Skip to main content
Workshop · AI at Scale with Governance

Governance is how you find out which of your agents actually work.

Strata 2026: 80% of production agents broke their permission scope at least once. Gartner 2026: only 21% of enterprises have governance mature enough to detect it. The gap is not policy. It is controls in code. Two hours on your agent inventory. Your team leaves with three things: a governance architecture, a per-agent OWASP Agentic Top 10 gap analysis, and reference Terraform mapped to the five pillars your auditor already uses.

FREE 2 HOURS VIRTUAL YOUR AGENT INVENTORY
Register See the Five Pillars
Trusted by teams shipping production agents on AWS
Santander
HSBC
JP Morgan
NHS Wales
the identity platform
Award-winning LMS provider for enterprises and mid-size organizations
One of the largest cinema networks in the U.S.
A leading premium wildlife stock footage platform
The Reframe

Governance that lives in code, not in Confluence.
The same controls show you which agents are actually earning their keep.

Two hours on your agent inventory. We walk a security owner through every production agent, score each against OWASP Agentic T1-T5, and hand you the Terraform that closes the gaps. Bedrock Guardrails, AgentCore Policy, IAM scopes, Audit Manager framework. Wired on your agents.

The Five Pillars

Five controls-as-code pillars mapped to OWASP Agentic T1-T5.
Each one closes a failure mode and measures an agent.

Each pillar shuts a specific OWASP failure mode and emits the audit evidence that proves it shut. The visual on the left tracks the pillar you are on.

Five pillars, applied live

From hidden risk to measured agent.

Each pillar maps to a specific OWASP Agentic failure mode and a specific AWS service surface that ships the telemetry to prove it.

Pillar 01 - Per-agent scope, runtime-enforced
Pillar 02 - Prompt injection detection at entry
Pillar 03 - Inter-agent test gates
Pillar 04 - Isolated memory with validated writes
Pillar 05 - Allowlisted tool calls with approval gates
Pillar 01 · OWASP T1

Per-agent scope, runtime-enforced

Most agents run with more permission than the job requires. Per-agent IAM scoping (Access Analyzer, Verified Permissions, AgentCore Policy) turns the Strata 80% into zero: the agent cannot cross a scope it was never granted. The same controls show you which agents escalated, which held scope, and which integrations you are paying for and never using.

IAM · Access Analyzer · Verified Permissions · Bedrock AgentCore Policy

Pillar 02 · OWASP T2

Prompt injection detection at entry

Untrusted input is the most common hijack vector. An uploaded document can carry prompt-injection payloads hidden inside otherwise harmless text. Bedrock Guardrails (input filters, denied topics, contextual grounding) stop the agent from executing them. The same surface reports injection-detection rate, false-positive rate, and latency impact so you can tune prompts instead of guessing.

Bedrock Guardrails · CloudTrail · Amazon GuardDuty

Pillar 03 · OWASP T3

Inter-agent test gates

In multi-agent workflows, one agent's hallucination becomes the next agent's input. Bedrock Evaluations per hand-off, contextual grounding checks, and confidence thresholds stop the second agent from confidently acting on fabricated data. Same evaluations give you the A/B signal to swap in the cheaper model that still holds quality.

Bedrock Evaluations · Bedrock AgentCore · Step Functions

Pillar 04 · OWASP T4

Isolated memory with validated writes

Long-running agents with shared memory inherit every corrupted entry. AgentCore Memory isolation, KMS-scoped session keys, and Step Functions tenant boundaries contain the blast radius to a single session. The same events attribute session cost per tenant and flag memory-scope leaks before the auditor does.

Bedrock AgentCore Memory · KMS · Step Functions

Pillar 05 · OWASP T5

Allowlisted tool calls with approval gates

Agents handed the whole tool catalogue use tools they should not. AgentCore Policy allowlists, Verified Permissions parameter bounds, and Lambda approval handlers behind Step Functions mean tools are available only when the job calls for them. Same deny-events map the tool-usage heatmap that drives cost optimisation.

Bedrock AgentCore Policy · Verified Permissions · Lambda · Step Functions

Continuous evidence, all five pillars, one Audit Manager view.

CloudTrail. Every agent action recorded with caller identity, parameters, and outcome.
AWS Config. Drift detection per pillar configuration. Non-compliance is detected, not discovered.
AWS Audit Manager. Custom framework for OWASP Agentic T1-T5 with per-control evidence collection.
S3 Object Lock. Immutable evidence retention. Auditor reads what the agent wrote, in the order it wrote it.
CloudWatch Gen AI Observability. Per-pillar metrics streamed in real time. Compliance is the side effect of having the telemetry.
Amazon GuardDuty for agents. Anomaly detection on agent behaviour. Beyond the controls, beyond the metrics, beyond the prompt.
What You Leave With

Two strategic outputs. Four ready-to-deploy artefacts.
Yours to keep, regardless.

Governance architecture diagram with control plane mapped per agent

The governance architecture

A 12-18 page document plus diagram. Every control tied to a specific agent, a specific AWS service, and the metric it emits. Readable by a regulator, an engineer, and a CFO without translation.
Controls-as-code reference config in Terraform and policy JSON

Controls-as-code reference config

Deployable Terraform plus policy JSON shaped to your agents. Clone it, review it, ship it next sprint. Whether or not you engage us after the workshop.

OWASP T1-T5 gap matrix

Every agent scored against T1-T5 for control coverage and instrumentation coverage. Findings map to remediation pillar and the telemetry surface you are missing.

