Ensuring Trust in AI: The ValGenesis Approach to Validating AI Agents and Functions for Validation and Qualification in Life Sciences

Executive Summary

Artificial intelligence (AI) is rapidly reshaping how life sciences organizations manage validation, quality, and compliance processes. In regulated environments, however, adopting AI requires more than technical innovation, it demands a philosophy grounded in validation rigor, data integrity, and regulatory alignment.

To meet this need, ValGenesis has introduced VAL™ , a suite of AI-powered Smart Agents embedded within the ValGenesis digital validation suite. VAL is built on enterprise-grade AI models delivered through secure, compliant infrastructure and governed by a lifecycle framework aligned with global regulations and guidance. These include the FDA’s 21 CFR Part 11, the EU Annex 11 issued by the European Commission, the EU AI Act adopted by the European Parliament and Council, ISPE’s GAMP® 5 Second Edition, and ISPE’s “GAMP® Guide: Artificial Intelligence”.

This white paper outlines ValGenesis’ structured framework for qualifying AI Agents in life sciences, focusing on regulatory readiness rather than experimental prototyping. The framework aligns with GxP expectations, FDA’s Good Machine Learning Practice (GMLP) principles, GAMP 5, and emerging global AI regulatory guidelines, ensuring AI Agents are developed, verified, validated, and maintained within a controlled quality management environment. Rather than detailing algorithmic or proprietary configurations, the document emphasizes governance, validation strategy, and lifecycle controls required to ensure traceability, reproducibility, and regulatory defensibility.

If your objective is to optimize validation effort and cost while maintaining full compliance and audit readiness, ValGenesis Smart Agents provide a qualified and scalable foundation for integrating AI agents and functions across the entire validation lifecycle.

Recommendations for Customers

If your organization is running Valgenesis iVal™ in production, or planning to adopt the Validation Lifecycle Suite (VLS), we recommend the following next steps to gain immediate value from VAL’s AI-powered capabilities:

1. Extend suite use cases to include Smart Agents: Begin by enabling one or more VAL Smart Agents to streamline key validation activities, such as the Smart Validation Document Generator to automate protocol creation, the Smart Gap Assessor to identify gaps, the Smart Executor to assist validation engineers by parsing test evidence and auto-populating actual results, and the Smart Anomaly Detector to analyze executed protocols and detect deviations. Together, these AI Agents augment the expertise of subject matter experts (SMEs), creating a human-in-the-loop validation framework that automates time-consuming tasks like protocol development, evidence review, and gap analysis, accelerating validation cycles while maintaining regulatory control, traceability, and data integrity.
2. Start with low-risk, high-value tasks: Apply VAL to labor-intensive validation activities such as document drafting, execution support, or automated review of authorized and executed validation records, where the final outputs are reviewed and approved by SMEs acting as the human-in-the-loop. This approach ensures that critical thinking and final decision-making remain with qualified experts, while routine, repetitive tasks are streamlined through automation. It aligns with regulatory expectations that AI systems must be designed for effective human oversight, as outlined in the FDA’s draft guidance Considerations for the Use of Artificial Intelligence to Support Regulatory Decision-Making for Drug and Biological Products, and Article 14 of the EU AI Act.
3. Engage ValGenesis for readiness planning: Our team can help map your internal workflows, assess validation requirements, and design a qualified deployment path that aligns with your compliance framework.
4. Validate through partnership, not in isolation: ValGenesis is at the forefront of AI qualification for GxP-regulated use, setting new benchmarks for compliance and operational excellence. We are committed to partnering closely with our customers, not merely delivering tools, but co-validating AI solutions within regulated frameworks to ensure reliability, transparency, and trust. This collaborative approach helps elevate the validation standards across the life sciences industry.

This is your opportunity to be trailblazers in life sciences, to adopt AI that is not just powerful but qualified, explainable, and audit ready.

Compliance Without Compromise: Aligning VAL with Global Regulations

The mainstream adoption of AI and machine learning (ML) technologies, coupled with their growing implementation in biopharmaceutical operations, has prompted regulatory bodies to revise existing guidelines and introduce new ones. The goal is to maintain global alignment of standards and provide clear and relevant guidance to manufacturers and suppliers.

In the United States, the FDA issued its draft guidance Considerations for the Use of Artificial Intelligence to Support Regulatory Decision-Making for Drug and Biological Products (FDA, 2025). The guidance introduces a risk-based credibility assessment framework for AI models used in drug development and manufacturing. It outlines a lifecycle approach for defining use cases, assessing and mitigating risks, and ensuring ongoing compliance.

