Enterprise AI Operating System · June 2026

Trust
by Design

AI Transformation · AI Security · AI Governance
The operating system that makes enterprise AI safe to trust and scalable to matter

Author
Guru Krish
Director — Enterprise AI Transformation, Governance & Security
Background
18 years · Google · Amazon
150+ business units governed · $700M+ impact
Status
Version 2.0 · 8 Artifacts Published
github.com/gurukrish81/trust-by-design

This framework reflects the author's independent research and professional experience. It does not represent the views, methodologies, or intellectual property of any former employer.

Contents
  • 01 The Problem with Enterprise AI Programs
  • 02 The Deterministic Safety Layer
  • 03 Five Principles of Trust by Design
  • 04 Three Dimensions — Transformation, Security, Governance
  • 05 The Four Pillars and Eight Artifacts
  • 06 Complete Toolkit — 8 Published Artifacts
  • 07 Risk Tiering Framework
  • 08 30-Day Implementation Path
  • 09 Framework Alignment — NIST, GDPR, EU AI Act
Live Demo Available
See the Trust by Design AI Risk Assessment Tool in action
Describe any AI use case. Get instant risk tier, architecture recommendation, governance requirements, AI FinOps cost estimate, and 90-day roadmap — in 30 seconds.
Request Demo → krish@gurukrish.org
01 — The Problem

Most Enterprise AI Programs Fail at Scale — Not at Start

The first three AI solutions almost always work. They're hand-picked, well-resourced, closely watched. Then comes the pressure to scale — and the program breaks down. Not because the technology failed, but because the operating infrastructure was never built to handle it.

Gartner projects that 40% of agentic AI projects will be abandoned by 2027. IBM's 2026 survey of 2,000 CxOs found that 77% say AI adoption is already outpacing their governance capabilities. The cause is never the model. The cause is always the same: transformation without the operating system to support it.

The Core Insight

"Treating guardrails as a post-launch patch is like trying to install brakes on a car already doing 100mph. The governance layer must be architected into the system — not added to it."

The six failure patterns that appear repeatedly across enterprise AI programs:

01
Shadow AI Before Visibility

Governance built before a shadow AI audit means you're governing what you approved, not what's running. You can't govern what you can't see.

02
Platform After Headcount

Hiring AI engineers before building the LLM gateway means every solution creates a new ungoverned integration. Scaling chaos, not capability.

03
Bolt-on Guardrails

Guardrails added after deployment are always incomplete. Input and output controls must be designed at the architecture stage, not the audit stage.

04
No Ownership Model

Without a defined handoff model, the central AI team becomes permanent support for every deployed solution. Delivery stops. Scale becomes impossible.

05
Policy Without Enforcement

An acceptable use policy that lives in Confluence is not an acceptable use policy. Governance that relies on people remembering the rules fails at scale.

06
Measurement as Afterthought

Without pre/post ROI measurement defined before deployment, you can never prove the AI program is working — or know when to stop building something that isn't.

02 — The Safety Layer

Making Probabilistic AI Deterministic Enough to Trust

LLMs are probabilistic by nature. They don't guarantee the same output for the same input. They can be confidently wrong. In enterprise settings — legal decisions, regulatory enforcement, financial analysis — this creates a fundamental trust problem. Business leaders cannot act on outputs they cannot predict or explain.

The answer is not to make the model deterministic — that is impossible. The answer is to build a deterministic safety layer around the model that makes the system trustworthy even when individual outputs are uncertain.

The Key Distinction

"The goal is not deterministic AI. The goal is a deterministic system built around probabilistic AI — where the inputs, the controls, the escalation paths, and the audit trail are all fully predictable even when the model output is not."

The Five Mechanisms

Mechanism
How It Works
What It Makes Deterministic
Output Schema Validation
Every response must conform to a defined structure — JSON schema, required fields, value ranges. If it doesn't, it's rejected before reaching the user.
The format is deterministic even when the content is probabilistic.
Confidence Thresholds
If model confidence or quality score falls below a defined threshold, the response automatically triggers mandatory human review — not optional escalation.
The escalation rule is deterministic. Low confidence always means human review.
RAG Fact Grounding
Responses are grounded in retrieved source documents from a verified knowledge base. The model cannot generate facts that aren't in the retrieved context.
The source is deterministic. The model synthesizes — it doesn't invent.
Human-in-the-Loop Gates
For high-stakes decisions — legal calls, regulatory enforcement, financial approvals — human review is mandatory regardless of model confidence. The gate is absolute.
The decision authority is deterministic. AI assists. Human decides.
Full Audit Trail
Every input, every output, every human decision, every override is logged with timestamp, user ID, and rationale. Immutable. Queryable. Exportable for regulatory review.
The audit trail is fully deterministic and defensible in any regulatory or legal review.
Figure 1 — LLM Gateway Architecture
LLM Gateway Architecture — Trust by Design Diagram showing how all AI traffic flows through a central LLM gateway with guardrails before reaching AI models Revenue Marketing HR Finance Legal Operations LLM Gateway Model Routing · AI FinOps · Token Cost Attribution · Rate Limiting · Audit Logging · AUP Enforcement Input Guardrails PII Detection · Prompt Injection Defense · Topic Restriction Output Guardrails Hallucination Detection · Schema Validation · Toxicity Filter FAST / LOW COST Claude Haiku / GPT-3.5 COMPLEX REASONING Claude Opus / GPT-4 ORCHESTRATION n8n / Agentic Workflows Every AI API call passes through the gateway — no exceptions

