Enterprise AI Governance for OCI Generative AI

Enterprise AI governance ensures AI systems are secure, compliant, and aligned with organizational policies through a combination of infrastructure, access control, and safety enforcement.

Key components include:

• IAM Policies
  • Control who can access, use, and manage AI resources:
    • Give permission to user groups to access one or more OCI Generative AI resources.
    • Give permission to OCI Generative AI resources to access other OCI services.
    • Give permission to other OCI services to access OCI Generative AI resources.

  See IAM Policies for OCI Generative AI.

• Private Endpoints
  • Keep model access within a secure network boundary to prevent public exposure.
• API keys
  • Give access to OCI Generative AI models with unique service generated strings (API keys).
  • Give access to OCI Generative AI API with unique service generated strings (API keys).

  See API Keys.

• OAuth

  OAuth is the only supported authentication type for agentic tasks and you must have an application in an OCI identity domain in advance to generate an auth token. Then information of this domain and its application is used to setup authentication configuration during Application creation.

  • Create a domain in OCI identity domain and then create a secure applications the domain for agentic tasks.
  • Set up OCI Generative AI applications that can access the domain application for agentic tasks.

  See Setting up Authentication for Agentic Support.

• Zero Trust Packet Routing (ZPR)
  • Enforces secure, identity-based communication between services:
    • Create private endpoints in OCI Generative AI service.
    • Add zero trust packet security to the private endpoints.

• See Managing Security Attributes for Private Endpoints (PE)s.

• Guardrails
  • Apply runtime safety and compliance controls on inputs and outputs.

Together, these capabilities provide end-to-end governance across access, network security, and AI behavior.