'One-size-fits-all' agent governance sets enterprises up to fail
Gartner recommends a graded approach for agents, depending on their level of autonomy
Governance failures are set to lead to four-in-ten organizations demoting or decommissioning autonomous AI agents over the next year.
In a new report, Gartner warns that a 'one-size-fits-all' approach to governance means that organizations are failing to distinguish between an agent's ability to act and the scope of access it is granted – and that governance gaps are often identified only after production incidents occur.
"Organizations are treating AI agent governance as binary, either locked down or fully trusted, and that is the root cause of failure," said Shiva Varma, senior director analyst at Gartner.
"Agents operate at different autonomy levels and across different trust boundaries. When the same controls are applied indiscriminately, organizations encounter two common failure modes: over-restriction of simple agents, which slows delivery and drives shadow development, or under-restriction of more autonomous agents, which increases operational, security, and compliance risk."
Gartner believes it has the solution, in the form of a proportional governance approach that classifies AI agents across distinct autonomy levels, with each level representing a different trust boundary and corresponding governance requirements.
The first covers 'observe' agents, limited to read-only access to defined data sources, with outputs visible only to the user making a request – functions such as document summarization, data or knowledge retrieval, and code explanation.
"At this level, governance should focus on baseline controls such as scoped data access, user authentication, usage logging, and basic functional and security testing," said Varma. "Because risk is limited primarily to data exposure and output accuracy, controls should remain lightweight and targeted."
The second level consists of 'advise' agents, which generate recommendations, drafts, or proposed actions, while humans review all outputs and execute actions manually. These agents retain read‑only access with no write access to any system, with use cases including email drafting, report or code generation, and decision support.
Although decisions are only implemented by humans, these advisory agents can often be trusted too much, due to automation bias.
"Governance for advise agents should include all Level 1 controls and extend to addressing output quality and decision influence through accuracy and hallucination testing, domain-specific quality evaluations, and user training on appropriate reliance levels," said Varma.
'Act with approval' agents, meanwhile, can carry out actions such as writing data, sending communications, or modifying configurations – but only after explicit human approval for every action.
"At this level, human review is effective only if it remains a meaningful control," said Varma. "Without strong security testing, clear approval workflows with audit trails, and agent‑specific incident response procedures, approvals can degrade under time pressure or approval fatigue, creating a false sense of safety while expanding the attack surface."
And finally, at the highest level of autonomy, agents execute actions independently within defined guardrails, with humans reviewing exceptions, audit logs and aggregated outcomes rather than individual decisions.
"When agents operate autonomously, actions are executed at a scale and speed that can outpace human oversight," said Varma.
"Because accountability for outcomes remains with the organization, this level requires the most rigorous governance, including continuous monitoring, enforced guardrails, rapid rollback mechanisms, circuit breakers that halt agent operation on threshold violations and clear ownership for agent behaviour."
-
The Gentlemen ramp up attacks to become the second most active ransomware groupNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Zyxel NWA240BE reviewReviews Zyxel's affordable tri-band Wi-Fi 7 AP offers businesses a remarkably good performance and great remote management features
-
Google adds AI to the search boxNews Major changes for how Google's search functions with the integration of AI tools
-
Dell unveils Deskside Agentic AI at Dell Technologies World 2026News Deskside Agentic AI is the latest in the Dell AI Factory with Nvidia stable, with the company saying it further demonstrates its end-to-end enterprise AI capability
-
AI agents aren’t cutting it in customer serviceNews Three-quarters of companies have had to pause or halt deployments of AI agents in customer service
-
'Advisory AI has run its course': ServiceNow wants agents working in every corner of your businessNews A big update to ServiceNow’s Autonomous Workforce service looks to ramp up automation
-
Google is building its own OpenClaw alternative — Remy ‘elevates the Gemini app into a true assistant’News The OpenClaw-style agent, dubbed ‘Remy’, is reportedly being tested by developers internally
-
Nine seconds was all it took for an AI agent to wipe a startup’s database —experts warn it’s a glimpse into the future challenges of identity securityNews The recent PocketOS incident shows the growing identity security risks associated with AI agents, according to cyber experts
-
Four things you need to know about OpenAI’s new workspace agents for ChatGPT – including how to build your ownNews New ‘workspace agents’ from OpenAI will automate tasks for workers and can be customized for specific roles
-
‘Fragmentation is poison’: How Microsoft is targeting disparate data to boost AI adoptionNews Amir Netz, the co-creator of Microsoft's Power BI service, tells ITPro that business context is key to effective AI deployment.
