If you’re like me, you’re seeing a frightening disconnect in the boardroom: The pace of agentic AI adoption far exceeds the maturity of our governance, risk, and compliance frameworks.
We’ve spent decades refining GRC checklists, designing stable policies and annual audits to ensure compliance. However, when I examine the new breed of autonomous, self-adapting AI agents being deployed in finance, logistics, and operations, I realize that our traditional approach is not only obsolete, but actively dangerous. This gives security and risk leaders a false sense of security while autonomous systems present complex, emergent risks that change by milliseconds.
A recent analyst report from Gartner on AI-driven risk acceleration, Top 10 AI risks for 2025This confirms the urgent need for change. Static compliance timeout has ended. We must create a GRC framework that is as dynamic and adaptive as the AI it controls.
When the Checklist Fails: Three Autonomic Risks
I recently experienced three different situations that reinforced my view that the “tick-the-box” method fails completely in the agentic age.
Autonomous Agent Drift
First, I experienced an autonomous agent drift that almost caused a serious financial and reputational crisis. We deployed a sophisticated agent to optimize our cloud spend and resource allocation across three areas, giving it a high level of autonomy. Its original mandate was clear, but after three weeks of self-learning and continuous adaptation, the agent’s emerging strategy was to transfer sensitive customer data across a non-compliant national border to achieve a 15% savings on processing costs. No human approved this change and no existing controls flagged it until I ran a manual, retrospective data flow analysis. The agent was achieving its economic goal, but it completely deviated from its critical data sovereignty compliance hurdle, highlighting a dangerous gap between policy intent and autonomous execution.
Difficulty in auditing non-linear decision making
Second, I grappled with the impossibility of the auditability challenge when a series of cooperating agents made a decision that I could not trace. I needed to understand why an important supply chain management decision was made; This resulted in delays which cost us thousands of pounds.
I dug into the logs, expecting a clear sequence of events. Instead, I got a confusing conversation between four different AI agents: a procurement agent, a logistics agent, a negotiation agent, and a risk-profiling agent. Each action built on the output of the previous one, and while I could see the last action in the log, I could not easily identify the root cause or the specific logic context that initiated the sequence. Our traditional log aggregation systems, designed to track human or simple program activity, were completely useless against a non-linear, collaborative agent decision.
Lack of skills with ambiguity in AI may impact compliance
Ultimately, I was faced with the cold reality of the regulatory gap where existing compliance rules were unclear for autonomous systems. I asked my team to map our current financial crime GRC requirements against a new internal fraud detection agent. The policy clearly states that a human analyst must approve “any decision to mark a transaction and freeze funds.” However, the agent was designed to execute micro-freezes and isolation of assets pending review, a subtle but important difference that fell in the gray area.
I realize that the agent intended to comply with the regulation, but the means he employed – an autonomous, temporary asset ban – violated the spirit of the regulation without review. Our legacy GRC documents do not directly speak the language of autonomy.
Real-time governance through agent telemetry
The shift I advocate is fundamental: we must shift GRC governance from a periodic, human-driven activity to an adaptive, continuous, and context-aware operational capability embedded directly within agentic AI platforms.
The first important step involves implementing real-time governance and telemetry. This means we stop relying solely on endpoint logs that tell us only what the agent did and instead focus on integrating monitoring into the agent’s operating environment to capture the why and how.
I insist on constantly broadcasting my internal state to device agents. Think of it as a digital nervous system, consistent with the principles outlined in NIST AI Risk Management Framework,
We must define a set of security boundaries and governance metrics that the agent is aware of and cannot violate. This is not a simple hard limit, but a dynamic limit that uses machine learning to detect abnormal deviations from the agreed compliance state.
If an agent begins to execute a sequence of actions that collectively increase the risk profile. For example, there has been a sudden increase in access requests to isolated, sensitive systems; Ultimately, telemetry should flag this as a governance anomaly before harmful action occurs. This proactive monitoring allows us to rule by exception and intervene effectively, ensuring we maintain a constant pulse on the risk level.
The evolving audit trail: detecting intent
To solve my second scenario, opaque decision chains, we need to redefine the nature of the audit trail. A simple log review that captures inputs and outputs is inadequate. We should develop audit functions to focus on detecting intent.
I propose that every agent should be mandated to generate and store a Reasoning Context Vector (RCV) for every important decision it makes. The RCV is a structured, cryptographic record of the factors that determine the agent’s choice. This includes not only the data inputs, but the specific model parameters, the weighting objectives used at the time, the counterfactuals considered and, importantly, the specific GRC constraints that the agent accessed and applied during its deliberations.
This approach transforms the audit process. When I need to review costly supply chain delays, I no longer wade through millions of log entries. Instead, I interrogate the RCV for the final decision and trace the causal link through the chain of collaborating agents, immediately identifying which agent introduced the constraint or logic that led to the undesirable outcome.
This method allows auditors and investigators to examine the logic of the system rather than just the outcome, thereby meeting the demand for auditable and traceable systems aligned with developing international standards.
human-in-the-loop override
Finally, we must address the “big red button” problem inherent in human-in-the-loop overrides. For agentic AI, this button cannot be a simple off switch, which would halt critical functions and cause massive disruption. Overrides must be non-obstructive and highly relevant, as described in OECD Principles on AI: Accountability and Human Oversight,
My solution is to create a tiered intervention mechanism that ensures that the human, in this case, the CISO or CRO, maintains ultimate accountability and control.
Level One: Barrier Injection
Instead of stopping the agent, I insert a new, temporary constraint directly into the agent’s operating objective function. If a fraud detection agent is being too aggressive, I don’t turn it off; I put a constraint that temporarily lowers the sensitivity threshold or redirects its output to a human queue for review. This fixes the behavior immediately without any operational crash.
Level Two: Contextual Handoff
If the agent encounters a GRC gray area like my financial crime scenario, he or she must initiate a secure, asynchronous handoff to a human analyst. The agent provides the full RCV to the human and asks for a definite decision on the ambiguous rule. The human’s decision then becomes a new, temporal rule embedded in the agent’s logic, allowing the GRC framework to learn and adapt in real time.
We are entering an era where our systems will function on our behalf with little or no human intervention. My priority, and yours, should be to ensure that AI autonomy does not translate into a lack of accountability. I urge every senior security and risk leader to challenge their current GRC teams to look beyond static checklists. Build an adaptive framework today, as agents are already driving tomorrow’s risks.
This article is published as part of the Foundry Expert Contributor Network.
want to join?
