Launch posts, architecture explainers, and operator guidance for the AI Authority Runtime.
OIL v2 — Extending the Open Intent Layer to Physical AI
The Open Intent Layer now covers 29 domains spanning digital enterprise operations and physical / embodied processes. Same code structure, same Apache 2.0 license, same stable family codes. Manipulation, locomotion, sensing, manufacturing, autonomous vehicles, surgical robotics, agriculture, construction, hazardous environments, energy, mining, logistics, aerial systems, and embodied AI safety are now first-class.
The Economics of AI Agent Authorization
How much does an unauthorized AI action cost? The math makes the case for runtime authority better than any feature comparison.
LangChain + Intended: Adding Governance to Your AI Agent in 10 Minutes
A step-by-step tutorial for adding authorization and audit to any LangChain agent using the Intended Python SDK.
Enterprise AI Governance in 2026: What CISOs Need to Know
AI agents are in production at the majority of Fortune 500 companies. The regulatory landscape is catching up fast. Here is what security leaders need to understand.
Why Permission Is Not Authority: The Gap in AI Agent Governance
AI agents are governed by permission systems designed for humans. That is a problem. Permission asks whether an identity can access a resource. Authority asks whether an action should happen. The difference matters when AI agents are making thousands of decisions per hour.
How We Scored 92/100 on Our Own Security Audit
We ran 5 red team agents against our own platform. Here is what they found, and how we fixed every issue.
Introducing the Open Intent Layer: An Open Standard for Classifying AI Agent Actions
There is no common language for describing what AI agents do. The Open Intent Layer changes that. The Open Intent Layer is an open taxonomy of 14 domains and 100+ categories for classifying AI agent actions. Apache 2.0 licensed.
Read post#open-source#open-intent-layer#taxonomy
The AI Agent Trust Problem
Every company deploying AI agents faces the same question — how do you trust autonomous software to act on your behalf?
Fail-Closed vs. Fail-Open: Why Your AI Authorization Model Matters
When your authorization system goes down, do AI agents keep executing? The choice between fail-open and fail-closed is the most important architectural decision in AI agent governance. Intended is fail-closed at every boundary.
MCP + Intended: Governing Every Tool Call in 5 Lines of Code
The Model Context Protocol is becoming the standard for AI agent tool use. But MCP has no built-in authorization. Here is how to add policy-based governance to every MCP tool call with Intended's MCP Gateway in five lines of code.
Cryptographic Proof-of-Authority: Why Audit Logs Are Not Enough
Audit logs tell you what happened. Cryptographic proof tells you what happened and proves it mathematically. Intended produces RS256-signed authority tokens, HMAC evidence bundles, and a hash-chained ledger for every decision.
Building an AI-Native Company: How Intended Runs on Its Own Product
Intended is an AI-native company. Our AI agents handle support triage, billing operations, platform health, and more -- all governed by our own Authority Engine. Here is how we built it and what we learned.
From OPA to Intended: When Policy Engines Are Not Enough for AI Agents
OPA is a great policy engine for infrastructure. But AI agents need more than policy evaluation. They need intent understanding, risk scoring, domain intelligence, and cryptographic proof. Here is the migration path.
What Is an Authority Runtime?
Defining the authority runtime category and what makes it different from authorization, policy engines, and access control.
AI Agents in Production: What Could Go Wrong?
Real failure scenarios when AI agents operate without governance -- unauthorized purchases, data leaks, infrastructure damage, and why governance matters.
The 14 Domains of AI Agent Actions
A complete walkthrough of the 14 Open Intent Layer domains that classify every action an AI agent can take in an enterprise. From software development to executive operations, here is the taxonomy that makes AI governance possible.
RBAC Is Not Enough for AI Agents
RBAC was designed for humans clicking buttons. AI agents need intent-aware authorization that understands context, velocity, and risk.
How Intended Processes a Decision in Under 50ms
Technical deep-dive on the Intended decision pipeline -- how we achieve sub-50ms p99 latency for authority decisions.
Domain Intelligence: Why Context Matters for AI Governance
A $5000 payment in FinOps vs. a test payment in sandbox -- same action, completely different risk. How domain intelligence makes governance accurate.
Read post#domain-packs#intelligence#risk-scoring
Why We Open-Sourced Our Intent Taxonomy
Open-sourcing the Open Intent Layer was a strategic decision. We studied Databricks, Confluent, and HashiCorp to understand when open-sourcing a foundational technology creates more value than keeping it proprietary. Here is what is open, what is commercial, and why.
Read post#open-source#strategy#business-model
Introducing Intended: The AI Authority Runtime
Category-defining launch post for deterministic AI execution authority.
The Audit Trail Your Compliance Team Actually Wants
What auditors look for, what most systems provide, and what Intended provides -- hash chains, evidence bundles, and independent verification.
