A Five-Plane Reference Architecture for Runtime Governance of Production AI Agents

2026-06-10 · Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Expert, quick

Summary

A new five-plane reference architecture addresses the critical challenge of runtime governance for production AI agents, which bypass traditional enterprise security models focused on data boundaries. Existing policy engines, designed for atomic principal evaluation, are insufficient for agentic systems requiring stateful evaluation against composite principals with attenuating authority. This architecture introduces four composable primitives: a five-plane decomposition comprising a reasoning plane for intent adjudication and four enforcement planes (network, identity, endpoint, data); stop-anywhere mediation; composite principals with capability attenuation; and a structured audit evidence substrate. It defines a taxonomy of six interruption primitives, establishes four correctness invariants, and demonstrates the prevention of seven production-agent threats across five workflows. A reference implementation confirms adjudication in single-digit microseconds, consistent attenuation correctness, and reliable tamper-evident auditing. The architecture specifically governs delegated actions, not model behavior.

Key takeaway

For AI Security Engineers designing agent governance, this five-plane architecture offers a robust framework to manage delegated actions. You should evaluate its primitives—five-plane decomposition, stop-anywhere mediation, composite principals with attenuation, and structured audit—to secure workflows where agents modify systems of record. This approach moves beyond traditional perimeter security, enabling you to prevent specific agent threats and ensure auditable, stateful control over AI agent operations.

Key insights

A five-plane architecture provides runtime governance for production AI agents by mediating delegated actions.

Principles

• Agent governance requires stateful evaluation of composite principals.
• Authority attenuates through delegation chains.
• Structured audit evidence is a core primitive.

Method

The architecture uses a five-plane decomposition, stop-anywhere mediation, composite principals with attenuation, and a structured audit substrate.

In practice

• Prevent seven production-agent threats.
• Achieve single-digit microsecond adjudication.
• Ensure tamper-evident audit trails.

Topics

• AI Agent Governance
• Reference Architecture
• Runtime Security
• Capability Attenuation
• Policy Engines
• Audit Substrate

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Architect, AI Security Engineer, MLOps Engineer

Related on AIssential

• Control Planes for Autonomous AI: Why Governance Has to Move Inside the System — Autonomous AI requires internal, runtime governance via control planes, not external, static policies.
• Proof-Carrying Agent Actions: Model-Agnostic Runtime Governance for Heterogeneous Agent Systems — PCAA provides runtime-neutral governance for agent actions via a portable, auditable action certificate.
• The PBSAI Governance Ecosystem: A Multi-Agent AI Reference Architecture for Securing Enterprise AI Estates — PBSAI offers a multi-agent reference architecture for securing complex enterprise AI estates.
• before your ai agents touch real work — Agent reliability hinges on runtime governance, not just model sophistication.
• So You Have an AI Security Budget. Now what? — Effective AI security requires unified governance and control over agentic development and production applications, moving beyond mere visibility.
• The Alignment Flywheel: A Governance-Centric Hybrid MAS for Architecture-Agnostic Safety — Decouple autonomous decision-making from safety governance using a hybrid MAS for auditable, patchable oversight.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.