Why AI Control & Analytics
The control plane and the ledger — alongside finance and security.
As teams adopt agents, automation, and AI-operated workflows, two things have to become infrastructure. The controls that decide what runs — allow, deny, require approval, cap pre-spend. And the analytics that prove what did — decision logs, cost attribution, baselines, anomalies, signed receipts, audit-ready exports. BlackLake is both.
The shift
Humans, services, and AI agents — acting in parallel
For a long time, the answer to “who did this?” was a person. Then services started doing work, and we built logs, audit trails, quotas, and SIEM tooling around them. Now AI agents do work too — they write code, ship deploys, refund customers, file tickets, run shells, and call other AI agents. The reviews, approvals, audit trails, and budget controls humans built around human work need to become infrastructure that AI work flows through too.
Control alone is not enough — auditors and finance teams need a record that survives a review. Analytics alone is not enough — a dashboard cannot deny a runaway $5,000 inference call before it happens. The category is the two together, on one ledger, attributed to one actor. That is what makes it infrastructure rather than a stack of disconnected tools.
Four verbs
What AI control and analytics actually does
BlackLake resolves to four verbs. Capture every consequential AI action. Govern it against policy. Cost it — pre-spend and post-spend. Prove the decision with a signed receipt. Govern and Cost-as-budgets are the control half; Cost dashboards, baselines, anomalies, drift, counterfactuals, and signed exports are the analytics half. Capture and Prove sit under both.
01
Capture
Every consequential AI action — by a coding agent, a CI bot, a backend AI Actor, or a teammate using AI to operate production — lands in one ledger. IDE, CI, shell, cloud, code: same record, same shape.
02
Govern
Declarative policies decide every call. Allow, deny, or require approval. Two-person approval, break-glass, magic-link approvals from email or mobile. Simulate a draft policy against weeks of history before you ship it.
03
Cost
Per-call dollar cost across Anthropic, OpenAI, Bedrock, Vertex, Foundry, Gemini, and Ollama. Budgets deny pre-spend at govern() time. Cost is cryptographically bound into every receipt.
04
Prove
Every decision returns an HMAC-signed receipt binding the evaluation, policy snapshot, approvers, outcome, and cost. AI can hallucinate compliance and cost; receipts prove both. The chain is independently verifiable.
Why now
The workforce is shifting faster than the controls.
Most companies already have AI doing real work. Coding agents ship code. CI bots open PRs. Backend services call LLMs that call tools that mutate production. A teammate uses AI to wrap a deploy command. The volume of consequential AI actions is climbing fast — and most of it is invisible to the controls a company already trusts for human work.
The same shift happened with cloud spend a decade ago. Ten years before FinOps was a category, finance teams were already buying AWS reservations and hoping for the best. Once the spend was material, attribution had to become infrastructure — not a quarterly spreadsheet exercise. The same dynamic now applies to AI: once an AI Actor can refund a customer, modify infra, push code, or spend $5,000 of inference on a single bad prompt, the controls have to be infrastructure too.
BlackLake exists because that infrastructure should be built like financial infrastructure: HMAC-signed receipts, versioned pricing snapshots, NDJSON exports for SIEM and BigQuery, decision tokens that cryptographically bind cost into every receipt. Auditors and finance teams already know this shape. AI control and analytics should match.
What BlackLake is
The control plane and the ledger.
One ledger captures every consequential AI action a company takes. One policy engine decides what runs. One budget engine caps the spend. Every decision is logged, every cost tracked, and every outcome recorded as a signed receipt you can verify later. Audit, finance, security, compliance, and engineering all read the same artifact — the way GL reads finance and SIEM reads security.