{"id":"https://openalex.org/W7151265162","doi":"https://doi.org/10.48550/arxiv.2604.04749","title":"AI Trust OS -- A Continuous Governance Framework for Autonomous AI Observability and Zero-Trust Compliance in Enterprise Environments","display_name":"AI Trust OS -- A Continuous Governance Framework for Autonomous AI Observability and Zero-Trust Compliance in Enterprise Environments","publication_year":2026,"publication_date":"2026-04-06","ids":{"openalex":"https://openalex.org/W7151265162","doi":"https://doi.org/10.48550/arxiv.2604.04749"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.04749","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.04749","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.04749","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5133099108","display_name":"Eranga Bandara","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Bandara, Eranga","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133091863","display_name":"Asanga Gunaratna","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gunaratna, Asanga","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026324363","display_name":"Ross Gore","orcid":"https://orcid.org/0000-0003-4065-6146"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gore, Ross","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133116678","display_name":"Abdul Rahman","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rahman, Abdul","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133141197","display_name":"Ravi Mukkamala","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mukkamala, Ravi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133130787","display_name":"Sachin Shetty","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shetty, Sachin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119762247","display_name":"Sachini Rajapakse","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rajapakse, Sachini","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123882076","display_name":"Isurunima Kularathna","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kularathna, Isurunima","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052612007","display_name":"Peter Foytik","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Foytik, Peter","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011431771","display_name":"Safdar Hussain Bouk","orcid":"https://orcid.org/0000-0002-1764-7703"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bouk, Safdar H.","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133093382","display_name":"Xueping Liang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liang, Xueping","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035652325","display_name":"Amin Hass","orcid":"https://orcid.org/0009-0001-1115-8060"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hass, Amin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113823913","display_name":"Ng Wee Keong","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Keong, Ng Wee","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5133119712","display_name":"Kasun De Zoysa","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"De Zoysa, Kasun","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":14,"corresponding_author_ids":["https://openalex.org/A5133099108"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.2703999876976013,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.2703999876976013,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.1454000025987625,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.14229999482631683,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/observability","display_name":"Observability","score":0.6776999831199646},{"id":"https://openalex.org/keywords/corporate-governance","display_name":"Corporate governance","score":0.6514999866485596},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.619700014591217},{"id":"https://openalex.org/keywords/exception-handling","display_name":"Exception handling","score":0.48080000281333923},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.40459999442100525},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.3736000061035156},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.3513000011444092},{"id":"https://openalex.org/keywords/categorical-variable","display_name":"Categorical variable","score":0.3221000134944916},{"id":"https://openalex.org/keywords/smart-contract","display_name":"Smart contract","score":0.30219998955726624}],"concepts":[{"id":"https://openalex.org/C36299963","wikidata":"https://www.wikidata.org/wiki/Q1369844","display_name":"Observability","level":2,"score":0.6776999831199646},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6661999821662903},{"id":"https://openalex.org/C39389867","wikidata":"https://www.wikidata.org/wiki/Q380767","display_name":"Corporate governance","level":2,"score":0.6514999866485596},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.619700014591217},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4869000017642975},{"id":"https://openalex.org/C145428669","wikidata":"https://www.wikidata.org/wiki/Q471748","display_name":"Exception handling","level":2,"score":0.48080000281333923},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.48019999265670776},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.4447000026702881},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.40459999442100525},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.3736000061035156},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.3711000084877014},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.3513000011444092},{"id":"https://openalex.org/C5274069","wikidata":"https://www.wikidata.org/wiki/Q2285707","display_name":"Categorical