Become a TechRadar Insider
The excitement was real, and enterprises moved fast on AI agents. Governance did not.
Deloitte’s recent report found that only 21% of organizations have mature governance for autonomous AI agents, while 73% say they are concerned about AI security and data privacy risks. Most people frame this as a resourcing lag. It’s something far more uncomfortable than that. It is a self-assessment problem.
Chief AI and Product Officer at Exabeam.
Organizations that were running agent pilots in 2024 are now pushing those systems into live security operations, customer workflows and internal decision pipelines. Today, 23% of companies are using agentic AI at least moderately.
Within two years, nearly three in four companies expect to reach that level. But governance did not make the same jump. That gap is a live operational risk, not a planning exercise for next quarter.
Policy wrote the check. Enforcement never cashed it.
AI governance programs tend to stall at the same point: the handoff from policy to enforcement. Organizations write principles, publish guidelines and establish review boards.
What they rarely build is the technical infrastructure to make any of that enforceable at runtime, where agents are actually making decisions and taking actions.
The underlying mismatch is architectural. Traditional governance was designed around human decision-makers and deterministic software with predictable, auditable behavior. Agentic AI operates differently.
These systems interpret instructions, infer intent and act across systems in sequences that no policy document anticipated. Governance built for the old model does not port cleanly.
The category itself has shifted, and most governance frameworks haven’t caught up. “AI agent” has become a catch-all term, but many of the systems entering production today operate less like reactive chat tools and more like persistent digital workers.
They run continuously, operate under their own accounts, have defined access to enterprise tools and pursue ongoing objectives. Governance designed for session-based tools begins to strain when systems become continuous operational actors inside the enterprise.
The checklist trap
Since 2023, the AI governance industry has produced a steady stream of frameworks, standards and guidance documents. Organizations adopted them quickly, in many cases faster than they have adopted the technical controls the frameworks describe.
This is the checklist trap. The framework exists. The box is checked. The risk register shows “mitigated.” And the agent is still running with broad permissions and no behavioral monitoring.
Governance theater is not a neutral outcome. It is actively dangerous because it creates false confidence in controls that have never been technically enforced.
Consider a digital worker deployed to handle customer support tickets. It can issue refunds, access customer records and update billing systems. On paper, its permissions are scoped. In practice, it operates continuously across multiple systems, making decisions at machine speed.
Without enforced boundaries and active monitoring, it becomes a cross-system actor whose effective reach is broader than anyone intended. That drift may not be visible until something goes wrong.
Publishing a policy that mirrors an industry standard and deploying agents that actually operate within enforced boundaries are two entirely different things. The industry has conflated them.
Governance is infrastructure, not documentation
Mature governance is not a static artifact. It is a live system. Enforced controls mean permissions that cannot be exceeded at runtime, not permissions documented as scoped. Monitored behavior means anomaly detection tuned to agent-specific baselines, not log files reviewed after an incident.
The organizations in that 21% treat agent governance the same way strong security organizations treat privileged access management. It is continuous, instrumented and accountable to a named owner. Every production agent has a defined scope, a defined owner and a defined boundary. When it drifts outside that boundary, something fires.
Organizations do not need to gut their existing governance frameworks. The principles are sound. They need to extend identity, access, monitoring and lifecycle controls to explicitly include non-human actors, much like they already do for privileged users.
This is fundamentally a technical infrastructure problem. It requires investment in tooling, in monitoring architecture and in the organizational capacity to act on what the monitoring surfaces. Policy documents cannot substitute for any of it.
What security leaders need to do now
Audit what is running, not what was approved. Most organizations know which agents were approved for deployment. Far fewer have current visibility into what those agents are actually doing in production. Start there.
Replace permission assumptions with permission verification. “Analyst-level access” is not a scope definition. Map every agent to a specific, tested list of actions it needs to perform. If that list cannot be written down and validated, the agent has wider access than its governance accounts for.
Build agent-specific behavioral baselines and treat deviations as incidents. Human SOC monitoring and agent monitoring require different models. Agent behavior outside its defined task pattern is signal, not noise. Instrument accordingly.
Treat AI systems as first-class identities. If a system operates under its own account and can act autonomously, assign it a named owner, scope its access narrowly, monitor its behavior continuously and include it in your lifecycle processes from onboarding to decommissioning.
The gap compounds
The risk is not only that something goes wrong. It is that something goes wrong inside a governance structure that gave everyone involved confidence it would not.
Closing that gap requires shifting from governance on paper to governance in operation by auditing what agents actually do, tightly verifying their permissions, monitoring their behavioral patterns and treating them as accountable identities within the enterprise.
Every quarter that agent deployments scale without enforcement infrastructure is a quarter where the gap between documented governance and operational reality widens. It does not stay static. It compounds. The 21% are not just ahead on compliance.
They are building on a foundation that the other 79% will eventually have to construct anyway, under worse conditions and with less time to get it right.
We've featured the best AI tool.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit