Guardrails for a Company of Cyborgs
An AI company from NASDAQ asked us to let their employees post with AI without burning the brand or the ticker. Here is the system we designed, and why both obvious answers to this problem are wrong.
Last week I wrote that my agent speaks under my name and I own every word it sends. A few days later a client asked, politely, what happens when "I" is two hundred employees.
The client is an AI company, trades on NASDAQ. Their situation: employees discovered Claude and started posting on LinkedIn. A lot. Some posts are great. Some are word soup with hashtags. And some, sooner or later, will casually touch revenue expectations - and that stops being a branding problem. That's a call from a lawyer about disclosure rules.
The ask sounded simple. Let people post, with AI, in their own voice. Just make sure nothing stupid or illegal leaves the building under the company's name. At company scale. Forever.
I love this problem, because both obvious answers to it fail in a measurable way.
TL;DR We design guardrails as a gate that learns, not an approval queue. Every employee post passes one enforcement point before LinkedIn: clean posts publish automatically, clear violations bounce back with reasons, doubtful ones go to a human. Every human decision gets written back into the rules. So the system needs less babysitting as it grows, not more. Built on Publora plus pieces we already shipped open source.
1. Employees are the best channel a company has
The numbers here are old news for marketers and still surprising for everyone else.
People trust their employer more than any other institution: 79%, above business, government and media (Edelman Trust Barometer). Employee networks hold about 10x more connections than the same company has followers, and content shared by an employee gets twice the click-through of the brand page (LinkedIn's own guide). And 72% of socially active employees say they would post about their company if someone prepared the content for them.
Funny detail I found while checking sources. The most quoted number in this industry, "employee content gets 561% more reach", leads nowhere. The original report vanished years ago, every citation is a blog quoting a blog. The flagship stat of employee advocacy is unauditable. Fits the theme of this essay better than any real number would.
So companies want employees posting. That part was never the problem.
2. AI made the best channel the most dangerous one
What changed in the last two years: employees stopped writing their posts. Their agents write. And the numbers around that are honestly worse than I expected.
In a KPMG global study of 48,000 workers, 57% of AI users hide it and present AI output as their own, and 66% rely on that output without checking it. Salesforce found 64% passing off AI work as their own and 40% using tools their company explicitly banned. Per SHRM, 30% knowingly break their org's AI rules, and a third of those would do it again to save time.
Put these together and you get the picture our client saw in their feed: confident, fluent, unchecked text going out under employee names, every day. Most of it harmless. Statistically, some of it not.
For a public company "some of it not" has a price tag. FINRA fined M1 Finance $850,000 for social posts that nobody pre-reviewed, approved or even retained. Not for malicious content. For the absence of a system.
3. Both obvious answers fail
Answer one: ban it. Already failed. The 40% using banned tools are the measurement of that failure. Prohibition just moves AI use into the shadow, where you can't see it and definitely can't audit it.
Answer two: route everything through PR. An approval queue works at ten posts a month and collapses at two hundred. Every queued post waits days, employees learn that posting is painful, participation dies. And participation is already the hardest part: 74% of social media managers call getting employees to engage their number one challenge. Roughly one company in five has a formal advocacy program at all, and 75% of employee advocates never got any training.
A policy PDF is not a system. A queue is a system that kills the thing it protects. What's left is the interesting part.
4. The design: a gate that learns
Here is the system we designed for this client, on top of Publora, our posting platform.
The entry point is corporate Claude with our custom skill connected. An employee writes a post the way they already do, with their agent, in their voice. The moment they say "publish", the skill fires and nothing goes to LinkedIn directly. The post goes to the guardrails system first.
The guardrails check runs the text through several iterations against a live rules database: information disclosure, customer agreements, brand rules, listed-company restrictions. Three outcomes, not two.
Clean - published automatically through the employee's Publora seat. No human in the loop, no waiting.
