Governance is an architectural requirement —
not a regulatory one.
Prasad Bhamidipati · AI systems architect · 30 years building systems that enforce trust at scale
Thirty years, one problem
The problem I have spent my career on is always the same one stated differently: how do you enforce behavioral constraints in a distributed system you cannot fully control?
I started by building application servers — the infrastructure layer that enforces behavioral contracts at runtime, not in the application code. At Pramati Technologies, that work produced the world's first J2EE 1.3-certified application server and a seat on the Java Community Process JSP Expert Group.
From there the problem deepened. At Aveksa — as employee number two — I spent eight years architecting the IDAM platform that became the standard for access governance at Global 2000 companies. The core question was identical: how do you ensure that an entity (a user, a service, a process) can only do what it is authorized to do, enforced at the infrastructure layer rather than trusted to application code? That work produced U.S. Patent US9286595B2 on systems for collecting and normalizing entitlement data. Aveksa was acquired by RSA/EMC, validating the architectural bet.
AI governance is that same problem, restated. The entity is a model. The entitlements are capabilities. The enforcement layer is — or should be — the runtime infrastructure, not the application.
Correctness-by-governance
AI systems must encode their governance constraints as architectural invariants, not policy overlays. The system cannot violate what it cannot bypass. Trust is not a property of the model — it is a property of the system built around it.
Behavioral Topology
Agent safety cannot be established by verifying individual outputs. A sequence of individually-verified actions can compose into an unsafe trajectory — and no existing framework addresses this at the architectural level. My current research treats agent sessions as trajectories through behavioral space and fuses signals across multiple dimensions into a composite view of behavioral state. The individual signals are well-characterized in isolation; what does not yet exist is principled cross-signal fusion that produces actionable detection early enough to trigger containment before an agent reaches an irreversible action. That is the gap I am working on.
This is an area of active research.
Aegis Gateway
I am building Aegis Gateway — an enterprise LLM gateway that enforces policy at the request path. Audit trails, circuit breakers, and tier-based routing baked into the infrastructure layer, not bolted onto application code.
Alongside the product work, I write long-form essays and publish downloadable the framework and its components for architects and engineers solving the same problems. Designed to be used, not filed.
Work with me
I take a small number of engagements with enterprises navigating AI deployment at scale. The focus is architecture, not compliance theatre.
- Governance architecture reviews — assessing where policy enforcement lives in your stack and where it should live instead
- Agentic system design — authorization models, decision provenance, and human oversight mechanics for multi-agent workflows
- Framework development — building governance scaffolding your engineering teams can actually use