Partnerships ☁ Cloudera Premier Partner ◈ WSO2 Partner Expert insights from senior practitioners
Featured insight

After SR 26-2, Agentic AI Governance Has to Be Load-Bearing

Regulators took agentic AI out of the model-risk rulebook and left the duty to govern it in place. The standard a bank writes to fill that gap is worth exactly what its architecture can enforce — and…

DD
David deBoisblanc  ·  Co-founder & Principal
8 min read · Financial Services & KYC/AML
Latest Insight For Executives 8 min read
Executive Briefings
For leadership readers
After SR 26-2, Agentic AI Governance Has to Be Load-Bearing
Regulators took agentic AI out of the model-risk rulebook and left the duty to govern it in place. The standard a bank writes to fill that gap is worth exactly what its architecture can enforce — and prove. — SR 26-2 made the agentic AI control stan…
DD
David deBoisblanc
8 min read
The CCO and CFO Inherit SR 26-2
The guidance that pulled agentic AI out of model risk didn't say who inside the bank now owns the cost of governing it, and that silence is where the exposure collects. SR 26-2 carved generative and agentic AI out of model risk and declined to speci…
DD
David deBoisblanc
7 min
SR 26-2 Carved Out Agentic AI. The Liability Didn't Move.
In April, the framework that has governed bank model risk for fifteen years was rewritten, and the fastest-moving AI in the institution was deliberately left outside it. SR 26-2 rewrote bank model-risk guidance in April and deliberately placed gener…
DD
David deBoisblanc
3 min read
Practitioner Insights
Senior-level depth
The CCO and CFO Inherit SR 26-2
The guidance that pulled agentic AI out of model risk didn't say who inside the bank now owns the cost of governing it, and that silence is where the exposure collects. SR 26-2 carved generative and agentic AI out of model risk and declined to speci…
DD
David deBoisblanc
7 min
SR 26-2 Carved Out Agentic AI. The Liability Didn't Move.
In April, the framework that has governed bank model risk for fifteen years was rewritten, and the fastest-moving AI in the institution was deliberately left outside it. SR 26-2 rewrote bank model-risk guidance in April and deliberately placed gener…
DD
David deBoisblanc
3 min read
Financial Services & KYC/AML For Executives
The CFO Question on Agent Governance Spend
Capital requests for AI agent governance are arriving on CFO desks one platform at a time, each defensible in isolation, and the gap between them is where the financial exposure lives. The reason these requests are arriving now is that the market ju…
DD
David deBoisblanc
4 min read
AI & Data Engineering
The Kill Switch Is Not the Story
A vendor shipping a comprehensive-sounding agent control tower is not the same as your enterprise having an answer for agent management. The architects who conflate the two will inherit a control plane by default, along with a definition of the prob…
DD
David deBoisblanc
8 min
Why Agent Governance That Passes Pilots Fails Audit
Most enterprise architects have stopped treating the system prompt as where governance lives. That conclusion is no longer controversial. The interesting question — the one most current answers do not fully resolve — is where exactly governance does…
DD
David deBoisblanc
9 min
Your Agents Can Read the PDF. They Cannot Defend It.
Before any agent can act on a financial record, something or someone has to turn that record into trustworthy structured data. That handoff is where many institutions are quietly failing today. The pattern is familiar to anyone who has worked inside…
DD
David deBoisblanc
6 min
AI & Data Engineering For Executives
The Agent Wars Aren't About Agents
Derek du Preez's coverage of Google Cloud Next '26 cuts to the decision that actually matters for agentic systems: who owns the audit and policy plane when your agents start acting on enterprise data. Not the model. Not the framework. The control la…
DD
David deBoisblanc
3 min read
Financial Services & KYC/AML For Executives
Semantic Coherence Is the KYC Control Examiners Will Ask About Next
Your next agentic AI deployment is likely to struggle under examination for reasons your model risk framework wasn't built to catch. Industry analysts including Gartner and McKinsey continue to report that the majority of enterprise AI projects fail…
DD
David deBoisblanc
4 min
AI Protections Are Failing as Powerful Systems Spread Online
The safety barriers built into frontier AI models are being stripped away in minutes, and that changes what a CISO can assume about every model entering the enterprise. An investigation by the Financial Times and the AI safety group Alice found that…
DD
David deBoisblanc
3 min read
Design the Decision Before the System
Most enterprises now have teams doing serious architectural work on agentic AI. The work is necessary. The conversations being had inside it — about controls, surfaces, governance models, where deterministic constraints belong and where they cost mo…
DD
David deBoisblanc
9 min
AI & Data Engineering For Executives
The Agent Did Exactly What the Attacker Told It To
Recently, an attacker filed a support ticket on a Supabase-backed application. The ticket contained hidden instructions directing a Cursor IDE agent — connected to the database via MCP and running with the service_role key — to read a private creden…
DD
David deBoisblanc
7 min read
Many Banks Already Run the Stack for Defendable Agentic AI
The document workflow grew up in one part of the bank. The data platform grew up in another. The agents that need to defend their decisions are about to discover they were never connected. That is the architectural seam this post is about. The prior…
DD
David deBoisblanc
8 min read
Document Ingest Is a Semantic Event, Not a Parsing Problem
The agent cannot defend what the pipeline never captured. If signer identity, consent, version, and provenance are not emitted as structured signals at the moment a document enters the institution, no downstream model — however capable — can reconst…
DD
David deBoisblanc
8 min read
The Cloudera Survey Found a Leadership Gap. A Semantic Gap Sits Beneath It.