Clear violation - declined, with reasons and suggested edits back to the author. Not a silent block. The author learns the rule.
Doubt - flagged to a human moderator in comms. They approve or decline.
The flagged path is where the system earns its keep. Every human decision is written back into the rules database. Moderator declined a post about an unannounced partnership? The system remembers the pattern. Next similar case doesn't reach the moderator.
Every decision updates the guardrails.
This inverts the economics of review. An approval queue grows linearly with headcount: more people, more waiting, more moderators. A learning gate compresses: the more it processes, the less it asks. Month one the comms team sees maybe a fifth of posts. By month six they see the genuinely new cases only, which is exactly what senior humans should be looking at.
Two design details I insisted on. First, the gate is the only door: manual posts from the Publora editor pass the same check, so the story is "every post", not "AI posts". Second, the rules aren't invented by us. They're seeded from documents the company already has - the comms policy, the social etiquette deck, disclosure requirements for listed companies in both US and UK, then enriched with deep research. The system enforces the company's own rulebook, just consistently.
5. The part the lawyers actually asked about
Every check, decision and publication lands in a timestamped decision log. When a regulator or an auditor asks "show me your supervision process for employee communications", the answer is a report, not a shrug. That's the difference between our client and M1 Finance: FINRA's fine wasn't about a bad post, it was about no pre-review and no retention. The log is the retention.
On top of that: role-based access, escalation paths, and a versioned rulebook so you can answer "what was the policy on March 3rd" precisely. Boring features. They close deals with legal departments, not with marketing.
6. What it costs, roughly
The pricing pattern matters more than numbers. Two components: a fixed per-seat fee for the posting infrastructure, and consumption for guardrails checks, because every check burns real AI tokens and pretending otherwise just hides the cost somewhere worse. Seats scale with headcount, checks scale with activity. A quiet month costs little.
The build-vs-buy math the client did themselves: an internal version is 2-3 engineers for 6-12 months plus permanent support, for a company whose business is not social media tooling. Our version reuses a platform that already serves other clients. This is the whole reason the deal makes sense for both sides.
Who staffs the human review is a dial, not a fixed decision. Start vendor-managed while the rules mature, hand it to the internal comms lead when the flag rate drops.
7. What we're building it from
Full disclosure: Publora is my product, and half the pieces here started as our internal tools that we later open-sourced.
The policy checker grew from our humanizer's audit mode, a 20-point pass/fail review we run on every draft before publishing. The governance model comes from our employee advocacy skill, which draws a hard line I want to underline: reviewers check facts, confidential information and legal risk. Reviewers do not touch voice, tone or opinions. The fastest way to kill an advocacy program is to make everyone sound like the press office.
The monitoring and dashboards come from the same stack we use to track thousands of LinkedIn creators daily for our own content intelligence. Nice bonus for the client: same rails, so managers get progress dashboards for the whole team's LinkedIn presence.
And honest engineering note, because I know some of you will check: the open-source pieces enforce approval by convention, not by runtime. Turning conventions into actual blocking gates, with SSO, roles and an audit log, is precisely the enterprise build. That's the work.
Guardrails sound like bureaucracy until you remember what I wrote last week: a person owns every word their agent sends. A company is under the same rule, multiplied by every employee, watched by regulators, priced by the market. "Our employee's bot glitched" is not a sentence you want in an SEC filing.
At my scale, letting the agent speak is a habit. At company scale, the letting has to become infrastructure.
Three things, if this landed:
Running a team that posts? Tell me what your review process looks like today, I'm collecting failure patterns.
Want the free pieces? linkedin-skills has the humanizer, the audit checklist and the advocacy playbook, MIT-licensed.
Have this exact problem at your company? Write me. We're building this now and one more design partner makes the rules smarter for everyone.
Next issue: how the guardrails database actually works inside - rules, embeddings, and what a moderator's "no" turns into. Subscribe if you want the wiring.






