Kyndryl unveils policy-as-code guardrails for AI agents

Kyndryl has launched a policy-as-code feature to govern how agentic AI workflows run inside organisations with strict compliance and operational controls.

It described the move as a response to growing interest in AI agents that can take actions across business systems, and to concerns in regulated environments where security, compliance and oversight can limit adoption.

Kyndryl said 31% of customers cite regulatory or compliance concerns as a key barrier to scaling recent technology investments. Its approach translates organisational rules, regulatory requirements and operational controls into machine-readable policies that govern how agentic AI workflows execute.

The feature sits within the Kyndryl Agentic AI Framework and acts as an enforcement layer that governs how AI agents execute, interact and operate across systems. Kyndryl also linked the launch to its experience running complex IT environments and managing large-scale automation.

Kyndryl said it manages nearly 190 million automations each month for mission-critical systems, and that these operational foundations improve governance, agent explainability and predictability in production environments.

Policy approach

Policy as code expresses controls and constraints in a form that software can evaluate automatically. For AI agents, Kyndryl treats these policies as boundaries that define which actions an agent can take as it moves through a workflow.

The policy layer codifies business and regulatory requirements directly into AI agent operations, with the aim of keeping workflow execution governed, auditable and consistent with customer-defined requirements.

"Kyndryl's policy as code capability overcomes limitations of conventional AI agent controls and provides the structure customers need as they adopt agentic AI solutions," said Ismail Amla, Senior Vice President, Kyndryl Consult.

"By embedding and codifying business and regulatory requirements directly into AI agent operations, we can help customers execute AI workflow that is governed, transparent, explainable and aligned with their organizational requirements."

Guardrails and logs

Kyndryl outlined several elements of the feature, including deterministic execution that limits actions to those permitted by pre-defined policies. It said this reduces operational risk.

The policy layer can also block unpredictable or unauthorised actions within a workflow. Kyndryl positioned this as a way to limit the operational impact of agentic hallucinations, where an AI system generates incorrect or unsupported outputs that could lead to inappropriate actions if not constrained.

Kyndryl also highlighted "audit-by-design" transparency, with each agent action and decision logged and explainable to support compliance and oversight.

Human supervision is built into the design. Agents execute tasks aligned with established, testable policies, and a dashboard provides visibility into agent behaviour to support consistent actions and decisions.

Target sectors

Kyndryl said its policy-governed approach supports controlled deployment of policy-constrained autonomous agents in regulated sectors. It listed financial operations, public services and supply chains among areas where it expects demand, alongside other mission-critical domains where reliability and predictability are essential.

The announcement reflects a broader shift in enterprise AI from tools that generate content to systems that can initiate and complete actions across multiple applications and data sources. As a result, governance and accountability have become more important, particularly for organisations that must demonstrate compliance with sector rules and internal controls.

Kyndryl said it will deliver the work through Kyndryl Consult, which provides advisory and implementation services. The company designs, builds, manages and modernises complex information systems for customers in more than 60 countries.

Kyndryl said the policy-as-code feature is available as part of its agentic AI services, and that it will work with customers on the design, implementation and operational management of governed agentic AI solutions.