Kyndryl wants to help enterprises keep AI agents in line – and avoid costly compliance blunders
Controls become machine‑readable policies that AI agents can read and must obey
Kyndryl has announced a new “policy as code” feature aimed at helping organizations scale agentic AI across complex and regulated environments.
The idea is to turn a company's organizational rules, regulatory requirements, and operational controls into machine‑readable policies that govern where agents can and can’t operate.
"Organizations typically implement policy as code through a combination of declarative policy languages and enforcement engines," explained Patrick Gormley, Kyndryl's global data science and AI consult lead.
"In other words, they incorporate the appropriate regulations and operational rules into code that AI agents can read and must obey. If it’s in the code, the AI agent must execute. And if an instruction is not in the code, the AI agent cannot see or act upon it."
The move comes amid growing regulatory compliance concerns for enterprises ramping up agentic AI adoption. According to Kyndryl, more than three-in-ten of its customers have complained that compliance issues are seriously limiting their ability to scale recent technology investments.
The new policy as code capability aims to address this by defining operational boundaries and designing agents' actions to remain explainable, reviewable, and aligned with customer-defined business and regulatory requirements.
This new feature will be embedded directly into the Kyndryl Agentic AI Framework, launched last summer as a portfolio of specialized, self-directed, self-learning AI agents.
"Kyndryl's policy as code capability overcomes limitations of conventional AI agent controls and provides the structure customers need as they adopt agentic AI solutions," said Ismail Amla, senior vice president, Kyndryl Consult.
What to expect with Kyndryl’s ‘policy as code’
Features include deterministic execution, with agents only executing actions that have been permitted and enforced in advance.
Guardrails block unpredictable or unauthorized actions along the workflow, eliminating the operational impact of agentic hallucinations, and each agent action and decision is logged and explainable, supporting compliance and oversight.
Notably, decisions are subject to human supervision, with agents executing tasks aligned with established and testable policies that are monitored via a dashboard.
Gormley said policy as code should be particularly valuable in heavily regulated industries, such as financial services, healthcare and government.
"Policy as code helps enable these industries to realize the full benefits of AI and agentic AI by reducing the risk of the types of compliance failures that damage reputations and incur heavy financial penalties," he said.
"By enforcing programmatic rules at scale, policy as code helps eliminate the human error that can lead to granting inappropriate permissions to AI, interpreting rules and regulations inconsistently, and failing to document exceptions to standard operations."
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Changes to EU AI Act implementation deadlines welcomed by industryNews New implementation deadlines for the EU AI Act could help remove “genuine friction” for European companies
-
What businesses need to know about the update to Cyber EssentialsIn-depth Cyber Essentials was updated this April – what are the key changes?
-
'Advisory AI has run its course': ServiceNow wants agents working in every corner of your businessNews A big update to ServiceNow’s Autonomous Workforce service looks to ramp up automation
-
Google is building its own OpenClaw alternative — Remy ‘elevates the Gemini app into a true assistant’News The OpenClaw-style agent, dubbed ‘Remy’, is reportedly being tested by developers internally
-
Nine seconds was all it took for an AI agent to wipe a startup’s database —experts warn it’s a glimpse into the future challenges of identity securityNews The recent PocketOS incident shows the growing identity security risks associated with AI agents, according to cyber experts
-
Four things you need to know about OpenAI’s new workspace agents for ChatGPT – including how to build your ownNews New ‘workspace agents’ from OpenAI will automate tasks for workers and can be customized for specific roles
-
‘Fragmentation is poison’: How Microsoft is targeting disparate data to boost AI adoptionNews Amir Netz, the co-creator of Microsoft's Power BI service, tells ITPro that business context is key to effective AI deployment.
-
Salesforce ramps up agentic AI research with new foundry projectNews Researchers are already working on new tools for agent-to-agent interaction and “ambient intelligence”
-
Oracle announces new proactive enterprise agents at AI World Tour LondonNews With a slew of new tools and customization options, Oracle is aiming to ground AI agents directly in enterprise data
-
Scottish government sets out AI plans for the next five yearsNews Deputy first minister Kate Forbes says the aim is to establish Scotland as a world leader in the technology
