Governance Layers Overview
TheWARDN implements seven governance layers that provide defense-in-depth for AI operations. Each layer monitors and controls a different aspect of your AI stack, from the prompts entering the system to unauthorized tools running outside it.
Why Layered Governance?
Traditional security relies on perimeter defense -- a single wall that, once breached, leaves everything exposed. TheWARDN takes a fundamentally different approach: defense-in-depth.
Each governance layer operates independently. If one layer is bypassed, misconfigured, or temporarily disabled, the remaining layers continue to catch issues. This means:
- A prompt injection that slips past L1 can still be caught by L2 (reasoning validation) or L4 (content verification).
- An unapproved model that bypasses L6 policies will be flagged by L7 (shadow AI detection).
- A data leak that passes content scanning is still traceable through L3 (chain of custody).
Layers are independent and composable. You can enable any combination of layers based on your compliance requirements, risk tolerance, and operational maturity.
The Seven Layers
| Layer | Name | Purpose | Key Capabilities |
|---|---|---|---|
| L1 | Prompt Governance | Monitor and govern the prompt layer | Injection detection, PII scanning, jailbreak detection, template compliance |
| L2 | Reasoning Governance | Validate AI reasoning chains | Logical consistency checks, hallucination detection, reasoning audit trail |
| L3 | Custody & Chain of Evidence | Track data and model artifact custody | Data lineage, artifact custody, evidence chain integrity, transfer logging |
| L4 | Content Verification | Verify AI-generated output | Output scanning, fact verification flags, sensitive content detection |
| L6 | Model Governance | Govern the model supply chain | Model registry, MAP policies, shadow detection, platform connectors |
| L7 | Shadow AI Detection | Discover unauthorized AI usage | Network scanning, browser monitoring, desktop agent discovery |
Composable by Design
You do not need to deploy all seven layers at once. Start with the layers that address your most pressing compliance requirements, then expand coverage over time. Each layer delivers value independently.
How Layers Interact
While each layer operates independently, they share a common governance pipeline. Every AI action passes through the /govern endpoint, where applicable layers evaluate it and produce a verdict:
- APPROVED -- the action passes all active governance checks
- HELD -- the action is paused pending human review (advisory mode)
- BLOCKED -- the action is denied due to a policy violation (enforcement mode)
Verdicts are recorded in a hash-chained audit trail, ensuring tamper-evident records of every governance decision.
Operating Modes
Each layer supports three operating modes, allowing you to roll out governance incrementally:
| Mode | Behavior | Use Case |
|---|---|---|
| Monitor | Log events, no enforcement | Initial deployment, baseline discovery |
| Advisory | Flag violations, hold for review | Policy tuning, stakeholder alignment |
| Enforce | Block policy violations | Production governance |
Start in Monitor Mode
When deploying a new layer, always start in Monitor mode. This lets you observe the layer's behavior, tune policies to reduce false positives, and build confidence before enabling enforcement.
Next Steps
Select a layer from the table above to learn about its specific capabilities, configuration options, and console features.