# AI Governance Is Broken: Why a Control-Plane Approach Is the Fix Enterprises Need
As organizations race to deploy artificial intelligence at scale, a troubling gap has emerged. The governance frameworks meant to keep these systems in check have not evolved nearly as fast as the technologies they are supposed to oversee. The result is a growing misalignment between dynamic AI systems and the static, fragmented tools used to govern them.
Thought leader Varun Raj explored this critical issue in depth following his session at the BrightTALK Cloud Convergence Summit. Drawing on extensive experience designing and operating large-scale enterprise AI platforms, Raj makes a compelling case that governance must transform from a policy-layer afterthought into an integrated, runtime capability embedded directly within the execution path of AI systems.
## The Core Problem: Static Governance Meets Dynamic Systems
The fundamental issue, according to Raj, is that governance models have remained static while the systems they govern have become profoundly dynamic. Most existing approaches were built on the assumption that system behavior is predictable and that changes happen infrequently. AI systems violate both of those assumptions on a continuous basis.
“They continuously adapt, interact, and evolve within broader system contexts,” Raj explains. “That mismatch creates blind spots that governance frameworks were never designed to address.”
This is not a theoretical concern. In production environments, the consequences are already visible. Systems can meet every observable health indicator — uptime, latency, throughput — and still produce outcomes that are inconsistent, misaligned, or contextually wrong. The infrastructure is functioning perfectly, but the system is not behaving as intended.
“This is not a failure of infrastructure; it is a failure of control,” Raj notes. “That distinction is critical and largely unaddressed in current governance models.”
## Why Traditional Governance Falls Short
Traditional governance models operate by defining policies externally and validating compliance on a periodic basis. This approach assumes that system behavior can be bounded and predicted ahead of time. For AI systems embedded in complex workflows and operating under constantly changing conditions and inputs, that assumption breaks down entirely.
“Governance that is external and retrospective cannot keep pace with that level of dynamism,” Raj argues.
The risks that emerge from this misalignment are not the dramatic, headline-grabbing kind. They are subtle and insidious. The most significant risk, Raj contends, is undetected behavioral deviation — systems producing outputs that are subtly incorrect, non-compliant, or misaligned with intent without ever triggering an alert. Over time, these small deviations accumulate into systemic risk that is extraordinarily difficult to trace or remediate.
This class of risk is fundamentally different from what traditional distributed systems face. In conventional systems, failure tends to be observable and localized. In AI systems, risk is distributed and behavioral. The system keeps running, but the integrity of its decisions quietly degrades. Standard observability tools were never built to catch this kind of slow-moving failure.
## Introducing the Control Plane AI Governance Model
To address these structural shortcomings, Raj has proposed the Control Plane AI Governance Model, or CPAGM. The central premise is straightforward but powerful: governance should be treated as a system capability rather than an external function.
CPAGM embeds control mechanisms directly into the execution path of AI systems. This enables continuous behavioral evaluation, real-time policy enforcement, and automated intervention the moment deviations are detected. In essence, it shifts governance from passive observation to active control.
“The control plane is where decisions about execution happen,” Raj explains. “Placing governance there ensures that control is applied before outcomes propagate through the system. External monitoring can tell you what happened; the control plane determines what is allowed to happen.”
## Three Foundational Capabilities
Implementing this model requires three essential capabilities, all of which must operate as intrinsic parts of the system rather than as bolt-on additions:
1. **Continuous visibility into system behavior** — the ability to monitor what the system is doing at all times, not just whether it is running.
2. **Real-time evaluation against expected outcomes** — comparing actual behavior against defined policies and intent on an ongoing basis.
3. **Deterministic intervention mechanisms** — the ability to step in and correct or halt behavior when deviations are identified, in a predictable and reliable manner.
## Challenges and Trade-Offs
Adopting a control-plane approach to AI governance is not without its obstacles. Raj acknowledges that most existing infrastructure was simply not designed for this level of control. Governance responsibilities are also frequently fragmented across multiple teams, making coordinated implementation a significant organizational challenge that requires both architectural changes and cultural alignment.
There are trade-offs as well. Embedding governance into the execution layer introduces additional system complexity and some operational overhead. However, Raj argues that these costs are more than justified by the benefits: improved reliability, stronger risk control, and the ability to operate AI systems with genuine confidence at scale.
“Without these capabilities, organizations are effectively operating without full control,” he states.
## Compliance and the Role of Platform Teams
For organizations operating in regulated industries, the control-plane model offers a particularly compelling advantage. It enables organizations to demonstrate that governance is not merely defined on paper but actively enforced in real time. This closes the gap between policy and execution — a critical requirement for auditability and regulatory assurance.
As AI systems grow more autonomous, the role of platform teams also evolves significantly. Under the CPAGM framework, platform teams become the primary stewards of system behavior. Their responsibility extends well beyond managing infrastructure to ensuring that AI systems operate within defined boundaries. Governance becomes an inherent property of the platform itself, woven into its architecture rather than layered on top as an external overlay.
## The Path Forward
The message from Raj’s analysis is clear: the gap between AI capability and AI governance is not a minor oversight — it is a structural flaw that will only widen as systems become more complex and autonomous. Organizations that continue to rely on static, external governance models are accepting a level of risk they may not even be aware of. A control-plane approach offers a path to closing that gap, embedding accountability and enforcement directly into the systems that need it most.
—
*This article is based on content from Varun Raj’s session at the BrightTALK Cloud Convergence Summit. The original post features an expert Q&A conducted by Alicia Landsberg, senior managing editor on the BrightTALK summits team. Viewers can register for the full webinar to learn more.*