These five mechanisms together create a system where every high-stakes decision has a clear, explainable, and auditable path — regardless of the probabilistic nature of the underlying model. This is the chassis that allows the business to trust the AI engine.

03 — Five Principles

The Five Principles of Trust by Design

These principles are not aspirational values. They are sequencing rules — the order in which governance must be built to actually work at enterprise scale. Each one is derived from direct experience governing AI and platform systems at Google and Amazon.

01
Visibility Before Control

"You can't govern what you can't see."

The first step in any AI governance program is a shadow AI audit — finding every AI tool and workflow already in use before building the governance layer around it. At Google, the principle was the same for third-party software: Risk Inspector couldn't monitor what wasn't in the inventory. Map the landscape before you build the controls. Enforcement without visibility is theater.

02
Platform Before Headcount

"The platform scales. The headcount doesn't have to."

Build the LLM gateway, the guardrail architecture, and the intake framework before you scale the team. Every engineer added without a governed platform creates a new ungoverned integration. At Google, Risk Inspector governed 150+ business units with a central team of five — because the platform did the scaling, not the headcount. Hiring before the platform means scaling chaos.

03
Governance as Enablement

"The gateway has to be easier than the workaround."

Governance that creates friction will be bypassed. The LLM gateway, the intake process, and the acceptable use policy must be designed so that the governed path is the path of least resistance. At Google, Risk Inspector succeeded because compliance became the default — not because it was mandated. If using the official tool is harder than opening ChatGPT, you haven't solved shadow AI. You've just documented it.

04
Earn Trust Before You Govern

"Fix the pain before you ask for adoption."

People adopt governance when it removes their pain, not when it adds process. At Amazon, the 7-week access request backlog was fixed before asking engineering teams to adopt the new risk model. After removing the bottleneck, 70% adopted without being mandated. At Google, the 3-month privacy review was cut to days before teams were asked to change their process. Earn the right to lead change by serving first.

05
Measure from Day One

"If you can't measure it, you can't defend it."

Define success metrics before deployment — hours saved, cycle time reduction, error rate, cost per transaction. Measure pre and post. If the metric didn't move, learn why before building more. At Google, the AI/ML SteerCo ran a financial impact model across 50+ programs built with Finance from day one — so every program could be defended, prioritized, and compared on the same baseline. Governance without measurement is just overhead.

04 — Three Dimensions

AI Transformation · AI Security · AI Governance

Trust by Design is not a governance framework. It is an enterprise operating system for AI — three equal dimensions that work together. Most frameworks pick one. This covers all three, because you cannot have transformation without security, and you cannot have security without governance.

Dimension
What It Covers
Production Proof
AI Transformation
How enterprises go from scattered pilots to governed, scaled AI adoption. Operating model, LLM gateway, AI Champions program, intake process, 30-day path, executive reporting.
Google AI/ML SteerCo — 50+ programs, 14 verticals, $30–50M portfolio unified under one operating model.
AI Security
How AI systems are protected from the new attack vectors that didn't exist before LLMs. Guardrails, agentic threat modeling, red team protocols, PII protection, vulnerability management.
Google Risk Inspector (150+ BUs, 90% vulnerability reduction). Amazon Bedrock pipeline with tiered security controls.
AI Governance
How AI is controlled, measured, enforced, and audited. Risk tiering, HITL gates, audit trails, compliance by design, NIST/EU AI Act/GDPR/SOX alignment.
Both Google and Amazon — immutable audit logs, governance that held under regulatory review, measurable ROI on every program.
05 — Four Pillars

The Four Pillars of the Framework

The Trust by Design framework is organized into four operational pillars. Each pillar spans all three dimensions. Each pillar has specific published artifacts in the GitHub repository.

Pillar 01 — Risk & Classification
Classify Before You Build

Every AI use case gets classified before a line of code is written. The tier determines which controls apply, who must approve, and what monitoring is required.

01 — Risk Tiering Framework ✅ 08 — AI Transformation Starter Kit ✅
Pillar 02 — Security & Threat
Protect AI from Attack

8 guardrail patterns with working Python code, applied at the platform level. 8 agentic attack vectors modeled — including prompt injection, tool chaining, and data exfiltration.