A new Cloudera survey covered in Saudi Gazette puts a number on something most architects already feel: in EMEA, 69% of organizations assign data readiness to the CIO or CTO, and over 90% of those report a data strategy tied to business objectives.…
DD
David deBoisblanc
4 min read
Rethinking LLMOps for Fraud and AML: Building a Compliance-Grade LLM Serving Stack
A new paper on LLMOps for fraud and anti-money-laundering workloads reframes compliance inference as a serving problem. Prompts are prefix-heavy. Outputs are short and schema-constrained. Most production stacks are tuned for the wrong workload — gen…
DD
David deBoisblanc
3 min read
Financial Services & KYC/AML For Executives
When Process Breaks Down, Fraud Finds a Way: Through Invoices, Expenses or Both!
A subsidiary lost a material share of its annual turnover for eight straight years to a fraud scheme that never tripped a single control, because the controls were watching the wrong things. The Fintech Times this month walked through the mechanics…
DD
David deBoisblanc
3 min read
Financial Services & KYC/AML
Rethinking LLMOps for Fraud and AML: Building a Compliance-Grade LLM Serving Stack
A new paper on LLMOps for fraud and anti-money-laundering workloads reframes compliance inference as a serving problem. Prompts are prefix-heavy. Outputs are short and schema-constrained. Most production stacks are tuned for the wrong workload — gen…
DD
David deBoisblanc
3 min read
AI & Data Engineering For Executives
CFO-What Your Agent Platform Sponsor Should Tell You
The capital request that lands on your desk for an enterprise agent control plane needs a different diligence standard than the one that worked for the last decade of SaaS. A category of vendor announcements is converging on the same offer. ServiceN…
DD
David deBoisblanc
4 min read
Financial Services & KYC/AML For Executives
Your AI Governance Chart Has One Name on It in Court
Courts are starting to signal what risk officers already suspect: when an AI system causes harm, the bank that deployed it owns the liability, not the vendor that built it. A recent CIO feature on AI accountability lays out a dynamic that should lan…
DD
David deBoisblanc
3 min read
Integration & Security For Executives
Your AI Agents Have Credentials. Do You Know Which Ones?
A new Okta Threat Intelligence study shows AI agents handing over OAuth tokens, leaking credentials over unencrypted channels, and bypassing their own guardrails under entirely plausible enterprise conditions — and most CIOs have no inventory of whe…
DD
David deBoisblanc
3 min read
Financial Services & KYC/AML For Executives
The Hidden Capex in Treasury's Stablecoin Rule
Treasury's stablecoin rule turns a compliance question into a capital question, and the meter is already running. What CFOs and compliance leaders need to know: The clock is twelve months from rule finalization, with comments closing June 9 — short…
DD
David deBoisblanc
4 min read
Financial Services & KYC/AML
The GENIUS Act Just Became an Architecture Problem
Treasury's proposed AML and sanctions rule for stablecoin issuers reads like a compliance document. Read it again as an architect, and it's a system design specification — one that quietly moves the hardest decisions from the legal team to the platf…
DD
David deBoisblanc
6 min read
AI & Data Engineering
For CIOs weighing "context graph" pitches: three questions before you sign.
