A Control Plane Architecture for Secure and Governable AI in Regulated Financial Systems
DOI:
https://doi.org/10.63282/3050-922X.IJERET-V7I2P127Keywords:
Zero Trust Architecture, AI Governance, Llm Security, Prompt Injection, Ephemeral Access Control, Financial Services Security, AI Observability, Multi-Account Cloud, Aws, Regulatory ComplianceAbstract
Artificial Intelligence adoption within regulated financial institutions has outpaced the security frameworks designed to govern it. Existing controls were built around network perimeters, static role assignments, and API-layer enforcement and were never designed for the behavioral unpredictability of large language models (LLMs) and autonomous AI agents. This paper presents a Control Plane Architecture for Secure and Governable AI (CP-SGAI): a purpose-built governance architecture that treats AI inference as a first-class security event requiring identity attestation, policy-bounded prompt execution, and ephemeral privilege scoping, and structured observability. Grounded in field experience operating multi-account AWS environments at a large financial institution, the framework addresses practical gaps that purely theoretical governance models miss, including prompt injection at the enterprise boundary, cross-account data egress through model responses, and the absence of prompt-response lineage in existing SIEM and audit toolchains. Three original constructs are introduced: an AI Interaction Identity (AII) attestation model, an Ephemeral Prompt Security Context (EPSC) lifecycle, and an AI Observability Schema (AOS) aligned with financial regulatory audit requirements.
References
[1] NIST, "Zero Trust Architecture," Special Publication 800-207, National Institute of Standards and Technology, Aug. 2020. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-207
[2] OWASP Foundation, "OWASP Top 10 for LLM Applications & Generative AI," v2025, 2025. [Online]. Available: https://owasp.org/www-project-top-10-for-large-language-model-applications/
[3] ENISA, "Artificial Intelligence Cybersecurity Challenges: Threat Landscape for AI and ML," European Union Agency for Cybersecurity, 2023. [Online]. Available: https://www.enisa.europa.eu/publications/artificial-intelligence-cybersecurity-challenges
[4] ISO/IEC 23894:2023, "Information Technology - Artificial Intelligence - Guidance on Risk Management," International Organization for Standardization, 2023. [Online]. Available: https://www.iso.org/standard/77304.html
[5] European Commission, "Regulation (EU) 2024/1689 -- Artificial Intelligence Act," Official Journal of the European Union, 2024. [Online]. Available: https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
[6] Financial Stability Board, "The Financial Stability Implications of Artificial Intelligence," FSB Report, November 14, 2024. [Online]. Available: https://www.fsb.org/2024/11/the-financial-stability-implications-of-artificial-intelligence/
[7] Bank for International Settlements, "Artificial Intelligence and the Economy: Implications for Central Banks," BIS Annual Economic Report 2024, Chapter III, June 2024. [Online]. Available: https://www.bis.org/publ/arpdf/ar2024e3.htm
[8] F. Perez and I. Ribeiro, "Ignore Previous Prompt: Attack Techniques for Language Models," in Workshop on Machine Learning Safety, Advances in Neural Information Processing Systems (NeurIPS), New Orleans, LA, USA, 2022. [Online]. Available: https://arxiv.org/abs/2211.09527
[9] MITRE Corporation, "MITRE ATLAS: Adversarial Threat Landscape for Artificial-Intelligence Systems," v5.1.0, November 2025. [Online]. Available: https://atlas.mitre.org
[10] Board of Governors of the Federal Reserve System, OCC, and FDIC, "Revised Guidance on Model Risk Management," SR Letter 26-2 / OCC Bulletin 2026-13 / FDIC FIL-15-2026, April 17, 2026. Supersedes SR 11-7 (April 4, 2011). [Online]. Available: https://www.federalreserve.gov/supervisionreg/srletters/SR2602.htm - OCC: https://www.occ.treas.gov/news-issuances/bulletins/2026/bulletin-2026-13.html
[11] Amazon Web Services, "Security Best Practices for Amazon Bedrock," AWS Documentation, 2024. [Online]. Available: https://docs.aws.amazon.com/bedrock/latest/userguide/security-best-practices.html
[12] Amazon Web Services, "AWS Well-Architected Framework: Security Pillar," AWS Whitepaper, 2024. [Online]. Available: https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html
[13] Y. Bai et al. (Anthropic), "Constitutional AI: Harmlessness from AI Feedback," arXiv:2212.08073, December 2022. [Online]. Available: https://arxiv.org/abs/2212.08073
[14] Gartner, Inc., "Hype Cycle for Artificial Intelligence, 2024," Gartner Research, June 2024. Authors: Afraz Jaffri, Haritha Khandabattu. [Online]. Available: https://www.gartner.com/en/documents/5227007
[15] NIST, "Artificial Intelligence Risk Management Framework (AI RMF 1.0)," National Institute of Standards and Technology, Jan. 2023. [Online]. Available: https://doi.org/10.6028/NIST.AI.100-1
[16] Amazon Web Services, “Amazon Bedrock AgentCore: Build, deploy, and operate AI agents at scale,” AWS Documentation, October 2025. [Online]. Available: https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/what-is-bedrock-agentcore.html