Audit Manager framework

Custom AWS Audit Manager framework with per-control evidence collection wired to CloudWatch Gen AI Observability. Compliance is the side effect of the telemetry.

Bedrock Guardrails policies

Per-entry-point Guardrails config with PII filters, denied topics, and contextual grounding. Drop into your Bedrock account, ship behind the same review your other policies use.

AgentCore Policy + IAM scopes

Allow-listed tool calls per agent with parameter bounds and rate limits. IAM scoping per agent role with Access Analyzer coverage. Least-privilege as configuration.
Who Runs It

Run by a solution architect from the Gen AI Delivery Lab.
Twelve years shipping under audit.

12YRS
AK Way under audit

Of the AK Way shipping production systems since 2014, under FCA, PRA, and Caldicott pressure.

1,300+
Engineers

Across the UK, US, and India post-Simform, with a Gen AI Delivery Lab built with AWS.

AgentCore
Early Access
Bedrock AgentCore Policy

Early-access partner for Bedrock AgentCore Policy, GA March 2026. We were wiring it in preview.

Premier
Security · SCA
AWS partner tier

AWS Premier tier, Security Competency, Strategic Collaboration Agreement for enterprise Gen AI.

The solution architect who runs your workshop is the same one who would audit your agent inventory. We have shipped production controls with Santander, HSBC, and NHS Wales, under FCA, PRA, and Caldicott pressure, on live systems with live auditors in the room.

What customers say

When governance is the workshop output,
the conversations afterward sound different.

JR
Jason Rackear
AWS Sr. Account Manager · the identity platform

Armakuni has been supporting the identity platform for the past 6 months and has exceeded all expectations. Charles loops me into the conversation right away. Armakuni is part of the One Team.

Identity verification · OWASP T1-T5 controls live
EL
Engineering Leadership
Award-winning LMS provider for enterprises and mid-size organizations · Edtech

The Armakuni team demonstrated an impressive ability to earn customer trust and deliver against lofty expectations with the C-Suite. Ruben and team maintained consistent communication and delivery.

Modernization · AK Way managed handover
MS
Matt Suckel
Sr. Manager Application Integration · One of the largest cinema networks in the U.S.

Kudos to Armakuni for demonstrating the speed, precision, and partnership needed to turn a high-speed challenge into a success story.

Application integration · Speed under pressure
TL
Technical Leadership
A Chicago-area media archive and licensing company · Media

Armakuni helped MPI build agentic AI capabilities that work inside our content pipeline. The orchestration layer sits in our AWS account, governed by our IAM, audited by our team. We own every piece of it.

Agentic AI · Owned, not rented
DT
Director of Technology
NHS Wales · Healthcare

NHS Wales needed data access measured in minutes, not days. Armakuni built the platform and transferred every piece of knowledge to our team. When they left, we ran everything.

Data platform · Full handover
EL
Engineering Lead
Santander · BFSI

The transformation at Santander wasn't about new tools. It was about engineering discipline that stuck after the engagement ended. 400 engineers, 40% faster time-to-market.

Engineering discipline · AK Way at scale
TD
Technology Director
Comic Relief · Public

When Comic Relief needed a payments platform for Red Nose Day that could not fail on live television, four Armakuni engineers built it. 500 transactions per second. Zero downtime.

High-stakes systems · Zero downtime
Recent Results

Learn from teams already shipping governed agents in production.

A leading premium wildlife stock footage platform shipped agentic AI under audit with per-agent IAM scopes and Bedrock Guardrails on every model call.

Read use case

A regional agricultural cooperative in the U.S. Midwest deployed OWASP T1-T5 controls-as-code with AgentCore Memory isolation from day one.

Read use case

Award-winning LMS provider for enterprises and mid-size organizations earned C-Suite trust on a regulated platform with the governance architecture documented for the regulator.

Read use case

One of the largest cinema networks in the U.S. integrated AI on Connect with per-tool allow-lists and audit trails ready for live regulator review.

Read use case

SMS campaign automation platform for e-commerce and restaurant brands shipped agentic AI on the data layer with full per-query provenance and the orchestration layer in their AWS account.

Read use case
More customer stories
Register

Two hours. Your agents. Your controls.
Register for the next session.

Pick a slot that works for your team. We confirm the agent inventory and environment ahead of time. You show up with the agents you want us to look at. Whatever we find is yours to keep, whether you engage us after or not.

Register for the Next Session Bring Your Agent Inventory

No commitment · No sales follow-up unless you ask · You own the Terraform

Continue exploring
Gen AI Delivery Lab
Parent Service

AI Transformation

The Gen AI Delivery Lab. Five reference patterns. PUSH framework qualification. Bedrock-native governance.

See the offering
AI Agents + AK Way workshop
Sister Workshop

Building Production AI Agents

One-day hands-on workshop where your engineers build a Bedrock agent against your real data with the OWASP Agentic Top 10 controls baked in.

See the workshop
Recent case studies
Case Studies

Real outcomes, real customers

A leading premium wildlife stock footage platform, the identity platform, A regional agricultural cooperative in the U.S. Midwest. Specific governance wins. Named stakeholders.

All case studies

AWS Premier Tier Services Partner

Ai Services Competency
Aws Lambda Delivery
Amazon Api Gateway Delivery
Amazon Dynamodb Delivery

Active Competencies and Service Delivery Programs relevant to this offering.