Contact Sales

All fields are required

Industry

SignalWire Completes Attestation of the NIST AI Risk Management Framework 1.0

AI risk management built into the architecture

Start for free Talk to an Expert
SignalWire

SignalWire has completed a self-attestation of the NIST AI Risk Management Framework 1.0 for its AI agent products. The framework asks organizations to manage AI risk across four functions: Govern, Map, Measure, and Manage. SignalWire's architecture maps to each by keeping authority in developer-defined code rather than the model, making agent behavior enumerable and observable, and authorizing escalation through business logic.

SignalWire Completes Attestation of the NIST AI RMF

SignalWire is proud to announce we have completed a self-attestation of the NIST AI Risk Management Framework 1.0 for our AI agent products. This is one piece of our public commitment to the engineering discipline that makes AI agents safe to put in front of real customers.

What is NIST AI RMF?

The National Institute of Standards and Technology published AI RMF 1.0 to give organizations a structured way to think about AI risk. The framework is voluntary. It does not impose rules, but asks organizations to govern AI across four functions: Govern, Map, Measure, and Manage.

Each function asks hard questions like:

  • Who is accountable for AI decisions?

  • How do you identify where the system can go wrong?

  • How do you measure the harm when it does?

  • What do you do about it?

For AI voice agents, those questions have real stakes. An agent that gives away free products, reveals customer data, or goes off-script creates legal exposure, customer churn, and reputational damage at scale. Every call is a live interaction with a real person.

The framework was designed to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products and services. We used it to pressure-test ours.

How SignalWire’s architecture maps to NIST AI RMF

SignalWire's approach to AI governance is built into the product architecture itself.

Govern: authority lives in your code, not in the model

Our AI kernel runs inside the media stack, not on top of it. That position is what makes governance structural rather than advisory.

Every AI agent on SignalWire operates inside a state machine defined by the developer. At each step, the model sees only the prompt and tools appropriate to that step. It does not know what other steps exist. It does not know what tools it cannot call. It cannot exit the state machine through conversation.

A data layer carries information between tool calls and between steps. The model never sees it; your tool handlers do. This is how sensitive information, such as account numbers, authentication tokens, and session context, passes through a conversation without entering the AI's context window.

The model handles language. Your code handles truth. The system enforces the boundary.

Map: knowing where the system can fail

The NIST framework asks organizations to identify where AI systems can cause harm. For voice AI, the failure modes are well-known: unauthorized disclosures, promise of unavailable outcomes, inappropriate escalation, or failure to escalate when required.

Because SignalWire agents operate as state machines with scoped tools, the possible actions at each point in a conversation are enumerable. There is no open-ended permission model where the model decides what it can do. The developer defines the boundaries. The platform enforces them. That makes the failure surface smaller and the failure modes predictable.

Measure: observable behavior, not trust

SignalWire provides structured logs of every tool call, every step transition, and every model response. You do not have to trust that the agent behaved correctly. You can verify it.

This is a basic requirement for any system that interacts with customers at scale. If you cannot observe what the agent did on a specific call, you cannot improve it, audit it, or defend it.

Manage: humans stay in the loop

SignalWire AI agents can escalate to human agents, transfer to supervisors, or pause for review. The decision of when to escalate lives in your code, not in the model's judgment. The model can request an escalation, but only your business logic can authorize it.

An AI agent that decides for itself when it has reached the limits of its competence is an agent that will sometimes be wrong about that decision. Moving the escalation logic into deterministic code means the boundary is consistent and testable.

What this means for builders on SignalWire

We chose to do this now because our customers are deploying AI agents in production environments where the stakes are real. Healthcare scheduling, financial services, customer support, logistics. These are live conversations with real people who depend on the system behaving as promised.

Self-attestation is a public commitment. It says: here is how we think about AI risk, here is how our architecture addresses it, and here is where we can improve. We intend to update this attestation as the framework evolves and as we continue to improve our platform.

If you’re deploying AI agents on SignalWire, this attestation reflects the infrastructure you are already using. The governance architecture is not another add-on. It’s how the platform works.

You still own the design of your agents. You define the steps, the tools, the escalation logic, and the data each step can access. The platform provides the enforcement layer. Your architecture provides the policy.

Learn more about SignalWire compliance in the Trust Center.

If you have questions about how specific aspects of our platform map to the NIST framework, or how to design your agents to align with it, talk to our team on the community Discord.

Frequently asked questions

What are the four functions of the NIST AI RMF?

The framework is organized around four functions. Govern establishes accountability for AI decisions. Map identifies where the system can cause harm. Measure assesses and tracks that harm. Manage determines what to do about it. Together they incorporate trustworthiness into the design, development, and use of AI systems.

What is NIST AI RMF self-attestation?

Self-attestation is a public commitment in which an organization documents how it addresses AI risk against the NIST framework. It states how the organization thinks about AI risk, how its architecture addresses each function, and where it intends to improve as the framework evolves.

How does the NIST AI RMF apply to AI voice agents?

For voice AI, the framework's questions carry real stakes because every call is a live interaction with a real person. An agent that discloses customer data, promises unavailable outcomes, or fails to escalate creates legal exposure and reputational damage at scale. Applying the framework means making those failure modes enumerable and enforcing boundaries in code rather than relying on the model's judgment.

How do you govern an AI agent in production?

Governance is structural when authority lives in deterministic code rather than the model. On SignalWire, each agent runs inside a developer-defined state machine where the model sees only the prompt and tools appropriate to each step, sensitive data passes through a layer the model never sees, and escalation decisions are authorized by business logic, not the model itself.

Related Articles