How Authority Decision Tokens Work
Deep dive into RS256 signing, nonce policy, and adapter verification flow.
Governing AI Agent Operations in Kubernetes
Kubernetes RBAC controls who can do what in a cluster. But AI agents need governance that goes beyond RBAC -- intent classification, risk scoring, and cryptographic proof for every operation. Here is how Intended's admission controller closes the gap.
Read post#kubernetes#infrastructure#integration
Zero Trust for AI Agents
Applying zero-trust principles to AI agent operations -- never trust, always verify, always prove.
PydanticAI + Intended: Governing AI Agent Tools Step by Step
Step-by-step tutorial with full code showing how to protect PydanticAI agent tools with Intended authority checks.
Why AI Governance Is Not Enough
Governance dashboards report controls, while runtime authority enforces them.
Building a Connector in Under 200 Lines
Build a connector that verifies tokens and emits audit metadata.
OpenAI Agents SDK + Intended: Adding Authority to Every Tool Call
Tutorial walkthrough for wrapping OpenAI Agents SDK tools with Intended authority checks for production-grade governance.
The 8-Factor Risk Scoring Model
Transparent factor-level scoring for every authority decision.
The CTO Guide to Evaluating AI Governance Solutions
A 10-point evaluation framework for CTOs comparing AI governance solutions -- what to look for, what to avoid, and what questions to ask.
Why Fail-Open Authorization Is Dangerous for AI Agents
Case studies of fail-open disasters and why Intended chose fail-closed as the only safe default for AI agent authorization.
Multi-Party Approvals for High-Risk AI Actions
How Intended handles escalation workflows -- single approver, multi-party approval, delegation chains, and time-bounded authorization.
Securing MCP Servers: The Complete Guide
Comprehensive guide to MCP security -- what MCP lacks in authorization, why it matters, and how Intended fills the gap.
AI Governance for Financial Services
Industry-specific governance for financial services -- payment approvals, trading operations, regulatory compliance, and Intended's FinTech domain pack.
AI Governance for Healthcare
Industry-specific governance for healthcare -- patient data access, clinical decision support, HIPAA considerations, and the healthcare domain pack.
AI Governance for DevOps
Industry-specific governance for DevOps -- deployment gates, infrastructure changes, incident response automation, and the infrastructure domain pack.
Building Custom Domain Packs for Intended
Developer guide for creating organization-specific governance models with Intended domain packs -- from intent mappings to risk models.
Read post#technical#domain-packs#developer-guide
Terraform + Intended: Infrastructure as Authority
Manage Intended policies as code with Terraform -- full HCL examples for provisioning policies, domain packs, and escalation workflows.
Read post#tutorial#terraform#infrastructure-as-code
GitHub Actions + Intended: CI/CD Pipeline Governance
Protect your CI/CD pipeline with Intended authority checks -- a complete GitHub Action walkthrough for governed deployments.
The Hidden Cost of Building AI Authorization In-House
Engineering hours, maintenance burden, compliance gaps, and why buying AI agent authorization beats building it in-house.
Read post#enterprise#build-vs-buy#cost-analysis
What Enterprise Buyers Look for in AI Governance
Enterprise procurement teams evaluate AI governance platforms against a specific checklist. SOC 2, DPA, SLA, uptime guarantees, data residency, and support tiers are table stakes. Here is what you need to pass the procurement gauntlet.
Intended vs Building with OPA and Cedar
OPA and Cedar are excellent policy engines. But building an AI governance platform on top of them requires solving the other 80 percent yourself. Here is an honest comparison of what they give you and what is missing.
Intent Classification Explained: How Natural Language Becomes Structured Authority
When an AI agent says it wants to do something, that request is natural language. Before governance can happen, that language must become structured data. Here is how Intended's intent compiler works, from raw text to classified intent.
Read post#technical#intent-classification#compiler
Token Replay Protection: How It Works
Authority tokens are cryptographic proof that an AI agent was authorized to take an action. But what stops an agent from using the same token twice? Nonces, TTLs, and single-use enforcement. Here is how Intended prevents token replay attacks.
The Four Perimeters of AI Agent Security
Most AI security tools protect one perimeter. But AI agents operate across four distinct perimeters -- ingestion, evaluation, execution, and audit. If you only secure one, you have three gaps. Here is why you need all four.
How to Convince Your CISO to Adopt AI Governance
You know your organization needs AI governance. Your CISO is skeptical. Here is the internal champion playbook -- what CISOs care about, how to frame the conversation, and how to build the case that gets budget approved.
Risk Scoring: Beyond Binary Allow/Deny
Binary allow/deny decisions are insufficient for AI agent governance. Real-world actions exist on a risk continuum. Here is how Intended calculates risk dynamically using eight dimensions of context.
