AGM v1.0 — Effective May 2026
This methodology governs all assessments produced by Stratalize Audit. Every report identifies the methodology version used at time of issuance.
The Stratalize AI Governance Methodology (AGM) is an independent framework for assessing organizational AI governance posture. AGM v1.0 produces a structured 11-section assessment covering shadow AI detection, agent inventory, input and output verification, access controls, dormant capabilities, and a prioritized risk register.
AGM assessments are structurally independent — Stratalize has no affiliation with any AI model provider and no financial relationship with vendors assessed. Every finding is independently derived from connected system data, not from vendor-provided documentation.
AGM v1.0 assessments cover:
Statistical sampling of AI-assisted documents across connected platforms. Sampling methodology: stratified random, 90-day lookback, proportional allocation per system. Confidence: 95%, margin ±5% for populations exceeding 10,000 documents.
Detection of ungoverned AI tool usage via identity provider authentication logs, MDM signals, and attestation ledger refusal events. Sources vary by connected system availability.
Enumeration of all AI tools, models, agents, and data flows active in the assessment period. Formatted as an AI Bill of Materials using Stratalize BoM schema v1.
Classification accuracy assessment, sensitivity tier compliance verification, and training data exposure quantification for AI inputs.
Claim extraction and grounding verification for AI-generated outputs. Cross-vendor consistency detection across multiple AI systems. ZK-proven authorization coverage percentage.
User access review including ghost user detection, over-provisioning identification, and sensitivity tier distribution.
Identification of available AI features with low or no adoption across connected platforms.
Recommendations for maximizing current stack utilization, agent optimization, and capability gap identification.
Light-touch mapping to relevant governance domains: model risk governance, data classification policy, AI inventory, access control, incident management. Not a compliance certification.
Prioritized action items with severity classification and resolution tracking.
Report data and findings are signed with Stratalize's Ed25519 private key. The corresponding public key is published at trust.stratalize.com/keys/signing-key.pub.
Merkle roots of attestation events are anchored hourly on Base mainnet via the AttestationAnchor contract.
View contract on BaseScanAny report can be verified at trust.stratalize.com/verify/[id] without contacting Stratalize.
AGM v1.0 assessments are point-in-time. They reflect the governance posture at the time of assessment and do not guarantee ongoing compliance. Stratalize assessments are not regulatory certifications. Organizations are responsible for determining applicable regulatory requirements in their jurisdiction.
| Version | Date | Notes |
|---|---|---|
| AGM v1.0 | May 2026 | Initial release |