Synthesized moving toward policy-as-code
Synthesized
This points to a natural move from making safe test data to enforcing the rules that define what safe data is. Synthesized already asks teams to declare masking, generation, and transformation rules in YAML, then runs those rules inside CI/CD workflows. That is close to the core motion of policy as code, where the same repo that ships software also stores machine readable rules for what data can be copied, transformed, retained, or used in testing and AI workflows.
-
The product foundation is already there. Teams describe data requirements in YAML or Python DSL, and Synthesized applies built in masking, subsetting, and generation rules to produce production like test databases. A governance layer would reuse that same config surface, but add approval logic, audit logs, and pass or fail checks before data moves downstream.
-
The regulatory pull is becoming concrete. Article 10 of the EU AI Act requires data governance and management practices for training, validation, and test datasets in high risk systems. That makes version controlled policies valuable because compliance teams need a record of where data came from, what preprocessing happened, and what bias and quality checks were applied.
-
Comparable infrastructure already exists in adjacent markets. Open Policy Agent turned configuration review into a standard control point by evaluating structured JSON and YAML against declarative rules. Synthesized could do something similar for data pipelines, checking whether a dataset config violates privacy, residency, or model training restrictions before the synthetic data job runs.
If Synthesized keeps moving in this direction, it can become part of the control plane for regulated test and AI data, not just the generation engine. That would pull the company closer to governance budgets, increase switching costs, and make its YAML layer the place where engineering, security, and compliance teams coordinate how data is allowed to be used.