↖ Internal hub
▸ Internal · Record
govrn.ai
Program history — internal record. Enter the access code.
Invalid code.
⚠ Internal · program history — version record · confidential · not client-facing
▸ AI Governance Program · The Record

Program history.

The version-by-version record of how the AI-governance program evolved — what each version added, and who drove it. The current pitch is always at v1.0.

v1.0June 10, 2026The leadership pitch
In plain English: the version presented to the Kelly/MCG AI group. One coherent package: the governance-led motion, the proof it's built, the cost-and-efficiency lens, the ecosystem due diligence (Nexthink AI Drive), and the live pipeline shown as reference leads.
  • The pitch document — ten sections, opportunity → ask, reviewed by an independent five-perspective expert panel (governance standards, consulting GTM, Fortune-500 buyer, AI-cost economics, executive presentation) before release.
  • Standards posture hardened — certification language routed to accredited third-party bodies; the program never self-certifies.
  • Cost & efficiency lens in the live dashboard, with a modeled engagement baseline (~$34K/mo spend, ~$15K/mo recoverable).
  • Ecosystem due diligence — full product-and-category read on Nexthink AI Drive: complement, not competitor; potential partnership on the table.
  • Pipeline as reference leads — two live conversations (a property-management SaaS and a major health plan), framed honestly: in progress, proposals forthcoming, nothing closed.

Read v1.0 → · The prior pitch draft (v0.9-era) →

v0.9June 2, 2026The SecOps merge credit: Sean, Kelly SecOps
In plain English: Sean ran his own independent search for the open-source tools the program would use, and it was strong. v0.9 merges his work into the stack. His list filled the exact holes the program was thinnest on — how you enforce rules automatically, how you prove compliance for certifications, and how you keep an audit trail of everything the AI does. A large piece of v0.9 is his thinking and delivery.

Merged in from Sean's research

  • Open Policy Agent (OPA) — policy-as-code: the missing enforcement layer (who may call which model, dataset, or API), evaluated as code at request time.
  • OSCAL (NIST) — compliance automation: ISO 42001 / NIST controls as machine-readable evidence, so attestation isn't a manual scramble.
  • Langfuse — LLM audit logging: the clean record of prompts, responses, cost, and user activity.
  • OpenTelemetry — the open telemetry backbone for monitoring and compliance reporting.
  • Apache Atlas — data classification + lineage for the audit record.
  • OWASP WSTG / PTK — the repeatable pentest methodology around the AI.

The confidence signal

Two teams, searching independently, landed on the same 13-tool core (garak, PyRIT, promptfoo, OWASP ZAP, Arize Phoenix, AIF360, Fairlearn, SHAP, LIME, OpenMetadata, DataHub, Datasheets, OWASP LLM Top 10). When two independent searches converge, those are the non-negotiables.

Net effect

v0.9 locked the rinse-and-repeat formula — the 6-stage process (Discovery → Implementation → Test → Training → Certifications → Maintenance) with the merged toolset mapped to each stage. Sean's additions notably strengthen Implementation (OPA), Certifications (OSCAL), and Maintenance/audit (Langfuse, OTel).

v0.8June 1, 2026Consolidation baseline
In plain English: the first time everything was pulled together in one place — the offering, the first client application, the tools research, the brand systems, and the name check — documented and committed so the team could review it.
  • The govrn.ai offering document — live, keywalled, co-branded MCG/Kelly.
  • The first client application — a major health plan pitch, built in their brand, trademark-safe.
  • Tools & Ammunition v0.1 — ~50 web-verified tools, open-source vs commercial, mapped to delivery stages.
  • Brand capture, name-clearance review, and outreach drafting.
  • Packaged into the private team repository for review.
← Back to the v1.0 pitch