In the European Union, the EU AI Act (European Parliament and Council, 2025), while not pharma-specific, introduces a risk-based classification for AI applications and defines specific requirements for each category. This broad framework influences how AI technologies, including those used in regulated pharmaceutical environments, are assessed and deployed.

In parallel, the draft revised EU Annex 11 (EU Directorate-General for Health and Food Safety, 2025) strengthens lifecycle management requirements for computerized systems used in GxP processes. It reinforces risk-based approaches and establishes foundational principles for system validation, data integrity, and audit trail management. Complementing this, the updated Chapter 4: Documentation of the EU GMP Guide (EU Directorate-General for Health and Food Safety, 2025) emphasizes risk-based documentation practices to safeguard data integrity, accuracy, and readability across all formats.

Additionally, the European Union has released a draft Annex 22 (EU Directorate-General for Health and Food Safety, 2025), which sets specific requirements for deterministic and static AI/ML models in critical GMP processes. Notably, large language models (LLMs) and generative AI systems are explicitly excluded from such applications, as they are classified as high-risk and unsuitable for use in processes with a direct impact on patient safety, product quality, or data integrity.

Industry guidance also plays a significant role, as the GAMP 5 Second Edition (ISPE, 2022) remains an essential reference for computerized system compliance, with Appendix D11 specifically addressing AI and machine learning subsystems and advocating a lifecycle approach for their deployment in regulated environments.

VAL supports a compliance-first approach aligned with global regulatory expectations for AI in GxP environments. Building on the regulatory frameworks referenced above, its design, implementation, and use are further guided by the ISPE GAMP® Guide: Artificial Intelligence, ensuring AI is deployed within a controlled, traceable, and auditable lifecycle. This approach enables organizations to leverage AI capabilities while maintaining regulatory readiness, data integrity, and validation rigor.

ValGenesis provides a complete validation package for each Smart Agent, including validation protocols, a Validation Summary Report, and usage guidance. AI-generated outputs are explainable and reviewable, and audit logs are available to quality assurance teams for inspection. Changes to AI components are managed through a structured change control process, with versioning, regression testing, and validation summaries.

Quality and Compliance by Design

VAL is designed to transform the validation process by eliminating the mundane, repetitive, and low-value tasks that slow down validation. VAL streamlines the entire validation lifecycle, enabling teams to adopt AI solutions faster, and with reduced overhead, while maintaining full compliance.

Each VAL Smart Agent is developed with a clearly defined intended use and explicit roles for human oversight in every process influenced by the AI-powered applications. Below is an overview of the intended use of each Smart Agent in VAL:

• Smart Validation Document Generator: Creates, updates, and perfects protocols in multiple languages (currently supports English, Portuguese, French, German, Mandarin, Japanese, and Korean) with built-in compliance and clarity.
• Smart Gap Assessor: Identifies regulatory and standard operating procedure (SOP) gaps, and flags document inconsistencies, ensuring end-to-end traceability and maintaining audit readiness across the validation lifecycle.
• Smart Validation Executor: Automates results generation based on the evidence captured for validation test execution, while ensuring global regulatory compliance.
• Smart Anomaly Detector: Instantly flags and resolves validation document anomalies against expected outcomes to keep projects on track and audit ready.

VAL Smart Agents provide AI-powered outputs based on user inputs and do not operate autonomously or interface with GMP critical systems. Through an impact assessment conducted for each Smart Agent, it has been determined that there is no direct or indirect impact on patient safety, product quality, or data integrity, as the AI output is not stored or used in any GxP database without human review.

Since enterprise-grade AI models power the underlying AI capabilities of VAL, and its architecture is owned and operated by a third party, VAL neither modifies nor is responsible for the model’s explainability or transparency, focusing instead on ensuring compliant and controlled use within regulated operations.

Ensuring Accuracy and Reliability: Validating VAL

AI systems in life sciences must meet the same rigorous standards as traditional computerized systems. To ensure regulatory compliance, functional reliability, and operational safety, a structured validation approach was followed for VAL’s Smart Agents:

