Assessing agentic AI risks with multi-layered governance

IBM Technology. (n.d.). "Risks of Agentic AI: What You Need to Know About Autonomous AI"

Agentic AI represents a different kind of artificial intelligence—systems that can set their own goals, make decisions, and act independently. Traditional AI responds to inputs with outputs. Agentic systems chain those outputs together, building on their own conclusions to pursue larger objectives. This isn't just an incremental improvement in capability. It's autonomous action, and autonomy changes everything about risk.

The question isn't whether to govern these systems. It's how to do it before something goes wrong.

What makes agentic AI different

The distinction matters because it determines your entire approach to risk management. Agentic AI doesn't wait for instructions at each step. It receives a goal and determines the path to get there. Four characteristics define how these systems operate:

Underspecification: The AI gets a broad objective without detailed execution instructions. The method belongs to the agent.

Long-term planning: Decisions build on previous decisions, creating complex sequences that unfold over time.

Goal directedness: Instead of responding to prompts, the system actively works toward an outcome, adjusting its approach as needed.

Direct impact: Many agentic systems operate without humans in the decision loop. Their actions create immediate, real-world consequences.

This autonomy is exactly what elevates the risk. When a system can act independently across multiple steps, you need fundamentally different controls.

Why autonomy amplifies risk

Here's the principle worth remembering: autonomy equals increased risk. The relationship is direct. More autonomy means fewer intervention points, fewer chances for human oversight, and less opportunity to catch errors before they cascade.

The challenge compounds because agentic systems both amplify existing risks—misinformation, faulty decision-making—and create entirely new ones, like novel security vulnerabilities that emerge from chained operations. We can't catalog every possible risk because the combinations keep expanding. That's precisely why you need a structured approach to governance rather than reactive fixes.

Without sufficient experts in the loop to make real-time corrections, errors propagate. The system builds on flawed outputs, and the problems multiply.

Building a multi-layered governance framework

Single-point solutions don't work for agentic AI. You need overlapping controls across technology, processes, and organizational structure. When one layer fails—and assume it will—another catches the problem.

The framework operates across three levels:

Technical safeguards

Interruptability: You need the ability to pause specific requests or shut down the entire system. If something starts going wrong, you stop it.

Human-in-the-loop: Build approval gates where the AI must wait for human input before proceeding with certain actions. Not every action, but the ones that matter.

Data protection: Implement sanitation measures—PII detection, masking—to prevent disclosure of sensitive information.

Process controls

Risk-based permissions: Define what the AI should never do autonomously. Base this on actual risk assessment, not theoretical concerns.

Auditability: If the AI makes a decision, you need to trace how it got there. The reasoning path must be reconstructable.

Monitoring and evaluation: Continuous oversight to detect anomalies, performance degradation, or compliance issues as they develop.

Accountability and structure

Clear responsibility: When AI-driven decisions cause harm, someone in the organization owns that outcome. Establish who, in writing.

Regulatory compliance: Know which regulations apply to your specific use cases. This includes data privacy, consumer protection, and industry-specific requirements.

Vendor accountability: Create mechanisms to hold third-party vendors responsible for their AI models' behavior and performance.

The framework provides the blueprint. Implementation happens in the technical stack.

Embedding guardrails in the agentic stack

For product and engineering teams, defense-in-depth means building controls at every layer. If one fails, the next one prevents failure. Three layers require specific attention:

Model layer: These checks prevent bad actors from making the agent violate organizational policies or ethical standards. First line of defense against malicious use or harmful outputs.

Orchestration layer: Controls here manage operational flow. Infinite loop detection prevents the agent from cycling endlessly—protecting both user experience and costs.

Tool layer: Agents access various tools (APIs, databases) to perform actions. Limit available tools strictly based on function. Role-based access control (RBAC) ensures agents can't exceed their authorized scope.

Beyond layered controls, you need proactive testing and real-time monitoring. Red teaming exposes vulnerabilities before deployment. Once live, automated continuous monitoring catches issues like hallucinations or compliance violations as they emerge.

Guidance for product and engineering leadership

Product managers and engineering leads translate governance principles into working systems. You select and implement the frameworks that make agentic AI both effective and safe. Teams are using four categories of tools:

Models and guardrails: Specialized models and software layers that detect and mitigate risks in prompts and responses.

Agent orchestration frameworks: Platforms that coordinate complex workflows across multiple AI systems with centralized control.

Security-focused guardrails: Tools engineered to enforce security policies and protect sensitive data during AI interactions.

Observability solutions: Deep visibility into AI system behavior for monitoring performance, debugging, and understanding what's actually happening inside the system.

These tools create the technical foundation. But technology alone doesn't establish accountability.

What legal counsel and risk officers should consider

While engineers build technical safeguards, legal and risk teams construct the accountability framework. When decisions get delegated to autonomous systems, fundamental questions about responsibility emerge. Without clear answers, you're exposed. Three areas demand attention:

Define responsibility: Establish formally who takes ownership when autonomous AI decisions cause financial, physical, or reputational harm. Document the chain of accountability.

Map regulations: Determine proactively which regulations apply to specific AI use cases—existing ones and those emerging. Don't wait for enforcement actions to figure this out.

Vendor accountability: For third-party AI models or platforms, create contractual and procedural mechanisms that establish clear responsibility for technology behavior.

Governance maintains human control. AI should empower the organization, not create unmanaged liability.

What now?

Agentic AI demands a different approach to governance—proactive, structured, layered. The challenge: implement guardrails before delegating consequential actions to autonomous systems. The technology's capabilities will expand. The accountability won't be delegated. It stays with the humans operating the systems.