Dive Brief:
- Applying a uniform governance strategy to all AI agents leads to higher project failure rates for enterprises, a Gartner report found. The firm predicts that by 2027, 40% of companies will decommission agents because tech teams haven't distinguished between an agent’s ability to act and the scope of access it is granted.
- Many teams find that when they scale a tool or push it to production, it has the capacity to do things it shouldn't do, Shiva Varma, senior director analyst at Gartner told CIO Dive. “A lot of organizations either have no AI governance at all, no agent governance, or they have a very blanket policy approach to that governance.”
- A proportional governance approach that gives different agents strategic levels of clearances and autonomy can keep organizations from experiencing these failures, Gartner found.
Dive Insight:
Almost as quickly as enterprises worked to adopt AI tools, companies have had to form human oversight and governance policies for autonomous agents with access to sensitive information. AI providers have also invested in offering governance features to quickly adapting agentic workflows.
Many enterprises treat AI agent governance with a binary approach, either fully controlled or fully trusted, Shiva Varma, senior director analyst at Gartner said. When all agents get the same controls, organizations can over-restrict simple agents which slows delivery and drives shadow development, or they under-restrict autonomous agents which increases security and risk concerns, he said.
Gartner suggests taking a proportional approach to governance, with four different levels of autonomy and boundaries — observe, advise, act with approval and act autonomously — depending on the agent’s role. Agents primarily deployed to read or summarize a document may only need baseline controls, such as scoped data access or user authentication, Varma said.
But agents used to advise or generate recommendations with human review will need higher levels of oversight like output quality review, hallucination testing and user training on appropriate reliance. Agents that can act with approval, like sending communication or modifying configurations need “meaningful control,” Varma said.
Agents that act autonomously to execute actions independently need the most guardrails, Gartner said.
“That's when you need to be very, very specific and careful about how you calibrate your guardrails and ensure that you have some human sampling as well,” Varma said.
Though 80% of tech leaders recently surveyed by Solvd said they feel pressure to make AI projects work, enterprises with successful guardrails usually work with cross-functional teams, including tech C-suite, engineers, the business and legal teams, Varma said.
“[Governance] shouldn't be sitting with one individual person, that's already a failure mode,” he said. “The whole point is that it's a shared, repeatable classification. It's not a top-down decree from a single executive.”
