Posts about free-ai. ← All posts
The mental model that says no two adjacent layers share a single point of failure for the same class of attack. From TLS to OTel, the eleven layers a customer request crosses before an answer comes back.
The long-form security narrative for a multi-agent financial assistant — authentication, authorisation, tenant isolation, dual-identity audit, envelope encryption, hash-chained logs, governance, red team, BCP.
Board policy as a YAML file the risk team owns. Annexure VI as a database query. Every governance recommendation rendered as a file path in a Go repository.
The RBI FREE-AI incident reporting form, expressed as a Go struct and a Postgres table. Every entry is an auto-generated artefact from the runtime — not a form an operator fills in retrospectively.
Every one of the 26 RBI FREE-AI recommendations, mapped to a specific file in a working multi-agent platform. What's ✅ done, what's 🟡 partial, what's ⚪ honest gap.
Classification → provider allowlist. A pii-classified message can only reach a provider whose region is in the allowlist for pii. Sovereignty as a runtime gate, not a checkbox.
A tiny CEL-style DSL plus a board-approved YAML file. The risk team adds a governance rule by editing a config file; engineering ships the rule by restarting the service.
The bank's board approves an AI policy. The policy exists as a slide deck nobody reads. The risk team's actual operational policy is what's in the code. Closing that gap is the FREE-AI Rec 14 win.