Governing Self-Service AI: How Organizations Maintain Control When Business Users Build

Final dispatch from the Databricks World Tour, Washington, DC – December 11, 2025

At the Databricks World Tour on December 11, I watched government agencies share how business users are now building production-ready AI in weeks.

In the first blog post of this three part series, When Business Users Build AI: What I Saw at Databricks World Tour, I explored the breakdown of the old IT bottleneck model. The second blog post, The Three Levels of Self-Service AI: From Document Extraction to Multi-Agent Systems , I examined the three levels of AI complexity that organizations are deploying today. Then in this final installment, I’ll dive into the critical question: How do you maintain security and governance?

 

The Governance Question

The obvious concern is this: How do you maintain security and quality when business users are building AI systems? 

Our answer starts with governance by design. Unity Catalog handles most of this automatically. When someone builds an agent, it can only access the data they’re already allowed to see. They define governance policies once, determining who can see what data, what needs to be masked, and what requires audit trails, and apply them across the platform. They embed governance from the start rather than bolting it on later.

Agents gets better through structured, expert feedback. At Centers for Medicare & Medicaid (CMS), for example, senior fraud investigators conduct “labeling sessions” where they review what the agent produced and mark what’s good, and flags what needs improvement. The platform captures feedback and incorporates it into the system automatically, enabling continuous improvement.

Version control allows organizations to track changes, compare iterations, and roll back if needed. The system continuously tracks quality metrics, relevance, correctness, and safety, and provides detailed traces showing exactly what each agent did and why.

This isn’t a black box. It’s governed, observable, and auditable AI at production scale.

 

The Cultural Shift

Igor describes the four principles below that IDB Invest followed during their transforming.

1. Modernize the analytical ecosystem.
2. Achieve a single source of truth for data.
3. Make data governance an enabler, not a blocker.
4. Focus on impact-driven use cases.

The third principle is the hardest. Most organizations treat governance as a checklist of restrictions. IDB Invest took the opposite approach: Governance should make it easier for authorized users to access data, not harder.

“Data governance had to be something that would help us expedite the usage of data, help us reduce the barriers for those who access our information, and most importantly, without losing sight of the control and protection of our data,” Igor said.

That shift requires trust on multiple levels. IT has to trust business users to build responsibly, business users have to take accountability for building high-quality, compliant solutions, and the platform itself has to reinforce good behavior. Making the secure, governed path the easy path.

When governance becomes an accelerator rather than an obstacle, transformation becomes sustainable, not just possible.

 

What This Means Going Forward

Near the end of his keynote, Rory Patterson made a prediction about the future of government IT: “I see a future where most people are getting the power of Databricks, but with the benefit of simplification of apps.”

He’s describing a shift in enterprise technology experiences. Instead of logging into complex data platforms, users interact with simple applications built on top of them. But unlike traditional applications, where development cycles stretch for months and security reviews happen in silos, business users build these applications in weeks, running the same governed data platform underneath.

Patrick Newbold at CMS is already there. “We’re not just modernizing IT,” he said. “We are impacting lives each and every day.”

Transformation from 20-year-old technology to cutting-edge AI doesn’t have to take a decade. IDB Invest did it in three years. CMS is doing it now. The technology is available today and the compliance frameworks exist, the question is whether organizations are ready for the cultural change. Because that’s what this really is, a cultural change disguised as a technology upgrade.

Giving business users the ability to build their own AI systems transforms IT from a bottleneck into a multiplier. Empowering domain experts to define what quality looks like ensures AI advances the mission, not just the technology. And by designing governance to enable access rather than restrict it, organizations reduce workarounds and strengthen trust in the system.

Standing in that crowded conference hall in Washington, listening to government employees and international development bankers describe building AI systems themselves, I saw the future of enterprise technology come into focus.

It’s not about replacing people with AI. It’s about giving people AI tools they can shape for their specific mission. The organizations embracing this model now are building a significant advantage, and those still waiting for IT to build everything are falling further behind.

Organizations can close the 20-year technology gap, but it requires choosing a different model. Not faster IT, but business users who build with IT as their platform. The proof was on stage at the Databricks World Tour. The question is who else is ready to make that choice.

 

Related Reading

To understand how Unity Catalog provides the governance foundation that makes self-service AI possible, see our detailed analysis: Intelligent Data Governance with Databricks Unity Catalog.