1. Definition of Intended Use and Regulatory Scope: The intended use of each Smart Agent was clearly defined (e.g., document generation, gap assessment against SOPs and identified regulatory coverage, parsing evidence and attachments captured during the execution, and anomaly detection), functional and performance requirements, intended use qualification, and data integrity controls were established.
2. Validation Planning: A comprehensive Validation Plan was developed, covering functional and performance requirements, intended use qualification, and data integrity controls.
3. Data Integrity and Compliance with 21 CFR Part 11: The system was validated to ensure that AI-generated outputs are explainable and reviewable while also preserving the integrity of electronic records, in accordance with 21 CFR Part 11 (Food and Drug Administration (FDA), 1997).
4. Performance and Security Testing: Performance testing was executed in alignment with industry best practices, and original equipment manufacturer (OEM)-recommended configurations to optimize performance quality. Key focus areas included: response time, resource utilization, system capacity and scalability, security testing in adherence to OWASP (Open Worldwide Application Security Project) guidelines and OWASP LLM security recommendations (OWASP, 2025). Those controls provided layered protection across the application layer, API endpoints, and AI model logic, ensuring the system remains compliant, auditable, and resilient to modern AI-specific security threats.
5. Development and Execution of AI Validation Protocols: Each Smart Agent followed a defined validation lifecycle, with the following protocols and approvals documented in the Quality Management System (QMS):
   1. Installation Qualification (IQ): Verified that the Smart Agent and its environment were installed according to defined specifications and ensured that the IT infrastructure met GxP compliance and cybersecurity requirements.
   2. Operational Qualification (OQ): Ensured that the Smart Agent functionality met predefined acceptance criteria and performed consistently under expected operating conditions.
   3. Performance Qualification (PQ): Assessed the Smart Agent’s performance under real-world usage scenarios and evaluated predictive accuracy, output reliability, and response time.
6. Human Oversight and Exception Management: Incorporated human-in-the-loop (HITL) mechanisms for critical decision points, ensuring human review and accountability. In addition, manual override capabilities were enabled to address AI-generated exceptions or errors.

To demonstrate compliance and support regulatory audits, the following documentation was generated and maintained: the Validation Plan, IQ, OQ, PQ, and the Validation Summary Report.

Performance Metrics for VAL Smart Agents

Below are examples of test cases and metrics used to validate each Smart Agent. Evaluation metrics were tailored to the specific design and purpose of each agent.

Smart Validation Document Generator

Validated using test protocols and datasets to ensure that generated documents align with intended use cases. Accuracy was measured across regulatory language, structural integrity, and template compliance, using BERTScore, a metric used to evaluate how closely an AI-generated sentence matches the meaning of a reference sentence (Zhang, Kishore, Wu, Weinberger, & Artzi, 2020). Instead of focusing on exact word matches, it compares the overall meaning.

For this purpose, validation data was drawn from user requirement specifications (URS) and functional specification documents. High BERTScores resulting from validation experiments indicate strong alignment with the original intent, reflecting high semantic fidelity across varied user perspectives. This evaluation confirmed that the AI-powered agent consistently understands and adapts content to meet life sciences validation needs, ensuring both accuracy and relevance. In controlled testing, the Smart Validation Document Generator achieved an average BERTScore of 0.9, confirming strong semantic alignment with expert-authored validation content.

Smart Gap Assessor

Evaluated using sample validation documents to confirm accurate identification of gaps and alignment with internal quality frameworks. This agent was evaluated qualitatively by SMEs using internal review frameworks and LLM-as-a-judge techniques. Observed accuracy ranged from 80% to 90%, depending on document type and format variability.

Smart Validation Executor

Tested against predefined execution scenarios to verify its ability to collect, validate, and analyze test evidence; determine execution status; and manage exceptions reliably. Validation tests ensured the agent’s ability to:

• Interpret visual evidence in context.
• Align observations with test instructions and acceptance criteria.
• Provide consistent, compliant, and explainable outcomes.

Such visual validation capabilities are critical in regulated environments where human-like judgment must be paired with auditability and repeatability. The Smart Validation Executor’s validation resulted in an F1 score of 0.9, a single metric that combines precision and recall, and accuracy of 0.8, demonstrating consistent and compliant classification of pass/fail outcomes based on visual evidence and procedural logic.

Smart Anomaly Detector

Assessed using executed records and operational data to ensure reliable detection of true anomalies, minimizing false positives and negatives. During validation testing, the Smart Anomaly Detector demonstrated F1 and accuracy scores comparable to the Smart Validation Executor, supporting its effectiveness in surfacing inconsistent or abnormal content across document sets.

In addition to internal benchmarks, AI-powered outputs were compared with results produced by experienced validation professionals to ensure that VAL augments human expertise rather than replacing it. Documents, execution statuses, and assessments generated by Smart Agents were reviewed for consistency with expert judgment. This comparison was essential for validating performance and building trust in the system’s output.

