Trust boundaries define where identity, policy, data access, and execution are enforced — so AI-assisted work stays accountable end-to-end.
Why it matters
Enterprise AI fails when applications hold long-lived system credentials, skip role context, or execute outside audit paths. AI Fabrix enforces boundaries structurally — not through prompt instructions alone.
Architects document these zones in security reviews; integrators implement config that respects them; operators rely on certification proving they hold.
Boundary map
| Zone | Responsibility | Trust controls |
|---|---|---|
| Identity / controller | Users, groups, roles, deploy lifecycle | Authentication, RBAC registration, environment policy |
| Integration config | Local and published manifests | Schema validation, repair, upload pipeline |
| Dataplane execution | Data access, CIP, sync | ABAC dimensions, protection, in-process identity for runs |
| Capability gateway | Pre-execution gate | Role, scope, certification, approval, evidence requirements |
| AI / worker surface | Task planning and requests | No direct system mutation; capability requests only |
External systems sit outside the trust envelope. Only mediated capabilities cross inward.
Request path (simplified)
User + active role
→ Digital Worker (task context)
→ Capability request
→ Gateway checks (Operational Trust)
→ Dataplane execution (CIP / connector)
→ Evidence capture (Evidence Fabrix)
Deny at the gateway is expected behavior when role, certification, or policy does not allow the action — not a platform defect.
Certification aligns to boundaries
| Pillar | Boundary exercised |
|---|---|
verify-operations |
Dataplane execution + external connectivity |
verify-trust |
Metadata complete for AI/worker surface |
verify-governance |
Dimensions/protection at execution boundary |
Integrators run certification after upload; architects define when each pillar is required for production.
Anti-patterns
| Anti-pattern | Risk |
|---|---|
| Embedding API keys in worker prompts | Credential leak; no audit path |
| Bypassing capabilities for “speed” | Ungoverned mutation |
| Admin service account for all AI tests | False governance confidence |
| Chat logs as audit record | No structural evidence |