'One-size-fits-all' agent governance sets enterprises up to fail
Gartner recommends a graded approach for agents, depending on their level of autonomy
Governance failures are set to lead to four-in-ten organizations demoting or decommissioning autonomous AI agents over the next year.
In a new report, Gartner warns that a 'one-size-fits-all' approach to governance means that organizations are failing to distinguish between an agent's ability to act and the scope of access it is granted – and that governance gaps are often identified only after production incidents occur.
"Organizations are treating AI agent governance as binary, either locked down or fully trusted, and that is the root cause of failure," said Shiva Varma, senior director analyst at Gartner.
"Agents operate at different autonomy levels and across different trust boundaries. When the same controls are applied indiscriminately, organizations encounter two common failure modes: over-restriction of simple agents, which slows delivery and drives shadow development, or under-restriction of more autonomous agents, which increases operational, security, and compliance risk."
Gartner believes it has the solution, in the form of a proportional governance approach that classifies AI agents across distinct autonomy levels, with each level representing a different trust boundary and corresponding governance requirements.
The first covers 'observe' agents, limited to read-only access to defined data sources, with outputs visible only to the user making a request – functions such as document summarization, data or knowledge retrieval, and code explanation.
"At this level, governance should focus on baseline controls such as scoped data access, user authentication, usage logging, and basic functional and security testing," said Varma. "Because risk is limited primarily to data exposure and output accuracy, controls should remain lightweight and targeted."
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
The second level consists of 'advise' agents, which generate recommendations, drafts, or proposed actions, while humans review all outputs and execute actions manually. These agents retain read‑only access with no write access to any system, with use cases including email drafting, report or code generation, and decision support.
Although decisions are only implemented by humans, these advisory agents can often be trusted too much, due to automation bias.
"Governance for advise agents should include all Level 1 controls and extend to addressing output quality and decision influence through accuracy and hallucination testing, domain-specific quality evaluations, and user training on appropriate reliance levels," said Varma.
'Act with approval' agents, meanwhile, can carry out actions such as writing data, sending communications, or modifying configurations – but only after explicit human approval for every action.
"At this level, human review is effective only if it remains a meaningful control," said Varma. "Without strong security testing, clear approval workflows with audit trails, and agent‑specific incident response procedures, approvals can degrade under time pressure or approval fatigue, creating a false sense of safety while expanding the attack surface."
And finally, at the highest level of autonomy, agents execute actions independently within defined guardrails, with humans reviewing exceptions, audit logs and aggregated outcomes rather than individual decisions.
"When agents operate autonomously, actions are executed at a scale and speed that can outpace human oversight," said Varma.
"Because accountability for outcomes remains with the organization, this level requires the most rigorous governance, including continuous monitoring, enforced guardrails, rapid rollback mechanisms, circuit breakers that halt agent operation on threshold violations and clear ownership for agent behaviour."
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
Databricks launches AI co-worker, Genie OneNews The AI program is designed to help business teams manage workflows and automate work-related tasks
-
HPE AI Factory adds features to improve your experience with agentsNews The HPE AI Factory will now offer the Nvidia Agent Toolkit software, such as Nvidia Nemotron open models and Nvidia NemoClaw
-
'Most enterprises are still unprepared to operationalize it': IT leaders are bullish on agents, but keeping falling at the final hurdle – here's whyNews Forrester points to challenges scaling agentic AI, saying companies start rolling out the tech before they're ready to scale
-
Google adds AI to the search boxNews Major changes for how Google's search functions with the integration of AI tools
-
Dell unveils Deskside Agentic AI at Dell Technologies World 2026News Deskside Agentic AI is the latest in the Dell AI Factory with Nvidia stable, with the company saying it further demonstrates its end-to-end enterprise AI capability
-
AI agents aren’t cutting it in customer serviceNews Three-quarters of companies have had to pause or halt deployments of AI agents in customer service
-
'Advisory AI has run its course': ServiceNow wants agents working in every corner of your businessNews A big update to ServiceNow’s Autonomous Workforce service looks to ramp up automation