Product · Prove

A committee-ready record for every AI actor.

Tallin governs AI use by humans, apps, and agents, then proves it. The board pack is a coverage-aware, sourced, signable artifact with a per-actor AI Agent Review: owner, approved model scope, budget, policy state, and findings. The same PDF goes to your board, your auditor, the customer security team, and the platform owner asking who their agents answer to.

Why this matters

Autonomous agents are arriving. Most teams can’t answer for them.

Gartner projects 150,000+ AI agents per Fortune 500 by 2028, yet only 13% of teams feel adequately governed. These are agents that spend and act unattended. The board pack is a single, versioned, signable document, generated from Tallin’s live ledger and labeled with the same observed / inferred / enforced / not covered taxonomy that powers the rest of the product. The auditor can verify every number against the underlying source. The CISO can hand it to the customer security team without preparing a separate brief.

What’s in it

Seven sections. Every claim sourced.

Executive summary
Observed + inferred (clearly labeled)

A single page covering total AI spend this period across humans, apps, and agents, the sanctioned versus unsanctioned share, the top three risks, and the trend that matters. It's written to be read in two minutes by a non-technical reader.

AI Agent Review
Per-actor, owner-attributed

A per-actor record for every AI actor (human, app, or agent) routed through Tallin: owner, approved model scope, budget and cutoff, policy state, kill-switch status, and open findings. The roster a committee can actually sign off on.

Coverage report
Coverage-aware totals

What percentage of your AI usage Tallin can directly observe vs. what it infers vs. what’s enforced through controls vs. where you’re still exposed. Not Covered explicitly includes direct provider calls made outside Tallin and tool / MCP execution side effects. Auditors trust this section more than any other, because it tells them what you don’t know, not just what you do.

Policy enforcement summary
Enforced + simulated (shadow mode)

For every rule in your AI policy: what it requires, how Tallin is enforcing it on routed traffic, and where the gaps are. Includes shadow mode simulation for proposed controls: what would change if you turned this on next quarter, before it touches live actors.

Provider breakdown
Observed (provider APIs) + inferred (expense + SSO)

Provider, model, actor, team, tokens, cost, timestamp, source confidence, coverage state, all in one table. The line items that show up in finance reconciliations match the line items that show up here.

Incidents & anomalies
Each incident sourced + dated

Material events in the period: data-exposure flags, runaway agent spend, sanctioned-policy violations, off-network usage, and actors that were disabled. Each carries a confidence label, a source, and a link to the underlying audit trail.

Trend lines (quarter over quarter)
Time-series, honest baselines

Usage, cost, coverage, and enforcement, tracked as they grow. It's the same chart your CFO already gets for cloud spend, applied to AI across every actor.

Where it gets used

The same pack works for five different audiences.

The board pack isn’t a marketing deck. It’s a working document that replaces the bespoke decks, screenshots, and spreadsheet exports security and platform teams normally generate from scratch for every audit cycle.

Board of directors

Quarterly AI governance update. Show every AI actor has an owner, a budget, and a policy: the controls are real, coverage is growing, and risks are managed, not just enumerated.

SOC 2 / ISO auditors

AI controls evidence. Same artifact, exportable as PDF, with every claim sourced and timestamped.

Customer security teams

Attach to DDQ responses or share under NDA. Saves three rounds of follow-up questions.

VP Eng / platform owners

Account for every agent and app spending against the AI bill (owner, model scope, budget, and findings) without chasing teams for a spreadsheet.

Bank partners / regulators

AI-usage attestations for sponsor banks, BSA/AML examiners, and other regulated relationships.

How it’s produced

It's generated from your live ledger as a signable PDF.

Tallin connects to your providers, identity, and expense systems on day one, and attributes the AI it routes to an owning actor. The board pack is generated from that live ledger, not a static export. When you onboard a new agent, connect a new provider, or close a coverage gap, the next version automatically reflects it, with no re-templating or copy-paste.

1. Connect signals

Provider admin APIs (OpenAI, Anthropic, Microsoft, Google), identity (Okta, Microsoft Entra), expense (Brex, Ramp, CSV), gateway, and CASB/network logs.

2. Attribute & label every claim

Tallin ties each row to an owning actor and tags it with its source and confidence. The board pack inherits those labels. Nothing in the PDF is more certain than the underlying signal.

3. Generate & sign

One-click PDF, versioned, with the issuing user and timestamp on the cover. Re-run any time. Last week’s artifact stays intact.

Know who every AI actor answers to.

Connect your first provider signal, route an actor through Tallin, and generate a board pack with its AI Agent Review. Then put it in front of your CISO, your auditor, and the VP Eng whose agents it covers to see whether they'd accept it.