Governance Framework

DARMA

Five layers of governance for AI agents. The framework the market hasn't built.

darmaPage.layersLabel

The five layers

Each layer covers a specific governance domain. The order is not arbitrary.

D

Delegation·Who may activate the agent

Airlock

A

Authorization·What the agent may do

Agent Shield

R

Runtime·Did this action pass policy

Agent Firewall

Gateway Scrubber

M

Model Integrity·Has the model drifted

Swarm Auditor

A

Accountability·Can we prove it

Audit Ledger

DARMA Runtime Governance enforces these layers in real time. Compliance Mapper documents them after a regulatory incident.

Standards alignment

FluxAI builds on the runtime governance principles articulated by Five Eyes cybersecurity agencies in their guidance Careful Adoption of Agentic AI Services: per-invocation authorization, fail-safe defaults, consensus controls for moderate-stakes actions, human-in-the-loop approval for high-stakes actions, and comprehensive audit trails.

Authoring agencies: Australian Cyber Security Centre, CISA, NSA, Canadian Centre for Cyber Security, NCSC-NZ, NCSC-UK.

The fifth layer

Why Model Integrity?

Traditional governance assumes the model is trustworthy. DARMA verifies it. Two threats that none of the other four layers catch:

Consider an organisation that deploys an AI agent for customer support. Authorization is in place — only approved staff have access. Runtime logging is active. The Audit Ledger documents every session. Delegation is defined. Everything looks correct.

Three months later, the LLM provider updates the model. No one in the organisation is notified. The agent's responses shift subtly — it starts recommending products it never recommended before, or it handles complaints with a different tone. Logs still show AUTHORIZED. Because nothing in the other four layers checks whether the model's behaviour has changed.

With Model Integrity, Agent Shield Runtime would have flagged the process as DRIFTING within the first 24 hours after the model update. The organisation would have known before their customers noticed.

Conclusion

DRIFTING is not an error. It is the signal that tells you something has changed — before it becomes a problem.

Hypothetical scenario illustrating the Model Integrity layer.

Read the article on Substack →