AI agents don't read your policy docs. They hit your APIs.
Official Schedule Context
- Date/time: 2026-06-30 · 11:40am-12:00pm
- Track/room: track TBD · Expo Stage 4 SE
- Speaker(s): TBA
- Session type/status: session · confirmed
Official Description
Every organisation has a policy for what AI should and shouldn't do. But in the era of autonomous
agents, who is that document actually for? Odds are no agent has ever read it. It opens a connection
and makes a call, and whatever happens at that millisecond is your real policy. So put the control
there. This talk is about the gateway as the runtime where AI governance actually executes: per-
agent identity and scoped, short-lived credentials instead of a shared god-key. PII and secrets
stripped from prompts in flight. Token-aware rate limits so one looping agent can't torch your
quota. Semantic caching that cuts spend and latency on requests you've already answered. I'll share
the architectural patterns behind each control, what they look like in practice, and what breaks the
moment you take them away. Policy states intent. Infrastructure enforces it.
Related YouTube Video
No related AI Engineer channel video found yet.
Transcript Status
No official session recording transcript was found by exact title match on the AI Engineer YouTube channel during this run.
People
Notes
- Pending transcript synthesis when an official recording or confirmed matching video is available.