A recent Deloitte report found that only 21% of organizations have established mature governance for autonomous AI agents. At the same time, 73% say they are concerned about AI security and data privacy risks. Concern is high while the infrastructure to act on it is rare.
Today, 23% of companies use agentic AI at least moderately. Within two years, nearly three in four companies expect to reach that level. The question is whether they will have built the governance foundation to support it.
From Policy to Enforcement: Where Governance Fails
Most organizations can point to an AI governance framework. Principles are documented, review boards exist, and risk looks contained on the surface.
What rarely gets built is the infrastructure to enforce any of it at runtime, where agents are really making decisions and touching data.
The mismatch is architectural. Traditional governance was built around human decision-makers and predictable, auditable software. Agentic AI operates differently; interpreting instructions, inferring intent, and acting across multiple systems in sequences that no policy document anticipated.
Agents Behave Like Persistent Digital Workers
Many systems moving into production today operate less like reactive chat tools and more like persistent digital workers. The distinction matters for governance.
A persistent agent:
- Runs continuously rather than responding to individual prompts
- Operates under its own account with its own credentials
- Has defined access to enterprise tools, systems, and data
- Pursues ongoing objectives rather than completing discrete tasks
Consider an AI agent handling customer support. It can issue refunds, access customer records, and update billing systems. Its permissions may look scoped on paper. In practice, it runs continuously across multiple systems with no human reviewing its decisions in real time or making sure the agent’s reach is no broader than intended.
The Checklist Trap
Since 2023, the AI governance industry has produced a steady stream of frameworks, standards, and guidance documents. Organizations have adopted them quickly, in many cases faster than they have adopted the technical controls those frameworks describe.
The result is that the framework exists, the box is checked, and the agent is still running with access it was never validated to have.
False confidence in unenforced controls is an active risk. Publishing a policy that mirrors an industry standard and actually deploying agents within enforced boundaries are two very different things. Companies that treat them as equivalent are accumulating risk with every agent they set up.
An Emerging Management Model
Microsoft CEO Satya Nadella recently described running up to 100 AI coding agents simultaneously and finding the cognitive load of managing them through standard chat interfaces overwhelming.
His solution: treat agents like employees. “You need to give them identities, you need to give them sandboxes, then you need to set policies to govern them.”
Nadella outlined four pillars for organizational confidence in agents:
- Security
- Containment
- Manageability
- Observability
Each pillar is fundamentally a data governance question. Security and containment are about what data an agent can reach and what holds that access in check. Manageability and observability are about whether you can see what an agent does with that data and respond when something drifts.
Governance is Infrastructure
The 21% of organizations with mature agent governance treat it like privileged access management: continuous and accountable to a named owner.
Mature governance at the data layer looks like this in practice:
- Every agent has a defined scope, a named owner, and enforced access limits it cannot exceed at runtime
- Behavioral monitoring runs against agent-specific baselines, not just post-incident logs
- Deviations from expected behavior trigger incidents automatically
- Agents move through a full lifecycle from onboarding to decommissioning, the same way privileged users do
The technical task is extending identity, access, and lifecycle controls to cover non-human actors. A unified data governance layer that manages data in-place, indexes it across the enterprise, and enforces policy at the access level is the foundation that agent governance requires. Without visibility into what data agents can reach and what they do with it, the rest of the framework is purely aspirational.
What Governance Leaders Should Do Now
- Audit what agents actually do in production. Organizations know which agents were approved, but few know what those agents are doing with enterprise data day to day.
- Verify permissions against a specific, tested list of data and actions each agent needs to perform. If that list cannot be written down and validated, the agent has wider access than its governance accounts for.
- Build agent-specific behavioral baselines and treat deviations as incidents. Agent behavior outside its defined task pattern is signal, not noise.
- Assign every autonomous system a named owner, scope its access, monitor its behavior continuously, and include it in lifecycle processes from day one.
The Problem Compounds
Every quarter of scaling agents without enforcement infrastructure, the gap between policy and reality widens.
The 21% building mature agent governance today are not just ahead on compliance. They are building a foundation the other 79% will have to construct anyway when regulations tighten, under worse conditions and with less time.
Closing the gap starts at the data layer: knowing what agents can access, enforcing the boundaries that contain that access, and maintaining the visibility to act when something changes.