02 — LLM Guardrail Patterns ✅ 03 — Agentic AI Threat Model ✅
Pillar 03 — Evaluation & Compliance
Prove Governance Works

Four-phase evaluation gates — readiness checklist before build, red team before deploy, continuous monitoring in production, 30-day measurement post-launch. Five regulations mapped to architecture decisions.

04 — Evaluation Framework ✅ 05 — Compliance by Design ✅
Pillar 04 — Transformation & Measurement
Scale and Prove Impact

DORA-adapted productivity measurement for AI developer tools — 7 metrics including Hallucination Escape Rate and Review Burden Index. Complete LLM case study with before/after metrics from production deployment.

06 — AI Dev Productivity Measurement ✅ 07 — Enterprise LLM Case Study ✅
06 — Complete Toolkit

Eight Published Artifacts

Every artifact is published open-source at github.com/gurukrish81/trust-by-design. Each one has a real production deployment behind it — not theory.

Artifact
What It Is
Best Used For
01 — Risk Tiering
frameworks/ ✅ LIVE
4-tier classification matrix with intake process. Classify any AI use case before build. Determines controls, approval path, and monitoring requirements.
Every new AI use case. The intake gate for everything else.
02 — LLM Guardrails
frameworks/ ✅ LIVE
8 security patterns with working Python code — PII detection (Presidio), prompt injection defense, system prompt hardening, output filtering, factual grounding, audit logging, rate limiting, action approval gates.
Platform-level implementation. Engineers implement once. Every business unit inherits.
03 — Agentic Threat Model
frameworks/ ✅ PUBLISHED
8 attack vectors specific to AI agents — direct/indirect prompt injection, privilege escalation via tool chaining, memory poisoning, goal misgeneralization, data exfiltration via legitimate channels, cascading agent failure, reasoning trace exposure.
Agentic AI deployments, Claude Code, AI coding assistants, multi-agent systems.
04 — Evaluation Framework
frameworks/ ✅ PUBLISHED
4-phase gate system — Governance Readiness Checklist before build, Red Team Protocol before deploy, Continuous Monitoring in production, 30-Day Post-Launch Review. Makes governance falsifiable.
Any AI system going to production. Proves governance is working with real metrics.
05 — Compliance by Design
frameworks/ ✅ PUBLISHED
5 regulations mapped to architecture decisions — GDPR (Article 22 explainability), HIPAA (BAA + PHI detection), SOX (audit trail + HITL for financial AI), CCPA (deletion reaching training data), EU AI Act (risk categories map to tiers).
Regulated industries, public companies, any company with EU user exposure.
06 — Dev Productivity
frameworks/ ✅ PUBLISHED
DORA adapted for AI-assisted development. 7 metrics — Deployment Frequency, Lead Time, Change Failure Rate, MTTR (all AI vs human-only), plus AI Code Acceptance Rate, Review Burden Index, Hallucination Escape Rate. Full ROI model included.
Engineering orgs deploying Claude Code, Copilot, Windsurf. Proves AI tooling ROI.
07 — Enterprise LLM Case Study
case-studies/ ✅ PUBLISHED
Complete production LLM governance case study — anonymized Bedrock pipeline. Problem, constraints, risk tiering decision, architecture (4 components), red team results, shadow mode rollout, 30-day metrics. 85% resolution time improvement, 97% guardrail efficacy, zero compliance incidents.
Proof of real implementation. The answer to "have you actually built this?"
08 — Starter Kit
starter-kit/ ✅ PUBLISHED
30-day enterprise AI transformation blueprint. Week-by-week: Visibility (shadow AI audit) → Platform (LLM gateway) → Controls (Tier 3/4 remediation) → Scale (AI Champions, AUP, executive reporting). Milestone checklist included.
Organizations beginning AI transformation. The starting point for any consulting engagement.
07 — Risk Tiering

The Risk Tiering Framework

Every AI use case must be classified before it is built. The risk tier determines which controls are required, who has approval authority, and what monitoring is mandatory in production. No use case moves to build without a tier assignment.

Tier 1 — Low
Routine

Summarization, classification, drafting assistance with no consequential decisions. Human reviews output before action.

Tier 2 — Medium
Operational

Workflow automation, customer-facing responses, data analysis with business decisions. Guardrails required. Sampling review mandatory.

Tier 3 — High
Consequential

Legal analysis, HR decisions, financial approvals, regulatory submissions. Human-in-the-loop gate required. Full audit trail mandatory.

Tier 4 — Critical
Regulated

Clinical decisions, enforcement actions, credit decisions, safety-critical systems. Requires legal review, executive sign-off, and regulatory validation before deployment.

