Does the rate of change, the broad penetration, and the complexity of managing and securing AI in general, and AI agents in particular, mean that organizations are stuck on the ground - or flying blind - without a viable strategy for operationalizing governance and dealing with regulatory pressures?
Agent builders need to follow governance policies for the agent capabilities they develop for the agent owner’s business objectives, and security teams need to embed controls based on those policies that protect the agent and ensure compliance but still allow it to do its job. Stakeholders need a common trust baseline that allows them to assess the risk and capability tradeoff for the agent, before deployment and in production.
The gap is how to translate governance policies into code for the specific agent and its business context that actually enforces those policies, and identifies when policies fall short in preventing a failure, a compliance violation, or an external attack.
This blog post outlines common AI governance challenges, looks at how the National Association of Insurance Commissioners (NAIC) Model Bulletin on the Use of Artificial Intelligence Systems by Insurers may serve as a strategic guidepost for organizations despite its limitations, and introduces the triad concept to the worlds of policy and system-level enforcement for collaborative enablement of trustworthy AI - within the broader agentic lifecycle.
Why is governance for AI agents challenging?
While the US federal government has been noticeably absent from the debate over AI regulation and safety, organizations can look to compliance mandates such as the EU AI Act and multiple state-level laws in the US that cover generative AI to design their governance and audit programs; while, security teams can leverage initiatives such as the ISO/IEC 42001 and the NIST AI Risk Framework - which is actively updating guidance to deal with AI agents - to build a systematic approach for identifying and mitigating risks.
The practical challenge for many organizations is translating these frameworks and policy obligations into technical controls that match the capabilities of autonomous agents - applying deterministic constraints on their probabilistic actions in ways that balance governance and business outcomes. These controls, in turn, serve as the foundation for monitoring in production and the basis for compliance reporting.
Traditional AI governance frameworks were largely designed around static predictive models.
Agentic systems introduce entirely new risk dynamics:
- Autonomous decision-making
- Dynamic behavior
- Multi-agent interactions
- Tool chaining
- External system access
- Non-deterministic outputs
These characteristics make governance for agents substantially harder.
And more fundamentally, AI agents can’t be governed or secured in a vacuum: policies should be informed by the purpose of the agent - answering the question of why it’s being developed - and the persona - answering the question of who is the agent acting on behalf of. This context is not only critical for mitigating against known risks, it is also central to risk-based enablement for business impact.
What is the NAIC Model Bulletin - and why is it relevant?
The National Association of Insurance Commissioners (NAIC) Model Bulletin on the Use of Artificial Intelligence Systems by Insurers may serve as one model for governance, because of its focus on how AI is being used in the context of a specific business activity, coupled with a set of guiding principles for AI-generated outcomes. The Model stipulates that the same rigor applied to cybersecurity, financial controls, privacy, and operational risk should be applied to AI.
The NAIC Model Bulletin — now adopted by roughly 24 states — requires insurers to adopt, implement, and maintain a documented AI program (an "AIS Program") to support responsible AI use and mitigate the risk of inaccurate or discriminatory decisions, particularly when AI is used in regulated processes like underwriting, pricing, and claims.
The NAIC's foundational position is that the technology does not change the legal obligation.
The core principles in the bulletin closely mirror what's becoming standard globally. It is heavily influenced by the OECD AI Principles, G20 AI Guidelines, the U.S. Executive Order on AI, and the EU AI Act. Those shared principles — transparency, accountability, human oversight, fairness, and non-discrimination — appear in virtually every major AI governance framework worldwide.
The insurance industry recognized relatively early on that the commercial use of machine learning and AI that the technology presented both risks and benefits. The benefits of AI in insurance — precision underwriting, faster claims, fraud detection, cost reduction, and personalization — are significant. But they come with risks that are equally concrete: discriminatory outcomes, opaque decisions, vendor dependency, and an evolving regulatory enforcement apparatus.
Adoption of AI is widespread in the industry: according to the organization’s own research, 70% of automobile, homeowners, and health insurers responding to the surveys are currently using, planning to use, or exploring the use of AI, while 58% of life insurer respondents report current or expected future use. Insurers electing not to use AI/ ML primarily attribute their decision to a lack of business need, limited resources and expertise, and reliance on legacy technology, which would require system upgrades.
The NAIC bulletin does not introduce entirely new rules. Instead, it clarifies that existing laws governing unfair discrimination, consumer protection, market conduct, and risk management also apply to AI systems.
Rather than waiting for comprehensive AI legislation, NAIC has been proactive in applying existing legal frameworks to AI-enabled decision-making. The logic is straightforward:
- If underwriting decisions are regulated, AI underwriting decisions are regulated.
- If lending decisions are regulated, AI-driven lending decisions are regulated.
- If hiring discrimination is illegal, AI-assisted hiring discrimination is illegal.
It explicitly requires insurers to establish formal AI governance programs, document risk management processes, oversee third-party AI vendors, monitor models continuously, and maintain evidence demonstrating compliance readiness.
NAIC is currently running a multistate pilot of an AI Evaluation Tool, started in January and concluding in 2026, with twelve states participating including Colorado, Maryland, Virginia, Connecticut, Pennsylvania, California, and others. The tool is designed to give regulators a structured framework for reviewing insurer AI systems during market conduct examinations.
