ValidMind, a provider of AI governance solutions for financial institutions, has introduced Atryum, an open-source governance framework designed to oversee AI agent actions. The project is now available on GitHub, and the company has also begun accepting applications for early access to ValidMind Agent Authority, an enterprise-grade offering built on the Atryum foundation.
As AI agents increasingly perform high-impact tasks such as executing financial transactions, modifying production systems, and updating critical records without human intervention, organizations face a growing governance challenge. While existing security systems can verify credentials and access rights, they often lack the ability to determine whether a specific action falls within an agent's approved responsibilities. Atryum addresses this oversight gap by providing an independent layer of control and accountability.
Positioned directly within the execution path of AI agents, Atryum monitors every tool invocation across protocol, harness, and platform layers. Before an action is completed, the framework evaluates it against organizational policies, escalates it for human review when necessary, and records all decisions in a dedicated audit trail controlled by the organization. The solution is designed to function across different runtimes, AI models, and deployment environments.
"Financial institutions are preparing to manage an entirely new type of workforce," said Jonas Jacobi, Co-founder and CEO of ValidMind. "Many organizations either route every decision through human approval or limit agents so heavily that they deliver little value. The real opportunity comes from establishing governance structures that allow agents to operate independently while maintaining oversight. Agent Authority provides each agent with defined responsibilities, accountability, and visibility, enabling meaningful autonomy without sacrificing control."
As an open-source initiative, Atryum offers developers and platform teams a standardized, platform-independent approach to governing AI agents at the moment actions are executed. Rather than creating custom governance mechanisms for every new agent framework, organizations can build on a common foundation.
ValidMind Agent Authority, currently available through an early access program within the ValidMind platform, expands on Atryum with enterprise-focused capabilities tailored for regulated industries. These include AI-driven policy evaluation for complex scenarios that static rules cannot adequately assess, approval workflows based on users and groups, hierarchical agent-specific governance policies, integration with enterprise identity and access management systems, and advanced audit analytics for regulatory and compliance requirements. The solution will be offered under a commercial Enterprise License and will include testing, validation, support services, and contractual protections expected by enterprise customers.
"When the same platform that runs an AI agent is also responsible for governing it, there is an inherent conflict of interest," said Andres Rodriguez, Co-founder and CTO of ValidMind. "Effective oversight must remain independent from the vendors whose agents are being supervised. Atryum enforces governance directly within the action execution path, regardless of which runtime or credential initiated the request. However, enforcement alone is not enough. Regulated organizations also require robust policy management, approval controls, and comprehensive auditability to justify and defend every decision."
Atryum is now available through GitHub and Atryum.org under a dual licensing model that includes both Apache 2.0 and Enterprise License options.
Click here to know more.
As AI agents increasingly perform high-impact tasks such as executing financial transactions, modifying production systems, and updating critical records without human intervention, organizations face a growing governance challenge. While existing security systems can verify credentials and access rights, they often lack the ability to determine whether a specific action falls within an agent's approved responsibilities. Atryum addresses this oversight gap by providing an independent layer of control and accountability.
Positioned directly within the execution path of AI agents, Atryum monitors every tool invocation across protocol, harness, and platform layers. Before an action is completed, the framework evaluates it against organizational policies, escalates it for human review when necessary, and records all decisions in a dedicated audit trail controlled by the organization. The solution is designed to function across different runtimes, AI models, and deployment environments.
"Financial institutions are preparing to manage an entirely new type of workforce," said Jonas Jacobi, Co-founder and CEO of ValidMind. "Many organizations either route every decision through human approval or limit agents so heavily that they deliver little value. The real opportunity comes from establishing governance structures that allow agents to operate independently while maintaining oversight. Agent Authority provides each agent with defined responsibilities, accountability, and visibility, enabling meaningful autonomy without sacrificing control."
As an open-source initiative, Atryum offers developers and platform teams a standardized, platform-independent approach to governing AI agents at the moment actions are executed. Rather than creating custom governance mechanisms for every new agent framework, organizations can build on a common foundation.
ValidMind Agent Authority, currently available through an early access program within the ValidMind platform, expands on Atryum with enterprise-focused capabilities tailored for regulated industries. These include AI-driven policy evaluation for complex scenarios that static rules cannot adequately assess, approval workflows based on users and groups, hierarchical agent-specific governance policies, integration with enterprise identity and access management systems, and advanced audit analytics for regulatory and compliance requirements. The solution will be offered under a commercial Enterprise License and will include testing, validation, support services, and contractual protections expected by enterprise customers.
"When the same platform that runs an AI agent is also responsible for governing it, there is an inherent conflict of interest," said Andres Rodriguez, Co-founder and CTO of ValidMind. "Effective oversight must remain independent from the vendors whose agents are being supervised. Atryum enforces governance directly within the action execution path, regardless of which runtime or credential initiated the request. However, enforcement alone is not enough. Regulated organizations also require robust policy management, approval controls, and comprehensive auditability to justify and defend every decision."
Atryum is now available through GitHub and Atryum.org under a dual licensing model that includes both Apache 2.0 and Enterprise License options.
Click here to know more.