Validation of such agents is not a one-time event. VAL is continuously evaluated and validated through offline testing and online monitoring. Offline evaluation includes regularly updating test datasets with new use cases, regulatory updates, and real-world feedback. Online monitoring involves tracking performance metrics and user feedback. Any change to an AI component triggers a full revalidation cycle, complete with documentation and version control, ensuring that updates maintain reliability and prevent unintended behavior.

• Disclaimer:
  The accuracy metrics above were based on internal validation testing in controlled environments. VAL 1.0 is powered by LLMs with a knowledge cutoff of October 2023. While performance was strong in structured test cases, output quality may vary depending on content complexity, input variability, and user interaction. As with any LLM-based system, outputs may occasionally include false or misleading information presented as fact. Users are advised to apply expert judgment when reviewing Smart Agent results.

Built-In Oversight: Designing Safe and Controlled AI Interactions

In regulated environments, AI must operate with precision, predictability, and control. VAL is designed with built-in safeguards to ensure that all critical actions involve human oversight and that automated steps stay within clearly defined boundaries.

Every key output from a Smart Agent is subject to human review. For example, when the Smart Validation Document Generator creates a validation plan, it remains a draft until approved by a qualified reviewer. Similarly, when the Smart Validation Executor flags exceptions or recommends status updates, those actions must be confirmed by an authorized user. This human-in-the-loop model ensures that AI supports expert decision-making and never bypasses it.

To further ensure safety, VAL includes real-time monitoring that tracks system activity, detects anomalies, and alerts administrators to unexpected behavior. Guardrails are embedded to enforce compliance with regulatory standards and internal policies, limiting what AI can do and preventing unauthorized or noncompliant actions.

When VAL integrates with external systems, such as enterprise resource planning (ERP), electronic document management systems/electronic document management systems (DMS/EDMS), or laboratory information management systems (LIMS), it operates within a secure, sandboxed environment. These connections are governed by predefined APIs, ensuring that AI can only perform permitted actions. This architecture eliminates the risk of unintended changes or unsafe data access.

To be fully compliant with data integrity frameworks, VAL is designed to align with the following ALCOA+ principles, ensuring that all AI-generated validation content meets the highest standards of data integrity:

• Attributable: Every AI-generated draft is linked to the user who initiated it. Prompts and outputs are logged with the username, date, and time. Final documents are reviewed and approved by qualified personnel.
• Legible: Documents are created in standard formats such as Word or PDF, ensuring they are clear, readable, and permanent. Consistent formatting and language are maintained throughout.
• Contemporaneous: Drafts are time-stamped and saved immediately in the DMS/EDMS. Each action is recorded in a complete audit trail.
• Original: The first AI-generated version is preserved as the original record. Any edits are version controlled and stored securely in the DMS.
• Accurate: All drafts are reviewed and verified by SMEs.
• Complete: Documents include all necessary information, context, and metadata to ensure they are comprehensive and usable without requiring additional clarification.
• Consistent: Language, structure, and formatting are uniform across documents, aligning with organizational standards and reducing ambiguity.
• Enduring: Records are maintained in durable formats and systems that support long-term accessibility, integrity, and compliance.
• Available: Documents are stored in secure, searchable repositories and are accessible to authorized personnel when needed, supporting operational continuity and audit readiness.

Furthermore, VAL is built to support full compliance with 21 CFR Part 11. The following points detail how VAL ensures that electronic records and signatures are secure, traceable, and properly controlled:

• All AI-generated content is linked to authorized users through secure login credentials and role-based access.
• Each Smart Agent interaction is logged with a complete audit trail, including user identity, date, time, and action taken.
• Documents are stored in validated systems with version control, electronic signatures, and access restrictions.

In addition, customers can use the Smart Gap Assessor to evaluate whether their authored documents, such as user requirement specification (URS), are 21 CFR Part 11 compliant. By simply prompting the agent to identify compliance gaps, users receive actionable insights to strengthen documentation and ensure alignment with regulatory expectations.

This combination of built-in controls and intelligent compliance support helps organizations maintain confidence in their records and meet regulatory requirements with ease.

Securing AI Interactions in Regulated Environments

In regulated industries, AI must be protected from both external threats and internal misuse. VAL is built on a multilayered security framework that ensures safe, compliant, and controlled interactions at every step.

Guardrails are embedded to prevent jailbreak attempts (efforts to bypass model safeguards) and prompt injection attacks (malicious instructions hidden within user prompts or external data), ensuring that Smart Agents operate strictly within defined boundaries. Safety filters screen both user inputs and AI-generated outputs for inappropriate, unsafe, or noncompliant content. These checks are continuously updated to stay ahead of emerging threats.

