Kyndryl’s Innovative Approach to Compliance in AI
Kyndryl has introduced a groundbreaking feature known as “policy as code”, aimed at assisting organizations in managing agentic AI within complex and regulated environments. This initiative is particularly timely as enterprises increasingly adopt AI technologies while facing growing regulatory compliance challenges.
Understanding Policy as Code
The essence of policy as code lies in transforming a company’s internal rules, regulatory mandates, and operational controls into machine-readable policies. This allows for the establishment of clear guidelines on where AI agents can operate. Patrick Gormley, Kyndryl’s global data science and AI consult lead, explains that organizations typically implement this through a combination of declarative policy languages and enforcement engines.
In simpler terms, the operational rules and regulations are encoded in a way that AI agents can interpret and must adhere to. If specific instructions are included in the code, the AI agent must execute them; if not, the agent is unable to act on those instructions.
The Need for Compliance in AI Adoption
As enterprises accelerate their adoption of agentic AI, compliance concerns are becoming more pronounced. Kyndryl reports that over 30% of their customers have expressed that compliance issues severely hinder their ability to maximize investments in recent technologies. The policy as code capability is designed to address this concern by defining operational limits and ensuring that agent actions are explainable, reviewable, and in alignment with customer-defined business and regulatory standards.
Integration with the Kyndryl Agentic AI Framework
This new feature will be integrated into the Kyndryl Agentic AI Framework, which was launched last summer and offers a suite of specialized, self-directed, and self-learning AI agents. Ismail Amla, senior vice president of Kyndryl Consult, emphasizes that this capability overcomes the limitations of traditional AI agent controls, providing the necessary structure for clients adopting agentic AI solutions.
Key Features of Policy as Code
- Deterministic Execution: Agents will only execute actions that have been pre-approved and enforced.
- Guardrails: These prevent unpredictable or unauthorized actions within workflows, thus mitigating the risks associated with agentic hallucinations.
- Logging and Explainability: Every agent decision is logged, ensuring compliance and oversight.
- Human Supervision: All decisions made by agents are subject to human oversight, with tasks being executed in accordance with established policies monitored via a dashboard.
Benefits for Regulated Industries
Gormley notes that policy as code is particularly advantageous for heavily regulated sectors such as financial services, healthcare, and government. By implementing programmatic rules at scale, organizations can significantly reduce the risk associated with compliance failures, which can damage reputations and lead to substantial financial penalties.
In conclusion, Kyndryl’s policy as code initiative marks a significant step toward enhancing compliance in AI deployment, offering organizations a robust framework to navigate the complexities of regulatory requirements while optimizing the benefits of agentic AI.
