Talk

From Alignment to Access Control: A Unified View of GenAI Policy Enforcement

Abstract

The word "policy" means radically different things across the security, engineering, and AI research communities; examples include access controls, agent flow constraints, output validation, behavioral norms, and model alignment. This fragmentation has produced enforcement approaches that are siloed, ad hoc, and designed to handle only one policy at a time, while real enterprise GenAI applications demand simultaneous compliance across all these layers at once. Compounding this problem, some policies have no deterministic enforcement path and require inspecting model internals or relying on model-based judgment, while others demand hard guarantees where probabilistic enforcement is unacceptable — and today's tools are not built to navigate that tension. Until the community confronts this fragmentation and abandons clearly flawed approaches, true policy compliance in enterprise AI systems will remain an illusion.