AI GOVERNANCE · watsonx

Govern every watsonx model and agent with declared capability, signed identity, and verifiable control evidence.

A proof surface for how IBM watsonx deployments get governed: machine-readable capability and regulatory-class declarations, signed-JWT identity propagation, read-only connector posture, and append-only control evidence a procurement team can verify themselves.

2 / 5 controls live
IBM watsonx AI governance audit-stream MCP verify
The controls

5 controls. 2 live, 3 mapped — stated honestly.

Every claim points to a real artifact you can open. Where a control is specced but not yet shipped, it says so — no surface here pretends to be further along than it is.

Identity propagates from the host via signed JWT — Kinetic Gain verifies IBM's signature and never mints its own session. A buyer's security review starts and ends here.
artifact · kg-token-validator
Live
Every governed action becomes an append-only, hash-chained audit event — tamper-evident by construction.
artifact · audit-stream
Live
Every model and agent declares what it can do and its regulatory class in machine-readable JSON — capability and classification, not prose.
Mapped
Connectors are read-only by default; any write requires a separate, named, audited grant.
Mapped
A buyer's compliance team can curl /verify against the live declaration and walk the evidence chain independently.
Mapped
The differentiator

The Suite stops being marketing the moment a buyer can verify it.

Don't take our word — curl the evidence.

Governance posture is only worth what a procurement team can independently confirm. Where the validator is live, a buyer fetches the declaration and walks the hash-chained audit trail themselves — capability, classification, and control evidence, machine-readable and self-checking.

# once the validator ships for this surface
curl https://watsonx.kineticgain.com/.well-known/kg-verify.json | kg-validate -