Semantic Intelligence in Governance

How Intended uses semantic understanding to enrich policy evaluation and governance decisions.

intermediate4 min readimplemented

What is Semantic Intelligence?#

Semantic intelligence is the layer within the Intended authority runtime that analyzes the meaning and context of AI execution intents before policy evaluation occurs. Rather than evaluating intents purely against static rule patterns, the semantic layer extracts structured signals from unstructured requests.

This enables governance policies to reason about what an AI agent is trying to do — not just pattern-match against keywords.

How It Fits in the Pipeline#

The semantic intelligence layer sits between intent submission and policy evaluation:

An AI agent submits an intent via the API
The semantic layer analyzes the intent to extract structured context
Extracted signals are attached to the evaluation context
The policy engine evaluates the enriched intent against active policies
A decision token is issued based on the evaluation result

Note

The semantic layer is an enrichment step. It does not make authorization decisions — that responsibility belongs exclusively to the policy engine.

Extracted Signals#

The semantic layer produces structured signals that policies can reference:

Intent Classification#

Each intent is classified into a category that describes the type of action:

data-access — reading or querying data stores
data-mutation — creating, updating, or deleting records
external-communication — sending messages, emails, or API calls to third parties
code-execution — running generated or retrieved code
financial — transactions, transfers, or payment operations
administrative — user management, configuration changes

Risk Indicators#

The semantic layer assigns risk indicators based on the intent content:

sensitivity — whether the intent involves PII, credentials, or regulated data
scope — narrow (single record) vs broad (bulk operations)
reversibility — whether the action can be undone
external-reach — whether the action touches systems outside the trust boundary

Entity Extraction#

Structured entities are extracted from intent payloads:

Target resources (tables, APIs, services)
Data categories (PII fields, financial records)
Affected users or accounts
Referenced external systems

Using Semantic Signals in Policies#

Policies can reference semantic signals in their conditions:

yaml

# Block bulk data exports involving PII
policy:
  name: block-bulk-pii-export
  conditions:
    - semantic.classification == "data-access"
    - semantic.scope == "broad"
    - semantic.sensitivity == "pii"
  decision: deny
  reason: "Bulk PII exports require explicit approval"

yaml

# Require approval for external communications
policy:
  name: approve-external-comms
  conditions:
    - semantic.classification == "external-communication"
    - semantic.external_reach == true
  decision: require-approval
  approvers: ["security-team"]

Tip

Semantic signals are available in the decision token's context field, so downstream enforcement points can inspect what signals contributed to the decision.

Governance Benefits#

Beyond Pattern Matching#

Traditional API gateways match on URL paths, HTTP methods, and headers. Semantic intelligence enables matching on the meaning of the request:

"Summarize last quarter's revenue" and "Export all financial records" are both data-access requests, but the semantic layer distinguishes their scope and sensitivity.
A policy can allow narrow analytical queries while requiring approval for broad data exports — without hard-coding specific API paths.

Adaptive Governance#

As AI agents evolve and produce novel request patterns, semantic analysis adapts because it reasons about meaning rather than static patterns. New request formats are still classified and risk-assessed, even if no specific rule template exists for them.

Audit Enrichment#

Every decision token includes the semantic signals that were present during evaluation. This creates a rich audit trail that explains why a decision was made — not just which policy matched.

Limitations#

Warning

Semantic intelligence is a best-effort enrichment layer. It does not guarantee perfect classification of all intents. Critical security boundaries should not rely solely on semantic signals — use explicit policy rules for hard security controls.

Classification accuracy depends on the clarity of the intent payload
Novel or ambiguous intents may receive generic classifications
The semantic layer adds processing latency (typically < 50ms)
Custom entity extraction requires configuration per tenant

Next Steps#

Authority Runtime Pipeline — understand the full evaluation flow
Decision Token Model — see how semantic signals appear in tokens
Author Policy Safely — write policies that use semantic conditions