What are the limitations of the NAIC Model for agents?
Most insurer AI governance programs were built around the NAIC Model Bulletin framework adopted in December 2023. That framework is solid for its intended purpose: ensuring that AI systems used in decision-making comply with existing insurance laws, maintain documentation, undergo testing for bias and accuracy, and operate under senior management oversight.
But the Model Bulletin was written for a world where AI produces outputs and humans make decisions. When the AI itself becomes the decision-maker and the executor, several assumptions in that framework start to break down.
Also, NAIC is insurance-specific, not agentic AI-specific. The business use cases, obviously, do not translate to other industries, and does not provide technical guidance that can be generalized across agentic systems.
The bulletin was designed for algorithmic underwriting and claims tools, not the new generation of autonomous AI agents that act, book, execute, and manage tasks independently. In December 2025, OWASP published the first formal taxonomy of risks specific to autonomous AI agents — including goal hijacking, tool misuse, identity abuse, memory poisoning, and rogue agents — areas the NAIC framework doesn't directly address.
Closing the Loop With The Triad Concept
The Persona–Policy–Purpose triad maps directly onto the accountability structure at the heart of the NAIC Model Bulletin.
In the triad, Persona captures who is acting — the user or decision-maker deploying the AI agent — which aligns with the bulletin's requirement that insurers identify and document human accountability across every part of the insurance lifecycle.
Policy represents what rules govern the agent's behavior, reflecting the bulletin's mandate that insurers maintain a written AI System (AIS) Program; like security and privacy frameworks, the Model AI Bulletin emphasizes the need to incorporate policies, procedures, processes, risk management, and internal controls into an existing or new governance structure.
Purpose defines why the agent exists — the specific use case, such as underwriting, claims adjudication, or fraud detection — which the bulletin requires to be explicitly scoped and tested for adverse consumer outcomes.
The three relational edges reinforce this further:
Context (Persona ↔ Policy) reflects the obligation to document who is authorized to use an AI system and under what conditions;
Governance (Policy ↔ Purpose) maps to the bulletin's expectation of a documented accountability structure involving appropriate disciplines — business units, actuarial, data science, underwriting, claims, legal, and compliance — with senior management or board accountability for oversight;
Intent (Persona ↔ Purpose) captures the alignment between the operator's goal and the agent's function, which the bulletin scrutinizes to ensure AI-driven decisions do not produce discriminatory or unfair outcomes.
Mapping the agent lifecycle to NAIC requirements
Many governance conversations are shifting toward concepts like trust scoring, behavioral validation, runtime monitoring, and AI intent analysis that allow cross-functional teams to conduct clear-eyed assessments of the benefits against risks. The functional components of this model are testing and validation of AI systems, security controls, transparency/explainability, and ongoing monitoring in production.
Vijil’s approach operates across three dimensions to help organizations implement and maintain a governance strategy aligned with the NAIC model.
- Policy definition - ingest or define policies
- Bespoke testing through a custom harness to generate a trust score
- Operationalizing the phases of the agentic lifecycle: testing, embedding guardrails, monitoring in production, and maintaining a feedback loop from production failures to development improvements.
Policy definition
Agent owners and agent developers can either author policies directly, or ingest existing policy documents. Vijil parameterizes the policies and then generates a set of bespoke evaluations
Policies are explicitly layered:
- Regulatory (e.g., GDPR, HIPAA, NAIC)
- Standards (e.g., NIST, OWASP)
- Organizational (company-wide rules)
- Agent-Specific (localized constraints)
Each policy defines:
- Scope of applicability
- Enforcement mode (allow, block, quarantine, log)
- Escalation and audit requirements
Bespoke testing through custom harnesses
Agent builders can evaluate the agent using a custom harness that is specific to the intent, context, and environment - as well as potential security risks. As the output of the bespoke evaluation, Vijil produces a Trust Score that is specific to the agent, and provides an objective measure of where the agent is strong, its weaknesses, and its vulnerabilities to assess relative to risk thresholds and compliance requirements - in addition to reliability objectives. The Trust Score serves the requirement for compliance and legal teams to evaluate agents based on objective, system-generated evidence.
Agentic lifecycle operationalization
Vijil supports a closed loop process that wraps around translating policies to code: evaluation findings inform guardrails, production telemetry feeds back into evaluation, and the agent continuously improves through the cycle based on how policies and controls perform at runtime to minimize failures and successful attacks. Security and development teams can align on which guardrails are required, validate that the guardrails improve the Trust Score, and establish a baseline for agent actions and behavior monitoring and observability. When trust does degrade in production through failures or attacks, security teams can provide specific guidance on how to improve the agent’s trust.
Closing
Vijil enables security and governance teams to translate policies for NAIC Model Bulletin for AI alignment into code, so agent owners can evaluate how trusted their agents are for a specific task or outcome, and implement runtime controls that protect trust based on those policies. Vijil’s ongoing monitoring through embedded guardrails addresses both practical requirements, and enables a feedback loop from production back to development based on real-world behavior.
.png)
