Governing an agent platform: prompts, tools, risks, and responsibilities

When an organization starts multiplying AI agent use cases, the question is no longer merely technical: it's a matter of governance. Who creates the agents? Who validates the prompts? How can we avoid misuse, black box effects, and security risks? I will share our approach to governing an internal agent platform: responsibility models, validation workflows, quality and risk management.

Key points:

• Responsibility model: who owns what (platform, agents, data, operational risks).
• Governance of prompts and tools (tooling): nomenclature, versioning, review, deprecation.
• Control mechanisms: safeguards, usage limits, monitoring.
• How to integrate risk/compliance functions into the loop without blocking innovation.
• Examples of incidents or near-incidents that led to the evolution of governance.