How AstraZeneca governs agentic AI at enterprise scale
With 10+ agents in production and 1,600 researchers on agentic platforms, AstraZeneca shares the governance infrastructure that works

Brian Dummann
VP, Head of Enterprise AI Technology
AstraZeneca
What you'll take away from this session
How governance becomes infrastructure instead of a gate
When compliance is embedded directly into code and platforms, it becomes an accelerator rather than a roadblock. The same foundation that naturally enforces rules drives user adoption.
Why observability by design is non-negotiable
You must log every agent action and permission path in an autonomous environment. Auditing agent behavior instantly is the only way to scale responsibly.
What "human on the loop" actually requires
Oversight has shifted from a reviewer checking final outputs to a supervisor watching a process unfold. Validation is no longer about static correctness; it’s about process integrity.
How to build an AI foundation before embedding policy
FAIR data fabric and a centralized AI gateway handles routing across 75+ approved models. Get the platform mechanics right before dictating policy.
Why the bottleneck is permission, not technology
Fear of failure can paralyze brilliant scientists. Designing for courage unlocks agentic value.
Governing agentic AI in a regulated pharmaceutical environment requires a fundamentally different architecture than chatbot-era governance. With over a dozen agents in production and 60,000 employees interacting with chat solutions each month, AstraZeneca learned this firsthand. Their existing governance frameworks were built around simple, single-input, single-output interactions. That model broke down when autonomous agents began making decisions, calling other agents, and accessing systems on behalf of humans without asking for step-by-step permission.
Brian Dummann, VP and Head of Enterprise AI Technology, shares what changed structurally after an internal AI audit provided eye-opening results. He breaks down the five core pillars needed in a multi-agent environment:
- Moving from human-in-the-loop to human-on-the-loop oversight
- Deploying defensive AI monitoring to catch drift and hallucination
- Programming agents to know when they are out of their depth so they can ask a human for help
- Designing flexible, adaptive risk frameworks
- Mandating complete observability by design
Instead of building defensive fences that stall deployment, AstraZeneca treats governance as the road itself. By pulling compliance into the platform infrastructure, they eliminated the friction of project-by-project reviews. This allows their teams to move safely, which is the fastest way to deliver outcomes for patients.
FAQ
What does it mean to govern AI when the system stops waiting for human approval?
What's the difference between enabling governance and defensive governance?
How do you build the foundation that makes trustworthy agentic AI possible?
Transform the work that matters most
See how Domino helps the world’s most regulated enterprises build, scale, and govern AI-powered applications.

