Kyndryl wants to help enterprises keep AI agents in line – and avoid costly compliance blunders

Kyndryl has announced a new “policy as code” feature aimed at helping organizations scale agentic AI across complex and regulated environments.

The idea is to turn a company's organizational rules, regulatory requirements, and operational controls into machine‑readable policies that govern where agents can and can’t operate.

"Organizations typically implement policy as code through a combination of declarative policy languages and enforcement engines," explained Patrick Gormley, Kyndryl's global data science and AI consult lead.

"In other words, they incorporate the appropriate regulations and operational rules into code that AI agents can read and must obey. If it’s in the code, the AI agent must execute. And if an instruction is not in the code, the AI agent cannot see or act upon it."

The move comes amid growing regulatory compliance concerns for enterprises ramping up agentic AI adoption. According to Kyndryl, more than three-in-ten of its customers have complained that compliance issues are seriously limiting their ability to scale recent technology investments.

The new policy as code capability aims to address this by defining operational boundaries and designing agents' actions to remain explainable, reviewable, and aligned with customer-defined business and regulatory requirements.

This new feature will be embedded directly into the Kyndryl Agentic AI Framework, launched last summer as a portfolio of specialized, self-directed, self-learning AI agents.

"Kyndryl's policy as code capability overcomes limitations of conventional AI agent controls and provides the structure customers need as they adopt agentic AI solutions," said Ismail Amla, senior vice president, Kyndryl Consult.

What to expect with Kyndryl’s ‘policy as code’

Features include deterministic execution, with agents only executing actions that have been permitted and enforced in advance.

Guardrails block unpredictable or unauthorized actions along the workflow, eliminating the operational impact of agentic hallucinations, and each agent action and decision is logged and explainable, supporting compliance and oversight.

Notably, decisions are subject to human supervision, with agents executing tasks aligned with established and testable policies that are monitored via a dashboard.

Gormley said policy as code should be particularly valuable in heavily regulated industries, such as financial services, healthcare and government.

"Policy as code helps enable these industries to realize the full benefits of AI and agentic AI by reducing the risk of the types of compliance failures that damage reputations and incur heavy financial penalties," he said.

"By enforcing programmatic rules at scale, policy as code helps eliminate the human error that can lead to granting inappropriate permissions to AI, interpreting rules and regulations inconsistently, and failing to document exceptions to standard operations."

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.