Why your 2026 IT strategy needs an agentic constitution

For decades, the IT operations manual was a dense, 50-page PDF — a document designed by humans, for humans, and usually destined to gather digital dust until an audit required its retrieval. But as we enter 2026, the traditional standard operating procedure (SOP) is officially on life support. Humans are no longer the primary users of their own manuals.

Our systems are becoming agentic, deploying autonomous agents that don’t just monitor dashboards but actively “think,” plan, and execute changes within our infrastructure. These agents cannot read a PDF, nor can they “interpret the spirit” of a security policy written in legalese. If you want to maintain control in an era of autonomous IT, you must move beyond static guardrails and adopt an Agentic Constitution, which is the enterprise application of Constitutional AI, a term pioneered by Anthropic.

From policy on paper to policy as code 

In the past, IT governance was a reactive “check-the-box” exercise. The modern enterprise must shift toward Policy as Code (PaC).

• The pre-frontal cortex: An Agentic Constitution is a machine-readable set of foundational principles for your autonomous systems.
• Operational boundaries: They define what an agent can do and the ethical boundaries it must never cross.
• Actionable rules: An example of an encoded hard rule is: “Never modify production data during peak hours without a human-in-the-loop token”.
• Understandable by LLMs: These rules are actionable and understandable by the models powering your orchestration.

This shift represents a fundamental transformation: the role of the IT professional is moving from “Operator” to “Architect of Intent”. IT professionals are no longer the ones turning the wrenches; they are the ones writing the rules of engagement.

The hierarchy of autonomy: A framework for IT ops 

To scale AI capabilities without ceding total control of the “kill switch”, enterprises should adopt a hierarchy of autonomy, a framework credited to the foundational work of Thomas Sheridan & William Verplank (1978).

Tier 1: Full autonomy (the low-hanging fruit) 

• Description: Tasks where the cost of human intervention exceeds the value of the task.
• Examples: 
  • Auto-scaling 
  • Log rotation 
  • Basic ticket routing 
  • Cache clearing 
• Governance: Defined by threshold-based triggers within a “sandbox of trust”.

Tier 2: Supervised autonomy (the ‘check-back’ zone) 

• Description: Agents perform heavy lifting — gathering data and identifying fixes — but require a “human nod” before final execution.
• Examples: 
  • System patching 
  • User provisioning 
  • Non-critical configuration changes 
• Governance: Agents must present a “reasoning trace” to the admin explaining why the action is being taken.

Tier 3: Human-only (the red line) 

• Description: “Existential” actions that no agent should ever perform autonomously.
• Examples: 
  • Database deletions 
  • Critical security overrides 
  • Modifications to the Agentic Constitution itself 
• Governance: Multi-factor authentication (MFA) or multi-person “dual-key” approvals.

Reducing the ‘hidden attack surface’ 

Implementing a centralized constitution helps mitigate the risks of shadow AI agents — autonomous tools deployed without central IT oversight.

• Unified API: Any agent must “authenticate” against the constitution before it can interact with core infrastructure.
• Compliance history: This creates a centralized audit trail invaluable for compliance frameworks like SOC2 or the EU AI Act.
• Verifiable decision-making: You are building a verifiable history of autonomous decision-making.

The human voice in a machine world 

The “Constitution” is a human document representing the collective wisdom of your engineers.

• Architects of intent: The role of the IT professional shifts from “Operator” to “Architect of Intent”.
• Cultural shift: IT teams must move away from “hero culture” firefighting toward a culture of systemic governance.

Conclusion: Starting your constitutional convention 

If you rely on human-readable SOPs in the second half of the decade, your IT operations will become a bottleneck for the business.

Steps to take this quarter:

• Identify red lines: Gather lead architects to define your Tier 3 boundaries.
• Map automated wins: Identify Tier 1 tasks for immediate automation.
• Focus on strategy: Ensure humans focus on strategy and innovation, not babysitting a bot.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?