Skip to main content

Why agentic advertising is safe

Autonomous AI agents buying media raises a legitimate question: how do you trust software to spend real money on your behalf? Campaign Governance answers this with structural controls — not by trusting any single agent, but by making it impossible for any single party to act unilaterally.

Three-party trust model

Campaign Governance distributes validation across three independent parties:
  1. The orchestrator checks its intended action against the plan before sending it to any seller (intent check: tool + payload)
  2. The seller independently checks its planned delivery against the same plan before executing (execution check: media_buy_id + planned_delivery)
  3. The governance agent validates both sides against the campaign plan, maintaining state across the full lifecycle
No party grades its own homework. The orchestrator cannot skip governance because the seller checks independently. The seller cannot deliver something different from what was approved because the governance agent has a record of the planned delivery.

Separation of duties

Three roles with non-overlapping responsibilities:
RoleResponsibilityCannot do
Policy teamConfigure compliance policies, select registry policies, define brand rulesExecute campaigns or spend budget
Buying teamCreate plans, operate orchestrator, execute media buysModify compliance policies or bypass governance
Governance agentValidate actions against plans and policies, track budget, escalate violationsInitiate spending or modify plans
The orchestrator cannot bypass compliance because it does not carry the policies — they are resolved from the brand’s configuration by the governance agent. When a regulation changes, the policy team updates the configuration once and all active campaigns pick up the change automatically.

Crawl-walk-run adoption

Governance agents support three internal operating modes so organizations can build confidence incrementally. Mode is configured on the governance agent itself — it is not a protocol field, and callers act on the status they receive regardless of mode.
ModeWhat happensRisk
AuditLog everything, never block. Always returns approved with findings attached.Zero. See what governance would flag without affecting live campaigns.
AdvisoryReturn real statuses (denied, conditions) but the organization treats denials as non-blocking.Minimal. Humans review findings post-hoc and act on them.
EnforceBlock on violations. Require resolution before proceeding.Production governance with full protection.
Start in audit mode to evaluate false positive rates and calibrate policies. Move to advisory to test findings with real campaigns. Switch to enforce when confidence is established. The governance agent’s audit logs record which mode was active for each check, so post-hoc analysis can distinguish audit-mode approvals from enforce-mode approvals.

Budget protection

Budget is committed based on confirmed outcomes, not intended actions:
  1. check_governance with tool + payload (intent check) checks whether the spend fits the plan. No budget is committed.
  2. The orchestrator sends the action to the seller.
  3. report_plan_outcome reports the seller’s confirmed amount. Only then is budget committed.
If a seller reduces the amount, the governance agent commits the actual amount and flags the discrepancy. If the action fails, the governance agent commits zero. Budget state reflects reality, not intent. Concurrent media buys are handled through optimistic concurrency control or budget reservation, preventing concurrent approvals that together exceed the plan budget.

Confidence and explainability

Governance findings include confidence scores (0 to 1) and explanations that distinguish certain violations from ambiguous ones:
  • High confidence (0.9+): Definitive violation. A GDPR breach on a campaign explicitly targeting EU users.
  • Medium confidence (0.6-0.9): Depends on context the governance agent cannot fully resolve. Audience segments that may include minors, geo targeting that partially overlaps regulated jurisdictions.
  • Low confidence (below 0.6): Speculative. Flagged for human review rather than acted on autonomously.
Every finding includes a human-readable explanation and structured details for programmatic consumption. When human review is triggered internally, the governance agent records the reason, severity, and resolution in its audit logs. Nothing is a black box.

Drift detection

The audit log surfaces aggregate metrics that detect oversight erosion over time:
  • Human review rate — fraction of checks that required internal human review, with trend direction
  • Auto-approval rate — fraction of checks approved without human intervention
  • Human override rate — fraction of human reviews where the human disagreed with the governance agent
Organizations set thresholds on these metrics. When a threshold is breached, the governance agent includes a finding on the next check. A declining human review rate may mean well-calibrated governance or eroding oversight — the threshold breach surfaces the question so the organization can decide.

Multi-brand and agency governance

For holding companies with multiple brands and agency partners:
  • Delegations scope which agents can act on a plan, by authority level, budget limit, market, and expiration. A brand can grant full authority to one agency for Europe and execute_only to another for North America.
  • Portfolio governance defines cross-brand constraints: total portfolio spend caps, shared policy enforcement, and corporate-level exclusions that no individual brand plan can override.

For small brands

A brand buying direct with no agency and no policy team still gets:
  • Automated budget limits and geo enforcement from the campaign plan
  • Compliance coverage from the policy registry — community-maintained, no per-brand configuration required
  • Seller-side verification via governance checks
  • Full audit trail via get_plan_audit_logs
Set authority_level: "agent_limited" with a reallocation_threshold to define guardrails. The governance agent handles the rest.

Comparison to manual processes

Manual processCampaign Governance equivalent
Agency trading desk QAAutomated validation against the plan
DSP pre-bid rulesBudget authority and targeting compliance checks
Advertiser approval workflowsHuman review for high-risk actions
Post-campaign auditget_plan_audit_logs with drift metrics
Compliance reviewPolicy registry + jurisdiction-scoped validation
The difference is that Campaign Governance applies these controls to every transaction, not just the ones that happen to get reviewed. Manual processes are sampling-based and retrospective. Campaign Governance is exhaustive and real-time.