// Kesslernity · Governance Playbook
Governing Enterprise AI Before the Threshold Is Crossed
If your AI system caused harm tomorrow, could you say which layer of it did? Most enterprises cannot, and not because the harm is unclear.
Your AI estate grew the way every estate grows: one sensible deployment at a time. An assistant here, a fine-tuned model there, a vendor feature switched on by default. Every individual decision was reasonable. Nobody chose to cross a line, because there is no line you can see. The dependency builds quietly, the curve stays smooth, and the day it tips, no single event triggers an alarm.
Then something goes wrong, and you discover the part that actually hurts: you cannot say which layer did it. The base model, the fine-tune, the corpus, the orchestration, the prompt, each owned by a different party, each able to change behaviour without telling the others. When you go to reconstruct what happened, the record is scattered and will not join.
# incident review: AI system produced a wrong answer that was acted on $ reconstruct --request req-8841 --window 90d base-model log .... vendor cloud, UTC, key: trace_id orchestration log . our stack, UTC+2, key: session retrieval log ..... data team, no clock, key: none RESULT: cannot reconstruct — no joinable timeline # evidence everywhere. an account of what happened: nowhere.
That capacity, the ability to say who did it, is not recovered after the incident. It is a property you build in before, or it is absent forever. This book is how you build it in.
The book reasons about your AI estate through the Kessler Syndrome, the orbital-debris cascade where each collision makes the next more likely until a band of orbit becomes unusable. It is a clean, emotionally neutral model of how dependency accumulates, how thresholds get crossed without an alarm, and how accountability dissolves once the harm is done. It lets you think clearly about your own systems without first picking a side in the tired argument over whether AI is salvation or catastrophe.
It is an instrument, not a thesis. The orbit story leads the first third and then recedes on purpose, until the governance substance carries the page on its own. By Part II you are reading audit practice, not space. No predictions about how AI ends. No hype, no doom. An operating manual.
The book. Ten chapters, three beats each. First the mechanism, stated as a general law. Then the translation, what that behaviour looks like in your AI portfolio, named as an observable you can go and check. Then the move, one concrete artifact with an owner, a meeting, and a first action. Every chapter ends with something to do on Monday. Ships as a print-ready PDF (A4), a reflowable EPUB, and a browser HTML copy.
The toolkit. Five board-ready artifacts that assemble into one system, each as a ready-to-print PDF, a browser HTML, and editable Markdown:
The artifacts arrive one chapter at a time, but they are one system. The Density Register is the spine; the others attach to it; the cadence keeps them all current.
THE DENSITY REGISTER one row per AI touchpoint (the spine) | | | scores each names each examines each v v v ATTRIBUTION RACI-for-AI AUDIT QUESTION BANK can we trace? who owns it? can we evidence it? \ | / THE GOVERNANCE-CADENCE CONTROL schedules the refresh of all the above
The free front door is the sharpest instrument from the book: score one system, read the band, find the gap before an incident does.
$ licence-plate-test --system "bid-evaluation-assistant" --criticality 4 item 1 base model + version pinned ...... 0 vendor serves "latest" item 4 vendor change vs our change ....... 0 not joinable item 9 clocks + ids join across parties .. 0 three clocks disagree ... 12 items scored, 0-2 each ............. 9 / 24 BAND: RED (red <12 / amber 12-18 / green 19+) GATE: criticality-4 on a RED → does not deploy
Get the full 25-item checklist and the other four artifacts — $59 →
The examples lean toward EPC and energy, the seat the author operates from, but nothing is sector-locked. A bank examiner, a hospital's risk officer, and an insurer's model-risk lead all find their own register rows in these pages.
$59 for the book in three formats and the full five-artifact toolkit. Free updates: when a load-bearing fact shifts (the EU AI Act dates are still moving), the updated files re-deliver to every buyer automatically. Team use included: share with your platform, audit, and risk teams, no per-seat fees.
No. The Kessler Syndrome is a thinking instrument, and it recedes after the first third. By Part II you are reading AI audit practice. No orbital-mechanics lecture beyond what the model needs.
No. The opening scenario is fictional and the examples are sector-neutral. Banks, hospitals, insurers, and manufacturers all map their own systems onto the register, the RACI, and the checklist.
It is written for the operating seat. The executive chapters read cleanly for a CIO or audit lead; the traceability chapter goes deep enough for a platform lead to write requirements from.
Sourced and dated throughout, and flagged as volatile where the dates are still provisional. Free updates re-deliver when they settle, and the AI at Work newsletter tracks the changes between updates.
A ZIP with the book as PDF, EPUB, and HTML, plus the five toolkit artifacts each as a print-ready PDF, a browser HTML, and editable Markdown for your wiki.
Build the Density Register first; you cannot govern what you have not counted. Then the cadence keeps it current. The free Licence-Plate Test is a ten-minute taste before you buy.
→ Get Critical Density, $59 · Free: the Licence-Plate Test
Kesslernity builds governed AI agents and the controls that keep them auditable at enterprise scale. The dated facts in this book are maintained through the AI at Work newsletter.
store.kesslernity.com · kesslernity.com · First edition, 2026. Guidance, not a safety control. AI prepares; humans decide.