): Architecture, Rollout, and Governance Checklist

How to deploy AI agents in production with fewer incidents: architecture choices, phased rollout, policy gates, monitoring baselines, and rollback drills.

Apr 25, 2026 14 min read
GuideMCPArchitecture

Model Context Protocol (MCP) Guide (2026): Architecture, Wire Flow, and Migration Plan

A practical MCP guide for production teams: architecture, JSON-RPC message flow, MCP vs function calling, and migration steps with tradeoffs.

Apr 16, 2026 16 min read
ComparisonComparisonAI Frameworks

Best AI Agent Frameworks 2026: LangChain, CrewAI, AutoGen

Compare LangChain, CrewAI, AutoGen, LlamaIndex, and Semantic Kernel by use case, failure mode, governance gap, durability, and audit readiness.

Apr 16, 2026 22 min read
GuideBest PracticesGovernance

Human-in-the-Loop AI: 5 Patterns That Actually Work in Production

Five production human-in-the-loop patterns for AI agents: approval gates, exception escalation, graduated autonomy, sampled audit, and output review.

Apr 23, 2026 16 min read
GuideSecurityAI Agents

AI Agent Security Best Practices: 12 Production Controls (2026 Guide)

12 AI agent security controls that actually work in production. Covers pre-dispatch policy gates, least-privilege scoping, output quarantine, credential rotation, and validation runbooks with code.

Apr 23, 2026 12 min read
Deep DiveAI GovernanceControl Plane

AI Governance in Production (2026): Policy-First Control Plane for Autonomous AI Agents

A technical guide to AI governance in production: pre-dispatch policy checks, approval binding, action constraints, output controls, and audit evidence.

May 5, 2026 15 min read
Deep DivePolicy as CodeAI Agents

Policy as Code for AI Agents (2026): Rule Design, Simulation Gates, and Safe Rollouts

A production guide to policy as code for AI agents: deterministic decisions, constraints, simulation workflows, rollback strategy, and audit-ready evidence.

May 3, 2026 14 min read
Deep DiveApprovalsAI Agents

How to Add Approval Gates to AI Agents: A Step-by-Step Production Guide

Practical guide to AI agent approval workflows with pre-dispatch policy checks, risk-tier routing, Slack and email approvals, idempotency, and audit-ready evidence.

Apr 18, 2026 14 min read
Deep DiveSafety KernelAI Agents

LLM Safety Kernel for AI Agents (2026): Deterministic Policy Decisions and Runtime Guardrails

A production guide to building an LLM safety kernel for AI agents: deterministic policy outcomes, approval binding, constraints, and output safety controls.

May 2, 2026 13 min read
Deep DiveAudit TrailAI Agents

AI Agent Audit Trail (2026): Decision-Level Evidence for Autonomous Workflows

A production guide to AI agent audit trails: decision records, approval lineage, policy snapshots, and run timelines you can defend in real audits.

Apr 28, 2026 12 min read
Deep DiveWorkflow OrchestrationAI Agents

AI Workflow Orchestration (2026): Governance + Reliability

A production guide to orchestrating autonomous AI workflows with explicit DAGs, retry contracts, approval gates, and auditable run timelines.

Apr 22, 2026 13 min read

Ready to govern your AI agents?

Cordum enforces policy before dispatch, requires approvals where risk demands it, and records a complete audit trail.