Building AI Governance for the Agentic Enterprise

In our previous post, we outlined how agents mark a significant step-change in the evolution of AI, and the implications on AI governance. To keep up with these autonomous entities, governance must elevate from a point-in-time exercise to continuous oversight, and with a shift in focus must from models and data to systems and actions.

‍

To help on your agentic governance journey, there are a few key actions to keep front and center to evolve with this new agentic reality.

‍

Agent Inventory & Risk Assessment

‍

The AI inventory enables an enterprise to have full visibility of their AI footprint. In the agentic era, whether an agent should be submitted into the AI inventory will largely depend on its autonomy, risk, and business value. There is a real possibility that agents will eventually become democratized similar to other technologies in the past (e.g., Microsoft Excel). As a result, we predict that there will be two emerging classes of agents: agents used in enterprise workflow processes, and agents as personal productivity tools. A large proportion of personal productivity agents may not need to be inventoried, assuming they are very contained and bear immaterial risk.

‍

On the other hand, agents used in enterprise processes should be inventoried appropriately, and your existing intake process will likely need to be augmented to capture metadata specific to agents (tool access, write/modify permissions, etc.).

‍

After new agents are submitted into the AI inventory, they should be evaluated based on their risk tier. Agents significantly elevate the risk posture that AI poses to enterprises, since they are both a force multiplier for existing risks and a catalyst of new ones that traditional technology risk programs have not been adapted for.

‍

An agent’s risk tier should be based on their level of autonomy and materiality, and reflect factors such as access to sensitive data, external exposure, tolerance for error, and task complexity. Agents can be governed based on the magnitude of risks that they introduce to the enterprise, with higher-risk agents receiving more scrutiny and control requirements than lower risk agents. For example, higher-risk agents may also be required to undergo independent periodic reviews and security red-teaming exercises.

‍

Agentic Controls

‍

Several areas of the control framework will need to be augmented to address new and augmented risks from agents.

‍

Sub: Access Guardrails

‍

One of the most critical aspects of ensuring agents are securely deployed will include adopting the Principle of Least Agency. AI agents should be granted a minimum amount of autonomy, tools, memory, and execution rights necessary to complete their specific tasks. This principle can be enforced through a number of ways, including structurally via an MCP gateway, where the MCP server can help block requests not defined in its JSON schema.

‍

Additionally, access should be managed by treating an agent as a highly restricted Non-Human Identity (NHI), where the agent can be given scoped tokens to limit what they can read or act on within the enterprise network. Tokens can be made time-bound and automatically expire the moment tasks are completed. By implementing these and other security controls, the enterprise can considerably limit the ‘blast radius’ in the event of a failure and prevent unintended outcomes.

‍

Sub: Continuous Monitoring

‍

In production, agents should be continuously monitoring across three distinct layers: reasoning, execution, and resource consumption. At the reasoning layer, an agent’s intentions and reasoning should be documented and evaluated to spot anomalies that may indicate potential goal hijacking or drift. At execution, each tool call, database query, or API request must be intercepted and logged to enable activity auditing of the agent’s behavior. Proactive measures such as circuit breakers and session freezes must be enabled to allow for proactive intervention when there is something wrong.

‍

Ownership & Knowledge Transfer

‍

In a future where agents are widely used, users will need to bear an even greater level of responsibility. Agent owners will be responsible for any adverse actions the agents take. With the impact and likelihood of a risk event heightened based on their very nature, there may be a future where governance is more proactively taken on by business owners rather than delegated from a central AI governance function.

‍

Establishing education/knowledge expectations will be a significant undertaking, and in some enterprises the additional responsibility of delivering these programs. Agentic governance must rely on continuous education for the successful and safe deployment of agents as a personal productive tool. For enterprise agents, everyone within key organizational workflows should understand how agents are being utilized in areas where they have responsibility.  

‍

Increased Integration of Data Governance with AI Governance

‍

Agents relying on high quality data will require enhanced data governance. As a consequence, this function will play an even greater role in AI Governance. Owners of agents will be subject to enhanced data governance controls. Ultimately, because an agent's behavioral output is entirely dependent on the integrity of the data it ingests, a company cannot achieve robust AI governance without first establishing absolute control over its underlying data estate. Therefore, data governance needs to be tightly integrated with AI governance, as data quality and risk will be increasingly critical to enable effective and accurate agentic performance.

‍

Conclusion

‍

As agents introduce transformational changes to enterprise workflows, effective AI governance will be a differentiating factor that determines what enterprises are quick to lead the pack and laggards who stumble at the starting line. By adopting these principles, you’ll be in a good position to get a strong start out of the gate.

‍