The Road to Accountable AI

Kevin Werbach speaks with Venkat Siva, co-founder and CEO of CompFly AI, about why governing autonomous agents requires a fundamentally different approach than securing traditional software. Siva argues that agents create a genuinely new control problem. Because they decide at runtime which tools to call and which actions to take, governance cannot simply be bolted onto existing MLOps or security platforms built for fixed, deterministic workflows. Instead, control has to move to the "execution boundary" — the point where an agent's decision turns into a real-world action. And agent safety is much more than just model safety.
In practical terms, Siva makes the case for giving every enterprise agent a distinct, cryptographically verifiable identity using decentralized identifiers (DIDs) and verifiable credentials. He addresses the growing problem of "shadow agents," pointing to employees experimenting with powerful open-source autonomous tools inside enterprises, and explains discovery techniques like intercepting traffic to model APIs and watching for who requests LLM keys. He offers the concept of an "autonomy budget": classify actions by reversibility and financial, regulatory, and customer impact, so an agent might autonomously issue a small refund but require human approval for a large one. Drawing on his time at the electric automaker Rivian, Siva closes by contrasting recoverable digital failures with the irreversible stakes of agents embedded in physical systems, arguing that governance there must borrow from safety engineering.
Venkat Siva is the co-founder and CEO of CompFly AI, an early-stage company building a control plane to discover, validate, secure, and govern autonomous agents from code to production. Before founding CompFly with Anand Salodkar, he spent more than two decades building enterprise platform products that help organizations adopt new technology safely and at scale, including work at the electric vehicle maker Rivian. 

Transcript


The Architecture of Trust (Compfly Manifesto)
CoSAI Model Context Protocol Security white paper

Conversational AI is increasingly being used as a source of emotional support, even though general-purpose chatbots were never designed for that purpose. Concerns about AI's mental health impact, up to and including suicides, have moved onto the public policy agenda. Munmun De Choudhury, who has been studying the intersection of digital technology and mental health longer than almost anyone, walks through what researchers know, what they don't, and why the answers keep moving. 
The conversation centers on the difficulty of governing technologies whose capabilities and patterns of use are both changing every few weeks. De Choudhury invokes the cautionary tale of Google Flu Trends as a warning: any framework that assumes user behavior is fixed will eventually break. She argues that the harms and benefits of conversational AI are not just person-dependent but task-dependent, which makes general-purpose chatbots fundamentally harder to evaluate than the narrow medical AI systems researchers built for decades. She lays out a multi-stakeholder agenda to address AI's mental health risks, and argues that foundation models need to take into account principles from psychotherapy. 
Dr. Munmun De Choudhury is the J.Z. Liang Professor in the School of Interactive Computing at Georgia Tech, where she founded and directs the Social Dynamics and Wellbeing Lab (SocWeB). She is one of the most cited researchers in digital mental health and is widely credited with pioneering the computational use of social media data to study mental health outcomes. She co-leads the Patient-Centered Care Delivery research pillar at the Children's Healthcare of Atlanta Pediatric Technology Center, serves on the advisory board for the Australian government's eSafety panel, and was inducted into the SIGCHI Academy in 2024. Her honors include the 2023 SIGCHI Societal Impact Award and the 2021 ACM-W Rising Star Award. 
Transcript


Benefits and Harms of Large Language Models in Digital Mental Health
From Lived Experience to Insight: Unpacking the Psychological Risks of Using AI Conversational Agents

Holistic AI was one of the first companies built specifically to govern, audit, and red team AI systems. As co-founder and co-CEO Emre Kazim explains, its original thesis was that AI governance would mirror data governance: a compliance-driven regime. He now believes the better analogy is cybersecurity: a more technical, incident-driven discipline where best practices emerge from real-world events and propagate across industry, rather than descending from abstract regulatory frameworks. Kazim argues this shift has significant implications for who owns AI governance inside enterprises, what skills they need, and why documentation-and-reporting vendors are unlikely to capture the core of the market.
Kazim also makes the case that human-in-the-loop oversight, long treated as the default answer to AI risk, has become untenable as systems grow more dynamic and agentic. He distinguishes between two enterprise adoption patterns: a democratic model in which every employee has a copilot, and a vanguard model in which a small number of mission-critical agentic systems drive most of the value and demand most of the governance attention. Finally, he argues that meaningful research capacity will be the price of entry for AI governance firms going forward.
Dr. Emre Kazim is the co-founder and co-CEO of Holistic AI, an AI governance platform company spun out of University College London in 2020. He previously served as a Research Fellow in UCL's Department of Computer Science. Kazim has published more than 50 peer-reviewed articles on AI ethics and governance, serves as a member of the OECD's Network of Experts on AI, and is involved with the NIST AI Safety Institute.
Transcript


