Skip to content
Cordum
Cordum
Solution

AI Agent Governance for Regulated Industries

Out-of-process control plane for financial services, healthcare, and public sector. Trust boundary separation auditors expect — evidence ready for SOC2, EU AI Act, HIPAA, and PCI-DSS.

Regulated industry auditors increasingly expect the policy decision to live outside the workload's trust boundary. The same logic auditors apply to your secrets manager (out-of-process) and your KMS (out-of-process) extends to AI agent governance.

Cordum's Safety Kernel runs as a separate gRPC service behind mTLS — the policy decision is rendered outside the agent's process, signed by an independent identity, logged in a store the agent cannot reach. Compromise of the agent does not compromise the audit trail.

This is the architecture financial services, healthcare, and public-sector buyers need to clear an audit. Most products in the new agent governance category — Microsoft AGT, Galileo Agent Control, APort, Guild.ai — run in-process and cannot deliver this property by construction. See the architectural deep dive.

Built for these verticals

Financial services

Transaction-limit policy, multi-party approval, regulatory reporting, audit-evidence shipping for SOC2, PCI-DSS, and SOX. CyberArk-style PAM principles applied to autonomous agents touching trading, payments, and customer data.

Healthcare

HIPAA technical safeguards, separation of duties between agent runtime and policy decision point, immutable audit trails for PHI access. Out-of-process governance for clinical and operational agents.

Public sector and regulated SaaS

EU AI Act high-risk system controls (Articles 9, 12, 13, 14), FedRAMP-aligned audit trails, multi-tenant isolation for shared infrastructure serving regulated customers.

What auditors actually look for

Three properties drive the audit conversation. Cordum is built around each one.

Trust boundary separation

Policy decision point lives outside the agent's process. If the agent is compromised, the audit trail of policy decisions continues uncorrupted because the policy engine has its own identity, its own logs, and its own failure domain.

Independent log stream

Policy decisions, approvals, state transitions, and evidence pointers are written to a store the agent process cannot reach. Auditor reads this stream independently of the workload's own emissions.

Attestable identity

The Safety Kernel authenticates with mTLS and signs every decision with its own identity. Decisions are attestable independent of the workload that requested them — the same property auditors expect from HSMs and out-of-process secret managers.

Compliance evidence pack

Pre-built mappings for SOC2 (CC6, CC7), EU AI Act Articles 9/12/13/14, HIPAA technical safeguards, PCI-DSS access controls, and ISO 42001. Evidence exports to your existing SIEM or GRC tool — no vendor lock-in.

Frequently Asked Questions

Why does out-of-process governance matter to my auditor?
Regulated industry auditors increasingly expect the policy decision to live outside the workload's trust boundary. The same logic auditors apply to your secrets manager (out-of-process) and your KMS (out-of-process) extends to your agent governance: in-process enforcement can be bypassed when the workload is compromised; out-of-process enforcement survives because the policy engine has its own identity, its own logs, and its own failure domain. For SOC2 separation-of-duties controls, EU AI Act Article 14 (human oversight), and HIPAA technical safeguards, this is increasingly the difference between a clean audit and a finding.
How does Cordum compare to Microsoft Agent Governance Toolkit for regulated buyers?
Microsoft AGT is excellent in-process governance — MIT-licensed, addresses all 10 OWASP agentic-AI risks, ships SOC2 evidence generation. For regulated buyers, the architectural distinction matters: MS AGT runs as Python middleware inside the agent process, sharing the agent's trust boundary. Cordum runs as a separate gRPC service behind mTLS, with audit boundary separable from the workload. For prototypes and single-tenant deployments, MS AGT is often the right answer; for multi-tenant fleets, customer-managed infrastructure, or audit-grade regulated deployments, the trust boundary separation Cordum provides is decision-relevant. See the full comparison at /compare/cordum-vs-microsoft-agt.
What evidence does Cordum produce for an EU AI Act audit?
Article 9 risk management: policy decisions tagged by risk class with decision rationale. Article 12 record-keeping: structured run timeline with policy decisions, approvals, and state transitions, retained per policy. Article 13 transparency: human-readable policy bundles with versioning and signed simulation results. Article 14 human oversight: REQUIRE_APPROVAL decisions with approver identity, approval timestamps, and bound action constraints. Evidence is signed by the Safety Kernel, exportable to your existing SIEM or GRC tool, and timestamped with attestable identity.
Can Cordum run on customer-managed infrastructure?
Yes. Cordum is designed for customer-managed deployment from day one. The Safety Kernel runs as a gRPC service that you operate inside your own VPC or on-prem environment. NATS, Redis, and the workflow engine are all customer-deployable. For regulated buyers with data-residency requirements, this matters — the policy decisions and audit data never leave your infrastructure. Managed cloud and SaaS offerings exist for buyers who prefer them.
How does CordClaw apply for OpenClaw deployments in regulated environments?
CordClaw is the OpenClaw governance plugin that intercepts every OpenClaw action request and asks the Cordum Safety Kernel for a deterministic policy decision before execution. For regulated OpenClaw deployments — bank back-office automation, clinical operations, public-sector workflow — this gives you out-of-process pre-dispatch governance at the OpenClaw boundary. See /cordclaw for the architecture.
What happens during a Safety Kernel outage?
Cordum implements circuit breaker semantics with deny-fallback default (per ADR-006). If the Safety Kernel is unreachable past a configured timeout, dispatch fails closed — agents cannot execute actions without a policy decision. This is the right tradeoff for regulated buyers: a failed audit trail is a failed audit. Operational runbooks are documented in /blog/ai-agent-safety-kernel-outage-playbook.

Compliance and audit reading

Practical guides to AI agent compliance frameworks, audit trail design, and policy enforcement evidence.

Talk to us about your audit

Bring us your auditor's questions — separation of duties, audit-trail tamper resistance, evidence-pack scope. We will walk you through the trust boundary architecture, demo the compromise-containment behavior, and show evidence shipping to your existing SIEM.

Talk to security engineeringCompare vs Microsoft AGT