Ulas Can Cengiz provides the auditing infrastructure necessary for the reliable deployment of AI agents. His work on the Governor CLI is a direct response to the rise of autonomous agents that generate and execute their own code. By creating a tool that can programmatically verify the security of AI-written scripts, Cengiz addresses one of the primary safety concerns in the agentic development lifecycle: the accidental introduction of vulnerabilities by a model.
Within the agent stack, Cengiz operates at the developer tools and security layer. He is an advocate for the "vibe coding" safety movement, ensuring that the speed of AI-assisted development does not compromise system integrity. For builders of agentic systems, Cengiz’s work offers a practical framework for implementing human-in-the-loop and automated security checks, making him a relevant figure for any team moving from experimental AI demos to production-grade autonomous systems.
Ulas Can Cengiz is a veteran software engineer and technical leader who has carved out a specific niche as an auditor for the era of automated development. Based in Amsterdam, Cengiz operates as a fractional CTO and AI strategist, but his most relevant contribution to the current ecosystem is a project called Governor. Governor is an extensible Command Line Interface (CLI) designed to audit the security of applications generated by AI. As "vibe coding"—the practice of using large language models to generate entire codebases with minimal manual intervention—becomes common, Cengiz focuses on the downstream risks of unverified code.
Governor addresses a fundamental problem in the agent ecosystem: LLMs frequently introduce vulnerabilities ranging from standard injection points to subtle logic flaws. By providing a CLI tool that integrates into existing development workflows, Cengiz offers a way to catch these errors before they reach production. This is not just a standard static analysis tool; it is a dedicated security layer for a world where humans are no longer the primary authors of their own software.
Before focusing on the intersection of LLM orchestration and system integrity, Cengiz built a career spanning over 20 years in coding and a decade in entrepreneurship. He is the founder of WinkOffice and has held leadership roles at firms such as Causo. His personal site and blog, hosted at ulascengiz.com, serves as a repository for technical and philosophical thoughts on software development and the Turkish startup community. While the archives on his personal site date back to 2015, his current work is heavily public-facing via GitHub and LinkedIn, where he advocates for more disciplined AI adoption.
Cengiz positions himself as a "Fractional Head of AI," a role that is increasingly important as companies struggle to implement agentic workflows without the resources for a full-time executive team. His value proposition is based on the observation that AI implementations usually fail because the surrounding technical infrastructure is brittle, not because the underlying models are weak. He promotes a transparent architecture where AI outputs are treated with the same skepticism as unvetted third-party code.
In the competitive field of AI safety, Cengiz occupies the space between high-level alignment research and practical code auditing. While major labs focus on the internal alignment of models like GPT-4 or Claude, Cengiz focuses on the security of the model's output. This distinction is critical for teams deploying autonomous agents that have the authority to execute scripts or interact with databases. If an agent generates a faulty script, the developer is responsible for the breach; Governor is the tool Cengiz built to mitigate that liability.
His approach is defined by its focus on extensibility. By offering Governor as a tool that developers can customize with their own security rules, he acknowledges that security needs vary across different domains. This collaborative, open-source methodology is a staple of the Amsterdam tech community and reflects a broader movement toward decentralized standards in AI safety. Cengiz is not just building a product; he is advocating for a professional standard where AI-generated code is audited by default.
An extensible CLI for security-auditing AI-generated applications.
Ulas Can Cengiz is hiring.