Figure 2 — Risk Tier Decision Tree
Risk Tier Decision Tree — Trust by Design Decision tree showing how to classify AI use cases into four risk tiers New AI Use Case Does it touch regulated data or drive binding decisions? NO YES Is output consequential? Regulatory exposure? NO TIER 1 — LOW Routine YES TIER 2 — MED Operational NO TIER 3 — HIGH Consequential YES TIER 4 — CRITICAL Regulated No gate Sampling review HITL mandatory Legal + Exec approval

The full risk scoring matrix — with 12 criteria across impact, reversibility, data sensitivity, and regulatory exposure — is available in the GitHub repository at frameworks/01-risk-tiering-framework.md.

08 — Implementation

30-Day Implementation Path

Trust by Design is not a multi-year program. The foundation can be operational in 30 days. Here is the sequencing that has worked across multiple enterprise programs.

Days 1–7
Visibility — Map Before You Govern
  • Shadow AI audit — identify every AI tool and workflow currently in use
  • Inventory all approved AI tools, API keys, and LLM integrations
  • Classify each use case by risk tier using the scoring matrix
  • Identify the three highest-risk ungoverned workflows
Days 8–14
Platform — Build the Central Control Layer
  • Deploy LLM gateway — centralized routing, audit logging, cost attribution
  • Implement acceptable use policy with default-block enforcement
  • Apply input guardrails to all active Tier 2+ workflows
  • Establish intake process — discovery template, risk tier, ROI model
Days 15–21
Governance — Enforce and Measure
  • Apply output guardrails — schema validation, hallucination detection
  • Implement human-in-the-loop gates on all Tier 3 and Tier 4 workflows
  • Define pre/post measurement baseline for all active AI programs
  • Stand up executive reporting — adoption, cost, risk, outcomes
Days 22–30
Scale — Enable Without Becoming the Bottleneck
  • Train AI Champions — one per major business unit
  • Publish playbooks and intake guides for self-service use
  • First governed production deployment through the platform layer
  • First C-suite report — hours saved, spend by business unit, risk posture
Figure 3 — 30-Day Implementation Path
30-Day Implementation Path — Trust by Design Four-phase 30-day implementation path showing the sequence from visibility through scale DAYS 1–7 Visibility Shadow AI audit Risk classification Inventory all AI tools DAYS 8–14 Platform Deploy LLM gateway Enforce AUP Formalize intake DAYS 15–21 Governance Apply guardrails HITL gates Measurement baseline DAYS 22–30 Scale Train champions First production deploy C-suite report Visibility → Platform → Governance → Scale
09 — Framework Alignment

Regulatory and Framework Alignment

Trust by Design is designed to be regulatory-framework agnostic — the principles and pillars apply across jurisdictions. All artifacts align to the major frameworks your legal and compliance teams will reference.

Framework Relevant Functions Trust by Design Coverage
NIST AI RMF Govern, Map, Measure, Manage All four pillars map directly. Risk tiering implements Map. Evaluation framework implements Measure. Guardrail patterns implement Manage.
NIST CSF Identify, Protect, Detect, Respond, Recover Shadow AI audit implements Identify. Guardrails implement Protect. Monitoring implements Detect. Incident response protocols in evaluation framework.
EU AI Act Risk-based AI classification (high-risk obligations: August 2, 2026) Risk tiering framework maps directly to EU AI Act risk categories — Tier 3/4 covers high-risk use cases requiring conformity assessment. High-risk obligations apply August 2, 2026. Framework compliance is a byproduct of correct tier assignment.
GDPR / CCPA Privacy by design, data minimization Input guardrails include PII detection and data minimization. Compliance-by-Design artifact covers privacy touchpoints in AI workflows.
ISO 42001 AI management system standard Governance structure, risk assessment, and continuous monitoring requirements align to ISO 42001 clause structure.
SOX / HIPAA / PCI-DSS Audit trail, data handling, financial controls Full audit logging, human-in-the-loop gates, and data classification controls address sector-specific requirements.
About the Author
Guru Krish
Director — Enterprise AI Transformation, Governance & Security
ex-Google · ex-Amazon · Austin, TX

18 years building the operating infrastructure that makes enterprise AI trustworthy and scalable. At Google, designed the AI/ML governance framework that unified 50+ programs across 14 corporate verticals into a governed $30–50M portfolio, and built Risk Inspector — the mandatory governance platform across 150+ business units that cut partner onboarding from 150 days to 10 hours and unlocked $700M+ in ecosystem value. At Amazon, architected a production LLM governance pipeline on AWS Bedrock that classified 2,500+ access requests and reduced resolution times from 7 weeks to 1 week. Trust by Design is the codification of what those deployments taught about making AI safe, scalable, and trustworthy in production — across transformation, security, and governance simultaneously.