The Compliance Engineer's Guide to Intended
For compliance engineers managing SOC 2, ISO 27001, or industry-specific frameworks, Intended provides automated evidence collection, chain verification, and auditor-ready exports. Here is how to map Intended to your compliance controls.
Air-Gapped Deployments: Running Intended On-Premise
Not every organization can send AI governance data to the cloud. Defense, financial services, healthcare, and critical infrastructure often require air-gapped or on-premise deployment. Here is how Intended supports every deployment model.
Webhook Normalization: One Format for Every System
GitHub, Jira, Salesforce, and ServiceNow all send webhooks in different formats. Intended normalizes them into a single unified intent format so your policies work across every system without system-specific rules.
Scaling to One Million Decisions per Month
When your AI agents are making a million governance decisions per month, every millisecond of latency and every bottleneck in the pipeline matters. Here is how Intended's architecture scales horizontally to handle enterprise-grade throughput.
The SOC 2 Journey: What We Learned
We went through SOC 2 Type II preparation ourselves. Here is a transparent account of what was harder than expected, what was easier, and what we would do differently if we started over.
Open-Source Strategy: Lessons from Databricks and HashiCorp
Deciding what to open-source and what to keep commercial is one of the hardest strategic decisions a platform company makes. Here is how we made that decision, and what we learned from Databricks, HashiCorp, and the broader industry.
AI Governance Glossary: 40+ Terms Defined
AI governance has its own vocabulary. Intent, authority token, domain pack, Open Intent Layer, fail-closed, risk score, evidence bundle -- here are 40-plus terms defined clearly and precisely so everyone speaks the same language.
The Future of AI Agent Governance
The AI governance landscape is shifting fast. The EU AI Act is entering enforcement, autonomous agents are proliferating, and multi-agent systems are going production. Here is where the industry is headed and what it means for governance.
Intended Architecture Deep Dive
A full technical architecture post for CTOs and senior engineers. Every component of the Intended platform explained -- from the intent compiler to the hash-chained audit ledger, with data flows, scaling characteristics, and design rationale.
Incident Response for AI Agent Failures
When an AI agent does something wrong -- an unauthorized action, a misconfiguration, a data leak -- you need a playbook. Detection, containment, investigation, and remediation for AI agent incidents.
Read post#operations#incident-response#security
Policy as Code with Intended
Version-controlled policies, Git-based review workflows, and CI/CD for governance. Here is how to treat your AI governance policies with the same rigor as your application code.
The Open Intent Layer: Design Principles
The Open Intent Layer taxonomy classifies AI agent actions into 14 domains and 300-plus categories. Here are the design principles that guided its creation and why those principles matter for governance at scale.
Why Every AI Framework Needs an Authority Layer
LangChain, PydanticAI, CrewAI, OpenAI Agents SDK -- none of them have built-in governance. They all provide tool calling without authority. Here is why every AI framework needs an authority layer, and why that layer should be external.
Connector SDK: Build Your Own Integration
Intended ships connectors for major platforms, but your organization has custom systems too. Here is a developer tutorial for building a custom connector from scratch using the Intended Connector SDK.
Monitoring AI Agent Decisions in Real Time
Governance without observability is governance in the dark. Here is how to monitor AI agent decisions in real time -- metrics, dashboards, alerts, and the signals that matter most.
Read post#operations#monitoring#observability
Data Residency and AI Governance
Where your governance data lives matters more than ever. GDPR, data sovereignty laws, and enterprise requirements demand control over data location. Here is how Intended handles multi-region deployment and data residency.
The Business Case for AI Agent Governance
Building the ROI case for AI agent governance. Risk reduction, time savings, compliance value, and the cost of doing nothing. A framework for executive presentations.
Intended Product Update: March 2026
A roundup of what we shipped in early 2026. MCP Gateway for model context protocol governance, Python SDK, Kubernetes admission controller, new pricing tiers, and 15 new blog posts for the community.
API Key Management Best Practices
API keys are the credentials your AI agents use to interact with Intended. Rotation, scoping, grace periods, and monitoring. Here are the best practices for managing API keys in a governance-critical system.
The Death of Manual AI Review
Manual review of AI agent actions does not scale. At 50 agents making 500 decisions a day, you need a team just to review. Automated governance replaces manual review without sacrificing control.
AI Governance for SaaS Platforms
SaaS platforms deploying AI agents face unique governance challenges. Per-tenant policies, data isolation, usage metering, and cross-tenant security. Here is how to implement AI governance in a multi-tenant architecture.
Hash-Chained Audit Trails Explained
A technical deep-dive into hash-chained audit trails. SHA-256 chains, serializable transactions, tamper detection, and why traditional logging is insufficient for AI governance compliance.
Getting Started with Intended in 5 Minutes
The quickest possible path from zero to governed AI agent. Sign up, install the SDK, submit your first intent, and see the governance decision. Five minutes, no infrastructure required.
Read post#tutorial#getting-started#quickstart