Access to AI services is governed by enterprise-grade, role-based access control. Only authorized users can trigger Smart Agent actions, and every interaction is logged with a full audit trail. Session tokens and execution timeouts further reduce risk by limiting exposure and preventing unauthorized reuse of AI responses.

All AI model interactions take place within a validated and secure infrastructure. Connections to external systems, such as ERP, DMS, or LIMS, are established exclusively through tightly controlled APIs and isolated sandbox environments, ensuring that the AI model operates only within its defined permissions. This architecture prevents unintended system modifications and safeguards against unauthorized data access.

Data Privacy by Design: Protecting Patient and Product Information

VAL was designed with data privacy as a foundational principle. Unlike consumer AI platforms that may use user inputs for ongoing model training, VAL uses AI models through a secure API that does not store data or use it to improve the model. Each interaction is stateless and ephemeral, ensuring that no information is retained beyond the active session. This approach prevents inadvertent data leakage and cross-tenant contamination.

Each customer’s data is strictly isolated. For customers using VAL through a secure and compliant cloud infrastructure, all processing occurs within their own private cloud subscription. Data is neither transferred to nor stored by ValGenesis. AI processing occurs in tenant-specific containers that enforce complete separation of data, logic, and execution. This architecture ensures that even within the same deployment environment, no customer data is accessible to another.

VAL adheres to a privacy-first design philosophy. Internal safeguards and access controls are in place to guarantee that data is visible only to authorized users within the customer’s environment.

Conclusion

AI has the potential to radically transform how life sciences organizations manage validation, quality, and compliance. However, realizing this potential requires more than just deploying smart technology, it requires validation, oversight, and an unwavering commitment to safety and privacy.

VAL delivers this validated intelligence. From drafting protocols to detecting anomalies and streamlining workflows, VAL Smart Agents are designed specifically to support GxP processes. Organizations can accelerate validation cycles, reduce risk, and strengthen their compliance posture.

In alignment with current regulatory guidelines, VAL Smart Agents are designed with a clearly defined intended use, do not directly impact GxP operations, and are built using industry best practices, ensuring that VAL is a safe and compliant application for use in regulated environments.

For existing Valgenesis iVal™ customers, VAL can be activated today to deliver immediate automation benefits. For organizations new to ValGenesis, our experts can guide you through an implementation tailored to your systems and regulatory framework.

Take the Next Step Toward AI-Driven Compliance

To explore how VAL can accelerate your validation and compliance processes, visit https://www.valgenesis.com/solution/ai-powered-validation. There, you can learn more about how each Smart Agent functions, what validation packages are available, and how the platform aligns with CQV, CSV, and GAMP 5.

If you’re ready to see VAL in action, request a personalized demo. Our team will walk you through real-world validation scenarios using the Smart Validation Document Generator, Smart Gap Assessor, Smart Anomaly Detector, and more.

If you’re assessing your organization’s readiness for AI adoption, ValGenesis can collaborate with your team on the development of a value discovery pilot. These sessions help map your current processes to VAL use cases and build a pilot plan to evaluate performance

We invite you to start safe and scale smart. With VAL, you don’t have to choose between innovation and compliance, you get both: validated, secure, and ready for the future of life sciences.

References (URLs preserved)

• https://health.ec.europa.eu/document/download/fa336a6e-753b-46fc-b53b-9178bacd8878_en?filename=mp_vol4_chap4_consultation_guideline_en.pdf
• https://health.ec.europa.eu/document/download/40231f18-e564-4043-94de-c031f813d38b_en?filename=mp_vol4_chap4_annex11_consultation_guideline_en.pdf
• https://health.ec.europa.eu/document/download/5f38a92d-bb8e-4264-8898-ea076e926db6_en?filename=mp_vol4_chap4_annex22_consultation_guideline_en.pdf
• https://artificialintelligenceact.eu/ai-act-explorer/#
• https://www.fda.gov/regulatory-information/search-fda-guidance-documents/computer-software-assurance-production-and-quality-system-software-0
• https://www.fda.gov/regulatory-information/search-fda-guidance-documents/considerations-use-artificial-intelligence-support-regulatory-decision-making-drug-and-biological
• https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11
• https://ispe.org/publications/guidance-documents/gamp-5-guide-2nd-edition
• https://owasp.org/www-project-top-ten/
• https://openreview.net/forum?id=SkeHuCVFDr
• https://www.valgenesis.com/solution/ai-powered-validation