Phil Wainewright's latest piece on diginomica does the useful work of naming something most enterprise AI conversations skip: the decision threads buried in Slack, email, comments, and team apps are where the why of enterprise activity actually live…
DD
David deBoisblanc
3 min read
AI & Data Engineering For Executives
Before You Trust an Agent's Decision, Ask What It Resolved
The current generation of enterprise AI pitches is more sophisticated than the skeptics give them credit for. The orchestration vendors have done real work on making agent behavior inspectable. What most of them have not done is push that inspectabi…
DD
David deBoisblanc
7 min
AI & Data Engineering For Executives
NatWest's AI story is really a board-level story about discipline
Diginomica's write-up of NatWest's Venture Banking launch with AWS is being read as an AI announcement. It is not. It is a story about institutional discipline — about a bank that accepted the boring, expensive, multi-year work had to come before th…
DD
David deBoisblanc
3 min read
AI & Data Engineering
When Your RAG System Retrieves Perfectly and Still Lies to You
This piece walks through a failure mode most enterprise RAG pipelines have but no one is measuring: retrieval works, the right documents come back, and the model still answers wrong because two of those documents contradict each other. A preliminary…
DD
David deBoisblanc
3 min read
AI & Data Engineering For Executives
The Line Item Every CFO Is About to Add to the AI Budget
Enterprise AI is crossing from experimentation into operation, and the cost structure of that transition is not what the first wave of business cases assumed. AI Business reported in mid-April that Salesforce, Databricks, and AWS each released agent…
DD
David deBoisblanc
4 min read
AI & Data Engineering
Every Prompt-Based Control Is a Future Postmortem
The system prompt that tells your agent "never refund more than $500" is not a control. It is a suggestion the model will follow most of the time, ignore some of the time, and abandon entirely when an adversarial input finds the right shape. If the…
DD
David deBoisblanc
8 min read
AI & Data Engineering For Executives
Governance Is Now the Gating Factor for AI Scale
The shift this quarter is not what AI can do next, it is what enterprises can actually govern once AI is running across their systems. AI Business reported in mid-April that Salesforce, Databricks, and AWS all rolled out agent governance and registr…
DD
David deBoisblanc
4 min
AI & Data Engineering
Why Most Agentic AI Projects Fail Before They Start
Gartner estimates that 85% of AI projects fail to deliver value. McKinsey places enterprise AI success rates below 20%. These aren't rounding errors. They're systemic failure. The explanations vary. Insufficient data. Poor model selection. Organizat…
DD
David deBoisblanc
9 min
Cloudera / Data Services & AI
Native Observability is the Heart of Hybrid Cloud
Ron Pick lays out exactly why observability has to be native, not bolted on — and the hybrid AI era is the forcing function that makes this non-negotiable. Cloudera is solving the hardest part of the problem: unified telemetry across on-prem, cloud,…
DD
David deBoisblanc
3 min read
Financial Services & KYC/AML
Why Knowledge Graphs Are Becoming the Center of Gravity in AML Architecture
The leading institutions know this. Major banks have graph initiatives, entity resolution programs, and ML-based transaction monitoring in production or advanced pilot. The question at the top of the market isn't whether to move beyond rules — it's…
DD
David deBoisblanc
8 min read
Cloudera / Data Services & AI
Cloudera and NVIDIA Got the Governance Architecture Right
Cloudera and NVIDIA are making a specific bet with Agent Studio: that enterprise AI adoption stalls not on model capability but on governance. Verifiable reasoning chains and data lineage at the infrastructure layer — not bolted on after the fact —…
DD
David deBoisblanc
3 min read
AI & Data Engineering
The Real AI Shift Isn’t New Models. It’s Control.
The real AI shift isn't the next model — it's control. The part I'd underline from this piece: the context layer. We've seen large implementations where context got stuffed into oversized prompts — dazzling in the demo, and initially celebrated as l…
DD
David deBoisblanc
3 min read
AI & Data Engineering
Structure-Aware RAG Is Right. The Benchmarks Aren't.
Structure-aware retrieval is having a moment. A steady stream of papers, product launches, and polished blog posts is making the case for embedding document structure — section hierarchies, breadcrumbs, parent-child relationships — directly into the…
DD
David deBoisblanc
8 min
AI & Data Engineering
Agentic AI Is Not Just a Better Chatbot
Most organizations confuse agentic AI with conversational interfaces. They treat agents as chatbots with memory, then wonder why their deployments fail in production. The confusion is expensive. An agentic system doesn't just respond — it acts. It m…
DD
David deBoisblanc
6 min read

Topics