Audit-first AI governanceBriefings on AI accountability
Plain, evidence-led writing on governing AI where it acts — what the frameworks actually require, what a defensible decision record contains, and how controls fire at the moment of action. No hype, no manufactured metrics.
What "AI proposes, deterministic evaluators enforce" actually means
KAiM's core principle, stated plainly and made rigorous — plus an eight-question FAQ for the people who have to sign off on it. The short version: the AI suggests; a deterministic gate decides; every decision is logged, signed, and reproducible.
Read →Executive BriefWritten governance doesn't enforce itself
Your AI policy is a document. The risky action is an event. A document has never stopped an event. The gap between the two is where governance either works or doesn't — and most organizations have left it empty.
Read →Executive BriefGoverning Agentic AI: Named Agents, Bounded Authority, and the Allow/Block/Escalate Gate
AI is moving from advising to acting. When software can approve, deny, send, and move money on its own, the question shifts from "is the model accurate?" to "which agent did this, and was it allowed?" That question has to be answerable at the moment of action — not reconstructed afterward.
Read →Framework BriefThe decision record examiners actually want
When an AI-assisted decision is challenged, an examiner, auditor, or litigator asks the same five questions. This brief sets out the anatomy of a record that can answer them — grounded in bank model-risk and adverse-action expectations.
Read →Framework BriefAdverse action in the age of AI: ECOA, Regulation B, and the model in the loop
When a model assists or makes a credit denial, the law does not change. The lender still owes the applicant a specific, accurate reason — and still has to be able to prove it. Here is what you must still be able to say, and where that gets hard.
Read →Framework MapA control crosswalk for AI governance
The major AI-governance and model-risk regimes share a backbone. This map names them accurately, ties each to an enforceable control, and shows — honestly — which KAiM Helm controls satisfy them today and which are still being built.
Read →Field GuideA field guide to the NIST AI Risk Management Framework
A practical walkthrough of Govern, Map, Measure, and Manage — and how to turn each function from a binder of documentation into controls that actually fire at the moment a decision is made.
Read →Deep DiveModel risk management for AI: an SR 11-7 deep dive
Bank model-risk management already assumes models are imperfect and demands independent challenge across the lifecycle. That makes it the right lens for AI — and it exposes where annual review breaks down once a model starts to act.
Read →Readiness BriefEU AI Act readiness: what "high-risk" obligations mean in practice
The Act reserves its heaviest obligations for systems it classifies as high-risk. Most of those obligations are unmet today — not because the policy is missing, but because nothing enforces it at the moment an action is taken. This brief translates the high-risk requirements into operational controls you can actually point to.
Read →Standards BriefISO/IEC 42001 in practice: an AI management system that does more than pass an audit
ISO/IEC 42001 gives AI governance a real management-system backbone. But a certificate proves you have a system — not that the system stops a bad action when it happens. Here is how to make the standard operational rather than ornamental.
Read →Executive BriefGoverning the AI you didn't build
Most of the AI now making decisions inside your business came from someone else. You can't open it, you can't fully test it, and you can't subcontract the accountability. What you can still own is the gate it has to pass through.
Read →Board MemoThe questions a board should ask about AI
An oversight memo for directors and audit committees. Your job is not to understand the model. It is to confirm that the controls exist — and to know the difference between a policy that describes good intentions and a control that actually stops a bad action.
Read →We publish a briefing when we have something worth examining — quality over cadence. KAiM is at the design-partner and controlled-demonstration stage; every claim here is one you can interrogate.