
Key facts.
- Stanford's AI Index recorded documented AI incidents rising to 362, up from 233 the year before, evidence that behavior has to be traced and watched continuously after launch, not only at the launch review.source
- Thinking Machines Lab showed that the same prompt at temperature 0 can yield dozens of distinct outputs because inference is not batch-invariant, so the behavior under a deployed agent keeps shifting without any code change.source
- DORA (EU Regulation 2022/2554) requires financial entities to run continuous ICT risk management, monitoring and incident reporting, treating resilience as an ongoing obligation not a point check.source
Why does an agent drift out of compliance without changing?
Sign-off is not permanent: a newer model and shifting data move behavior out of bounds, and Thinking Machines saw 1,000 completions split into 80 at temperature 0, so a frozen set ages fast. (source)
Compliance is a relationship between behavior and rules. Both sides move. The model gets updated, outputs shift. Your data corpus changes, what the agent retrieves changes. A new integration quietly widens its reach. A regulation gets clarified, the bar shifts. None of that requires a code change. All of it can push approved behavior outside the approved boundary. Stanford's AI Index shows documented AI incidents climbing year over year. Traceability has to outlive the launch review.
A better model accelerates drift, doesn't prevent it. Thinking Machines Lab showed behavior can shift run to run from numerical variance alone, no code changes, just inference variability. More capability means more ways to act outside the boundary your March control set contemplated. That's why DORA treats operational resilience as continuous: ongoing monitoring, not an annual certificate. Drift detection applies the same logic to compliance. Catch behavior, data flows, or tool use that moved away from the approved baseline before it becomes a violation.

What does continuous compliance monitoring track?
The things that move. Behavioral drift: decisions outside the distribution it was approved on. Data drift: reading or writing categories it wasn't cleared for. Permission drift: reach widened through a new tool or integration. Policy drift: the rule itself changed. Each needs a baseline set at launch and a live comparison running against it. Alert and named owner when the gap opens. Catch the move while it's small. Don't discover it in an audit.
| Drift type | What moved | Signal to watch |
|---|---|---|
| Behavioral | Model output distribution | Decisions outside approved range |
| Data | Inputs/outputs handled | New data categories touched |
| Permission | useful reach | New tools or scopes in use |
| Policy | The rule itself | Updated regulation or standard |
The Pattern Intelligence Layer is where compliance becomes continuous rather than certified. The agent's live behavior, data flows and reach are compared to its approved baseline at the pattern level. Drift surfaces as a signal with an owner instead of as a finding in next year's audit. Reliability at the pattern level is what keeps a governed agent governed long after the launch review.
Frequently asked questions
If the code didn't change, how can compliance change?
Because the model, the data, the integrations and the rules all move independently of your code. Compliance is the gap between behavior and policy and both sides drift.
Isn't periodic re-review enough?
It catches drift late. Continuous monitoring with drift detection catches the move while it is small, which is the difference between an alert and an incident.
What do I baseline against?
The behavior, data scope and permissions the agent was approved under at launch, captured from its logs, so live behavior has something concrete to be compared to.

