AI agents don't read your policy docs. They hit your APIs.

Official Schedule Context

Official Description

Every organisation has a policy for what AI should and shouldn't do. But in the era of autonomous

agents, who is that document actually for? Odds are no agent has ever read it. It opens a connection

and makes a call, and whatever happens at that millisecond is your real policy. So put the control

there. This talk is about the gateway as the runtime where AI governance actually executes: per-

agent identity and scoped, short-lived credentials instead of a shared god-key. PII and secrets

stripped from prompts in flight. Token-aware rate limits so one looping agent can't torch your

quota. Semantic caching that cuts spend and latency on requests you've already answered. I'll share

the architectural patterns behind each control, what they look like in practice, and what breaks the

moment you take them away. Policy states intent. Infrastructure enforces it.

Related YouTube Video

No related AI Engineer channel video found yet.

Transcript Status

No official session recording transcript was found by exact title match on the AI Engineer YouTube channel during this run.

People

Notes