Governance Insights

Governance Insights is the discovery layer of the Governance Autopilot. It produces a continuously-updated feed of AI-generated observations about your organization's governance posture - grounded in your IEC history, cited with specific evidence, and scoped to your domains and capabilities.

Insights are read-only observations. They describe patterns; they do not change rules or submit suggestions automatically. Every claim in an Insight is computed from your actual IEC data - the model paraphrases numbers; it does not invent them.

How Insights are produced

A scheduled discovery agent runs nightly for each organization with AI enabled. Each run:

1. Reads per-capability HITL rates, denial rates, and IEC volume from your organization's baselines
2. Checks per-rule fire counts over the last 30 and 90 days
3. Compares capability activity against your organization's historical baselines
4. Cross-references active capabilities against existing policy rules
5. Records an Insight for each detected pattern

Each nightly run is permanently recorded and auditable.

Insight categories

Six categories ship at launch. Adding a new category is a configuration change to the discovery agent - it does not require a platform update.

Deferral hot spot

Trigger: A capability's HITL rate exceeds 3× the organization-wide baseline for 14+ consecutive days.

Example: "finance.create.invoice triggered a human approval queue on 84% of calls in the last 30 days, compared to a 12% organization-wide rate. This capability may benefit from a threshold rule that narrows which invoices require HITL."

Why it matters: A high HITL rate on a specific capability often signals that a broad defer rule is catching traffic that could safely be handled by a more specific threshold rule - reducing reviewer load without reducing coverage.

Denial false positive

Trigger: A policy rule denied IECs in the past 7 days, and a meaningful fraction of those denials were followed by a manual admin reversal within 24 hours.

Example: "Rule finance-high-value denied 41 IECs in the last 7 days. In 38 of those cases, an admin manually re-approved the action within 1 hour. The rule may be set too strictly."

Why it matters: Retroactive reversals are the clearest signal that a rule is creating friction without reducing risk. The Insight surfaces the gap before the next cycle of reversals accumulates.

Untouched high-risk capability

Trigger: A capability with a risk score of 0.7 or higher has been invoked in the last 7 days with no matching policy rule and no default HITL enforcement.

Example: "contracting.sign.contract was invoked 6 times this week. No policy rule targets it. Its intrinsic risk score is 0.92 (irreversible action, external visibility, high monetary sensitivity). Default HITL is not configured."

Why it matters: High-risk capabilities that are active but unruled represent your most exposed governance gap. This Insight surfaces them before an incident does.

Drift from baseline

Trigger: A capability's IEC volume deviates more than 3 standard deviations from its 30-day baseline in the current week.

Example: "Volume for messaging.send.external is 4.2× the 30-day baseline this week. Agent slack-bot-3 is responsible for 71% of the increase."

Why it matters: Volume anomalies can precede policy violations or indicate a configuration change that hasn't been reflected in governance rules. The Insight names the agent responsible for the largest share, making triage immediate.

Coverage gap

Trigger: A domain has more than 10 active capabilities and fewer than 4 policy rules, with a domain maturity score below 50.

Example: "Domain support has 14 active capabilities, 2 policy rules, and a maturity score of 31. Other organizations at your tier that have installed the same capability pack average 9 rules for this domain."

Why it matters: Low rule density in an active domain usually means governance is relying on blanket defaults rather than specific controls. The comparison to peer organizations gives an evidence-based target.

Stale rule

Trigger: A rule has not fired in the past 90 days and the capability it targets has been invoked more than 100 times in that window.

Example: "Rule support-refund-threshold has not fired in 90 days. The support.issue.refund capability it targets has been invoked 312 times. Either the threshold no longer matches current transaction values, or the rule is not correctly scoped."

Why it matters: A rule that never fires is either mis-configured or irrelevant. In either case, it is not delivering governance value, and it clutters the rule set for reviewers.

Reading an Insight

Each Insight card shows:

• Title - one sentence, leading with a number ("84% HITL rate on finance.create.invoice")
• Narrative - two to three sentences paraphrasing the pattern in plain language
• Citation chips - the number of IECs, rules, and baselines the Insight draws from; click to see the specific references
• Primary action - either "Open in Designer" (to draft a candidate rule from this Insight) or "Dismiss" (with a reason)

The citation model is the key trust mechanism: every number in the narrative resolves to specific, immutable evidence. The Insight does not summarize a summary - it paraphrases a computed fact.

Insight lifecycle

Each Insight progresses through a simple state machine:

New → Seen → Dismissed      (with required reason)
           → In Designer     (when "Open in Designer" is used)
           → Resolved        (when a related rule is applied)

State transitions are permanent. Dismissing an Insight with a reason feeds back into the discovery agent's next run - repeated dismissals of the same pattern category reduce the probability of re-emission for that domain.

Suppression of repeat Insights

The discovery agent identifies duplicate Insights by their category, domain, capability, and evidence fingerprint. If the same pattern is detected on consecutive nightly runs, the existing Insight is refreshed with the latest evidence rather than creating a duplicate. The Insights feed shows the most recent evidence without flooding with identical observations.

Related

• Governance Autopilot - overview and prerequisites
• Policy Studio Designer - act on an Insight by opening it in the Designer
• AI Controls - configure the nightly discovery agent frequency