I build enterprise software that helps people make good decisions in complex systems.

Over the past two decades I've worked across Windows, connected devices, identity, security, and AI. While those domains look different, they've all centered on the same challenge: helping people understand, trust, and confidently operate increasingly complex systems.

I build enterprise software that helps people make good decisions in complex systems.

Over the past 18 years at Microsoft I've worked across Windows, connected devices, identity, security, and AI. While those domains appear different, they've all centered on the same challenge: turning technically complex systems into products people can understand, trust, and confidently operate at scale.

This site is where I publish ideas about enterprise software, AI, governance, identity, and the future of designing systems people can trust.

Trust & Governance — 2026

Trust Is a System

Governing Autonomous Agents in the Enterprise

Aarthi Hatter · 14 min read

As enterprise software becomes increasingly autonomous, the central product problem is no longer configuration — it's helping people supervise, understand, and trust systems that act on their behalf.

For most of the last two decades, enterprise software has been designed around a simple assumption: the person using the product is also the one making the decision. Configuration screens, admin consoles, and policy editors all reflect that assumption. They exist because the human is the authoritative agent, and the software's job is to make their intent explicit.

That assumption is quietly ending.

Modern enterprise systems — copilots, agents, autonomous remediation, adaptive access — increasingly take actions on their own behalf. The human is no longer the operator. They're the supervisor. And supervising a system is a fundamentally different design problem than operating one.

The supervision problem

When a person operates a system, they know what they intended and can verify the outcome against that intent. When they supervise a system, they inherit the outcomes of decisions they did not personally make, in domains where the system may have information they don't. The interface's job shifts from "let me express my intent" to "let me verify what happened, in time to correct it."

This is where most current AI governance conversations lose the thread. They treat governance as policy — a document, a review board, a set of allowed behaviors. But the person who has to trust the system on Tuesday morning doesn't experience a policy. They experience an interface.

Preview. This is an excerpt of the working paper. The full version — including the supervision model, the trust interface framework, and the case studies from identity and security tooling — is being finalized for release.