Towards Algorithm Auditing (Royal Society Open Science, 2024)
What is AI Governance? (Holistic Blog, February 2026)

Kevin Werbach speaks with long-time responsible AI leader Rumman Chowdhury the current environment, in which substantive standards and oversight efforts for AI are taking shape amid a larger anti-regulation wave. Chowdhury distinguishes sharply between frontier labs, where the posture is largely "AI at all costs," and the non-tech enterprises she works with, who are wrestling with how to scale governance bodies that originally reviewed single AI implementations to hundreds of systems, third-party procurement questions, and agentic workloads. She describes the current evaluations market as immature on nearly every dimension, and explains why generic benchmarks rarely translate to enterprise contexts like insurance or auto manufacturing.
The conversation then turns to AI's impact on work and education. Her concern is that companies pursuing short-term efficiency by cutting entry-level hiring will face what MIT researchers Caosun and Aral call the "augmentation trap," in which workers' cognitive skills atrophy while new workers never develop them. She offers "discernment" as her 2026 word of the year, discribing the skill -- more than just critical thinking -- we must cultivate and defend. Her new podcast and forthcoming book, Thinking About Thinking, argues that our notion of intelligence was built for an Industrial Revolution workforce we are now automating away.
Dr. Rumman Chowdhury is the founder of Humane Intelligence PBC, building modular, tool-agnostic AI evaluation infrastructure for enterprise and real-world contexts. She co-founded the nonprofit Humane Intelligence in 2022 and served as its CEO until 2025. She previously was Director of the Machine Learning Ethics, Transparency, and Accountability team at Twitter, founder of the algorithmic audit platform Parity, and Global Lead of Responsible AI at Accenture, where she built one of the first enterprise-level bias detection tools. She has served as U.S. Science Envoy for AI and as a Responsible AI Fellow at Harvard's Berkman Klein Center, and holds a doctorate in political science from the University of California, San Diego.
Transcript


Virginia SB 384 / HB 797 — Independent Verification Organization legislation (Fathom)
The Augmentation Trap: AI Productivity and the Cost of Cognitive Offloading
Open to Debate: Will AI Make Work Obsolete?
Why AI evals need to reflect the real world (Transformer)

Var Shankar makes the case that most AI governance guidance is built for large, sophisticated, multifunctional global enterprises — and that this leaves out the roughly half of American workers employed at organizations with fewer than 500 people. Through the Council on AI Governance, the nonprofit he leads with Alexis Cook, he is trying to fill that gap with open, current, and pragmatic resources, including an AI Governance Playbook organized around four focus areas: strategy, risk and compliance, workforce literacy, and operational management. He tells Kevin that the case for AI governance no longer needs to be made; what smaller organizations now need is help asking vendors the right questions and clarifying who owns what internally when a few people are doing many jobs.
The conversation then turns to the parts of the field Var thinks are most undercooked. Workforce literacy, he argues, is the focus area most often neglected because it functions as a vitamin rather than a painkiller — long-term, hard to resource, and easy to reduce to a training module when what is actually needed is hands-on involvement in pilots and documentation. He explains why healthcare offers an unusually strong foundation for AI assurance, with its existing regulatory architecture, comfort with use-case variability, and tradition of post-deployment monitoring, and he describes assurance itself as the connective tissue between an organization and the outside world — distinct from regulation and from internal governance, not a substitute for either. Drawing on a pilot he co-authored on with the Standards Council of Canada testing system-level certification at a Canadian bank, he highlights two surprising lessons: that even simplified certification criteria get interpreted differently by different actors, and that even one of the world's most forward-thinking public standards bodies lacked the technical capacity to play standard-setter for something as dynamic as an AI system. He closes with practical advice for risk and compliance professionals: start with the positive vision of what the organization is trying to do with AI, observe how existing IT, data, and security governance already work, and identify which standards ecosystems the organization is already plugged into.
Var Shankar is Executive Director of the Council on AI Governance, an independent nonprofit developing open AI governance resources for organizations of all sizes. He previously served as Executive Director of the Responsible AI Institute and as Chief AI and Privacy Officer at Enzai, a regtech AI compliance startup. An attorney by training and a graduate of Harvard Law School, he practiced law at Cravath, Swaine & Moore and earlier worked on the Clinton Global Initiative and with the government of British Columbia on digital government and COVID response. He teaches AI governance at Purdue, where he has helped develop a master's-level AI auditing program, and serves on the OECD Network of Experts on AI, the World Economic Forum's AI Governance Alliance, and the Brookings Forum for Cooperation on AI. He co-developed Kaggle's Intro to AI Ethics course with Alexis Cook.
Transcript
 
Council on AI Governance: AI Governance Playbook
Context-specific certification of AI systems: a pilot in the financial industry (AI and Ethics, 2025)
Standards Council of Canada AI accreditation pilot