The safety harness
for AI media buying
Bridle AI is a governance and orchestration control plane that sits above your AI buying agents β giving humans budget guardrails, approval workflows, and an immutable audit trail before a single dollar moves.
check_governanceprimitive β the agentic buying checkpointCore governance loop
Built for the AdCP ecosystem
The gap nobody filled
Agents can act. Where's the checkpoint?
AdCP's check_governance primitive provides the hook β but nobody built the interface, workflow, or audit trail behind it. That's the vacuum Bridle AI fills.
AI agents spend autonomously
Buying agents act fast, across platforms, at a scale no human ops team can monitor in real time. That's the power β and the exposure.
The tooling vacuum
AI planning copilots are crowded. But nobody built the actual human-facing checkpoint β the layer that validates, escalates, and records what agents do with live budget.
Governance as infrastructure
Bridle AI is that layer β a governance engine AdTech vendors embed so every agent they ship is enterprise-trustworthy and auditable out of the box.
How it works
Five stages. Zero ambiguity.
Every agent action travels through the same auditable pipeline β from invocation to settlement β with money tracked at each stage in integer minor units and a pinned FX snapshot.
Agent calls check_governance
An AdCP-compatible AI buying agent submits an action request β create, update, bid-adjust β with its intent and the amount it wants to spend. Bridle AI receives it via the MCP tool handler.
Evaluate against budget & policy
The governance engine compares the request against the campaign budget ceiling, the agent's per-action authority, and the account's active policy version β all in serializable isolation to prevent concurrent overspend.
Auto-approve or escalate
Within threshold: instant approval, logged immutably. Above threshold: escalated to the human approval queue in the dashboard. The agent receives a "pending" response and waits.
Human approves or rejects
The approver acts in the cockpit dashboard. Their authority grant, the policy version, and the agent's authority snapshot are pinned to the decision row β provably immutable and SOC 2-ready.
Settle and reconcile
After the trade executes, the delivered amount is reconciled against what was approved β each with its own FX snapshot at its own timestamp. Discrepancies surface in the dashboard automatically.
Fail-closed on timeout
An expired approval is an explicit rejected decision row written by a sweeper. Inattention never lets spend through β the system is fail-closed by design.
Core capabilities
Every enterprise requirement. Built-in.
Budget Guardrails
Per-action ceilings, daily limits, and campaign caps enforced in serializable transactions β no concurrent overspend possible, ever.
Approval Workflow
Route high-risk decisions to the right human. Versioned authority grants, SOD enforcement, and a clear pending-queue cockpit.
Unified Dashboard
Cross-platform oversight in one place: pending approvals, at-risk spend, discrepancy reports, and real-time agent activity.
Immutable Audit Trail
Every action, decision, and settlement appended to an append-only log. DB-enforced. Point-in-time replay. GDPR crypto-shredding built in.
Policy Engine
Immutable-on-write policy versions with brand-safety rules. "Why was this approved" is answerable from the decision row alone.
Cross-currency
Money as integer minor units + pinned FX snapshot at every lifecycle stage. Cross-currency rollups are reproducible β never float, never live rates.
Multi-tenant
Organization β Account isolation enforced at the database level via Postgres Row-Level Security. Unset tenant context denies all rows β fail-closed.
SOC 2 Ready
Segregation of duties stored and queryable. PII isolated via crypto-shredding. Immutable log. Authority provenance pinned to every decision.
Native check_governance integration
AdCP β the emerging standard for agentic media buying built on MCP by Scope3, Yahoo, and PubMatic β defines a check_governance primitive. Bridle AI is the runtime behind that primitive: it handles the validation, the escalation, and the immutable record that makes the loop trustworthy.
Vendors licensing Bridle AI ship agents that are enterprise-trustworthy from day one β no rebuilding governance infrastructure, no missing audit trail.
Who it serves
Three tiers. One governance layer.
Whether you're an agency managing client liability, a brand ops team proving CFO-level safety, or a vendor shipping enterprise-grade agents β Bridle AI covers you.
Agency trading desks & ops teams
Manage spend across dozens of clients and platforms. Carry the most liability. Audit trails and approval workflows are non-negotiable for client trust.
- βCross-client audit trail, SOC 2-ready
- βApproval workflow for high-risk spends
- βDiscrepancy reports per campaign
- βSegregation of duties, queryable
In-house brand & marketing ops
More risk-averse about autonomous budget control. Need guardrails the CFO can see and budgets that provably cannot be overrun.
- βHard budget ceilings with DB enforcement
- βFail-closed on every timeout
- βCFO-legible at-risk spend dashboard
- βGDPR crypto-shredding built in
AdTech & MarTech vendors
Building AI buying agents. License Bridle AI as infrastructure β ship agents that are enterprise-trustworthy from day one without rebuilding governance.
- βMCP server β drop-in AdCP integration
- βWhite-label governance engine
- βMulti-tenant from the ground up
- βBecome the de facto standard layer
Built to last
Architectural decisions that don't rot
Event-sourced writes
The audit_event table is the source of truth. Current-state tables are maintained in the same transaction β structurally impossible to write state without recording it.
SERIALIZABLE isolation
Budget rollups run under SERIALIZABLE isolation. Concurrent evaluations cannot interleave into an overspend β the database enforces what app logic alone cannot guarantee.
Crypto-shredding
PII lives in subject_ref with per-subject keys in subject_key. GDPR erasure destroys the key β the audit row stays structurally intact.
Idempotent requests
UNIQUE(agent_binding_id, idempotency_key) β scoped to the stable binding identity, not the version. Retries across authority bumps still deduplicate. Rollups never double-count.
Row-Level Security
Postgres RLS on all 10 tenant tables, keyed on the app.org_id session GUC. Unset GUC denies all rows. Tenant isolation is fail-closed at the database level.
Pinned policy provenance
Every decision pins immutable snapshots of policy version, agent authority, and approver authority. "Why was this approved" is answerable from the decision row alone β zero dependency on live rules.
Ready to govern your agents?
The governance layer your AI agents need. Built to be licensed, not bolted on.
We're working with early AdTech and MarTech partners to embed Bridle AI as infrastructure. If you're building AI buying agents and need enterprise-grade governance, let's talk.