Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

Why AI agents will make your governance playbook obsolete

Large Australian banks have started implementing agentic AI at scale this year. The same is happening across the country’s larger enterprises. These are not pilots, but production systems that are the tip of a global trend. Research company Gartner expects 40% of enterprises to embed AI agents in applications by the end of 2026, up from less than 5% in 2025 — an eightfold jump in 12 months.

Most governance teams at enterprises are responding to these changes by building playbooks as they always have: through committees, policies, approval gates and periodic audits. It’s a model that assumes humans review most decisions and that governance is a central function that sets and enforces all the rules. None of those assumptions holds for AI agents. The playbook most organisations are drafting at this moment is already obsolete before it is even finished.

In our view, three central changes must happen together for AI governance to work in environments where agents are used at scale:

  • Enterprises need agents’ behavioural telemetry, which they currently lack, to better understand what the bots are doing from a quality, compliance and cost perspective.
  • They need controls that operate at the speed of the systems they govern, which means AI helping govern AI.
  • They must distribute accountability across the organisation, because no centralised system can keep up with what is happening.

Find it and measure it

“You cannot govern what you cannot measure” sounds like a platitude, but most enterprises do not yet know how to measure AI agents’ actions. For instance, what counts as normal agent behaviour? What telemetry tells you that an agent is drifting from its original scope? What does an incident look like when it is not a single breach but four hundred micro-decisions, each individually defensible, that add up to an outcome you would never have approved or anticipated?

Businesses are still working this out. In the meantime, they are building and deploying agents without the capacity to see or understand in detail what they are doing.

A 2026 Gravitee survey found that only 24.4% of organisations report having full visibility into how AI agents communicate with one another. Almost nine in ten (88%) have reported “confirmed or suspected” agent security incidents in the past year. Despite that, 82% of executives say they are confident that existing policies protect against unauthorised agent actions.

These numbers indicate a widening gap between confidence and risk whenever AI agents are deployed. In my experience working with enterprise clients across the region, this gap is not a matter of negligence. Most governance teams are doing what they have always done well. The problem is that the systems they are now responsible for are behaving in ways their existing tools were never designed to detect.

Visibility matters because policy, control frameworks and ethics boards are all scaffolding that collapses without behavioural data that can be analysed and acted upon. You cannot write a meaningful policy for a system whose normal actions and performance you have never characterised or audit an agent whose decisions you cannot investigate or understand.

In this context, observability means instrumentation, baselines, anomaly detection on agent behaviour and telemetry that humans can interpret.

Governance at machine speed

Once you can see and understand what agents are doing, the next problem is how to manage them at scale. When the average enterprise runs 12 agents, as Salesforce’s 2026 Connectivity Report suggests, human oversight is still feasible. When leading deployments are already running into the hundreds — IQVIA has deployed more than 150 agents, for example — that approach stops working.

We don’t necessarily need a completely new security framework, but the updated model must allow companies to operate non-human interactions at scale with confidence. And the only way to ensure this is to use AIs to govern other AIs, because it is not economical to rely solely on humans to do the work.

This agentic AI governance model needs to monitor agentic behaviour and respond within milliseconds when needed. It must provide situational awareness and key insights to support informed decision-making.

Humans are responsible for establishing the parameters and guardrails, but they only intervene on demand and spend most of their focus on continuously improving their AI governance capabilities and the governance agents.

Distributed accountability

If governance must be observed continuously at machine speed and at a high level of complexity, no single function can do it all. That is why another essential change is organisational, with accountability distributed by design.

Today, most businesses use a centralised model that no longer works. Legal owns policy; security focuses on runtime monitoring and response; developers build controls into the agents themselves. The problem is that each function is limited in its own way.

Security can monitor telemetry data, for instance, but lacks insight into what each agent is supposed to do and therefore cannot develop customised anomaly-detection controls.

Closing the gaps in the overall systems requires understanding a specific approach to building agents. Developers cannot simply ship unmanaged agents that operate in stealth mode. They need to send key metrics to a centralised AI governance layer. To enable this layer, a clear shared responsibility model between the developer and governance functions must be defined. Developers are required to implement reporting hooks that generate data to create key metrics and task-specific insights and detect anomalies across clearly defined governance domains.

The centralised AI governance layer analyses this incoming data from the agents and provides situation awareness across all deployed AI agents. Guardrails that are baked into AI agents can’t be trusted, as they have proven to be vulnerable to prompt injection attacks. That is why an independent AI-powered governance layer is required to supervise all agent behaviour and provide insights and key metrics to key stakeholders.

Distributed accountability like this is hard to set up. It requires an understanding of the reasons behind the changes and an agreement between many stakeholders on how the new model must operate and where different responsibilities lie. It also needs a shared language across functions that have not historically worked together at this pace and clarity about who decides what when something goes wrong. But it is the only model that survives an environment with AI agents deployed at scale.

Faster decisions, new mindset

One way to think about these changes is to reflect on cloud adoption over time. That experience showed us that investing in governance and assurance early reduced risks and created a competitive advantage for the businesses that understood why they should do it. The same dynamic is playing out with AI agents, only faster, more distributed and very likely at a much larger scale.

Managing security, compliance, privacy, responsible AI, quality and cost in an agentic world at machine speed hasn’t been done before. Vendors help innovate on the customer’s behalf and can offer building blocks for this governance layer. But organisations also need to consider creating AI-powered custom capabilities to fill their processes and observability gaps. AI governance teams, therefore, require engineering capabilities and an agentic development environment that is tightly integrated with out-of-the-box AI security and compliance solutions.

What I see across the market right now is that the professionals responsible for governance have the expertise and experience to lead this shift. What they need is the confidence to rethink their operating model and recognise that the centralised control they are accustomed to will not scale for agentic environments. Good governance practices that consider people, processes and technology have always paid off in the long run. Now is the time to define the individual North Star for your AI governance layer, because retrofitting these capabilities will carry high risk and cost.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?


Read More from This Article: Why AI agents will make your governance playbook obsolete
Source: News

Category: NewsJuly 6, 2026
Tags: art

Post navigation

PreviousPrevious post:채용·출장비 줄인 SAP, AI 투자 재원 확보 나서NextNext post:El éxito de la IA depende de la preparación de la plantilla

Related posts

6 new rules of IT leadership — and what they replace
July 6, 2026
Playing to win at the AI casino
July 6, 2026
AI doesn’t eliminate inefficiency. It amplifies it
July 6, 2026
시스코, 사내 AI 비서로 ‘섀도 AI’ 차단…직원당 주 5~6시간 업무 절감
July 6, 2026
벤더 종속 vs 빠른 구축…MS·AWS FDE 도입 전 따져볼 것들
July 6, 2026
채용·출장비 줄인 SAP, AI 투자 재원 확보 나서
July 6, 2026
Recent Posts
  • 6 new rules of IT leadership — and what they replace
  • Playing to win at the AI casino
  • AI doesn’t eliminate inefficiency. It amplifies it
  • 시스코, 사내 AI 비서로 ‘섀도 AI’ 차단…직원당 주 5~6시간 업무 절감
  • 벤더 종속 vs 빠른 구축…MS·AWS FDE 도입 전 따져볼 것들
Recent Comments
    Archives
    • July 2026
    • June 2026
    • May 2026
    • April 2026
    • March 2026
    • February 2026
    • January 2026
    • December 2025
    • November 2025
    • October 2025
    • September 2025
    • August 2025
    • July 2025
    • June 2025
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.