variable","level":2,"score":0.3221000134944916},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30329999327659607},{"id":"https://openalex.org/C2779950589","wikidata":"https://www.wikidata.org/wiki/Q7544035","display_name":"Smart contract","level":3,"score":0.30219998955726624},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.301800012588501},{"id":"https://openalex.org/C189922023","wikidata":"https://www.wikidata.org/wiki/Q17056348","display_name":"Information governance","level":4,"score":0.3005000054836273},{"id":"https://openalex.org/C53619493","wikidata":"https://www.wikidata.org/wiki/Q4787093","display_name":"Architecture framework","level":3,"score":0.2919999957084656},{"id":"https://openalex.org/C33676613","wikidata":"https://www.wikidata.org/wiki/Q13415176","display_name":"Dimension (graph theory)","level":2,"score":0.28839999437332153},{"id":"https://openalex.org/C154800190","wikidata":"https://www.wikidata.org/wiki/Q16941470","display_name":"Trust anchor","level":4,"score":0.28279998898506165},{"id":"https://openalex.org/C2164484","wikidata":"https://www.wikidata.org/wiki/Q5170150","display_name":"Core (optical fiber)","level":2,"score":0.28139999508857727},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.265500009059906},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.2646999955177307},{"id":"https://openalex.org/C57041688","wikidata":"https://www.wikidata.org/wiki/Q220644","display_name":"Service-oriented architecture","level":3,"score":0.2599000036716461},{"id":"https://openalex.org/C201305675","wikidata":"https://www.wikidata.org/wiki/Q852998","display_name":"Stakeholder","level":2,"score":0.25850000977516174},{"id":"https://openalex.org/C140423589","wikidata":"https://www.wikidata.org/wiki/Q7249406","display_name":"Project governance","level":3,"score":0.25760000944137573},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.25450000166893005}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.04749","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.04749","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.04749","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.04749","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/8","score":0.4544420838356018,"display_name":"Decent work and economic growth"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0,54,126,150],"accelerating":[1],"adoption":[2],"of":[3,67],"large":[4],"language":[5],"models,":[6],"retrieval-augmented":[7],"generation":[8],"pipelines,":[9],"and":[10,27,71,90,120,144,180,189,210,230],"multi-agent":[11],"AI":[12,44,68,79,88,93,106,174,187,205,217],"workflows":[13],"has":[14],"created":[15],"a":[16,57,82,154,220],"structural":[17,164],"governance":[18,69,83,191,218],"crisis.":[19],"Organizations":[20],"cannot":[21,25],"govern":[22],"what":[23,62,72],"they":[24],"see,":[26],"existing":[28],"compliance":[29,97],"methodologies":[30],"built":[31],"for":[32,39,85],"deterministic":[33],"web":[34],"applications":[35],"provide":[36],"no":[37],"mechanism":[38],"discovering":[40],"or":[41,170],"continuously":[42],"validating":[43],"systems":[45,107,188],"that":[46,215],"emerge":[47],"across":[48,200],"engineering":[49],"teams":[50],"without":[51,166],"formal":[52],"oversight.":[53],"result":[55],"is":[56,228],"widening":[58],"trust":[59,121,227],"gap":[60],"between":[61],"regulators":[63],"demand":[64],"as":[65,98],"proof":[66,146],"maturity":[70],"organizations":[73],"can":[74],"demonstrate.":[75],"This":[76],"paper":[77,213],"proposes":[78],"Trust":[80,94],"OS,":[81],"architecture":[84],"continuous,":[86],"autonomous":[87],"observability":[89,111],"zero-trust":[91,155],"compliance.":[92],"OS":[95],"reconceptualizes":[96],"an":[99],"always-on,":[100],"telemetry-driven":[101],"operating":[102],"layer":[103],"in":[104,158,224],"which":[105,159],"are":[108,115,123],"discovered":[109],"through":[110,153],"signals,":[112],"control":[113],"assertions":[114],"collected":[116],"by":[117],"automated":[118],"probes,":[119],"artifacts":[122],"synthesized":[124],"continuously.":[125],"framework":[127,151],"rests":[128],"on":[129],"four":[130],"principles:":[131],"proactive":[132],"discovery,":[133],"telemetry":[134,156],"evidence":[135],"over":[136,141,147],"manual":[137],"attestation,":[138],"continuous":[139],"posture":[140],"point-in-time":[142],"audit,":[143],"architecture-backed":[145],"policy-document":[148],"trust.":[149],"operates":[152],"boundary":[157],"ephemeral":[160],"read-only":[161],"probes":[162],"validate":[163],"metadata":[165],"ingressing":[167],"source":[168],"code":[169],"payload-level":[171],"PII.":[172],"An":[173],"Observability":[175],"Extractor":[176],"Agent":[177],"scans":[178],"LangSmith":[179],"Datadog":[181],"LLM":[182],"telemetry,":[183],"automatically":[184],"registering":[185],"undocumented":[186],"shifting":[190],"from":[192],"organizational":[193],"self-report":[194],"to":[195],"empirical":[196],"machine":[197],"observation.":[198],"Evaluated":[199],"ISO":[201],"42001,":[202],"the":[203,212],"EU":[204],"Act,":[206],"SOC":[207],"2,":[208],"GDPR,":[209],"HIPAA,":[211],"argues":[214],"telemetry-first":[216],"represents":[219],"categorical":[221],"architectural":[222],"shift":[223],"how":[225],"enterprise":[226],"produced":[229],"demonstrated.":[231]},"counts_by_year":[],"updated_date":"2026-04-08T06:07:18.267832","created_date":"2026-04-08T00:00:00"}