Right now, somewhere in your business, a piece of software is making a decision you havent reviewed.
It might be quoting a customer a price your finance team would have flagged. Or booking a courier route through a country your compliance team would have stopped. Or resolving a support ticket by promising a refund you cant actually honour. The software in question is what the industry now calls an AI agent: a system that doesnt just answer questions, but takes actions, calls other tools, and gets tasks done without a human pressing return between each step.
You almost certainly have one. You probably called it a pilot.
That’s fine. Right up until the day your sales agent and your customers procurement agent agree terms and commit you to something neither of you noticed for three weeks.
This article is about what to do before that happens.
The framework everyone’s quoting
On 2 May 2026 Fortune published a piece by Yale’s Jeffrey Sonnenfeld arguing that AI agents have blown a hole through corporate governance, and CEOs need a framework. He’s right about the hole. He offers eight variables to think about, plus four industry archetypes (banking, healthcare, retail, supply chain).
The variables are better than they sound from a distance. They cover the right questions: can you explain how the agent reached its decision? Who’s accountable when it gets one wrong? What happens when a small error cascades into a big one?
What the framework doesnt do is tell you how to actually operate once you’ve answered the questions. Thats the gap most companies are about to fall into.
So lets stop talking about frameworks and start with what’s already going wrong.
Four things actually breaking right now
I’ve spent the last year working with organisations deploying AI agents. The patterns below are drawn from a mix of my own engagements, client conversations, and documented incidents. Names blurred, but the shapes are real.
Two agents, two rule books.
Picture this. Your marketing team buys an AI agent from Vendor A, configured for “creative latitude.” Your legal team buys one from Vendor B, configured for “extreme caution.” Both agents work fine on their own. Then they share a workflow: marketing drafts a customer email, legal reviews it, both agents log a clean pass.
Three months later, the email turns out to have triggered a regulatory complaint. Your marketing agent didnt know what your legal agent considered a red flag. Your legal agent assumed marketing’s draft had been pre-checked. Two passing audits, no single owner, one mess.
This pattern is the most common multi-agent failure I see. It isnt caused by a bad agent. Its caused by no one designing the seam between them.
The cascade nobody saw.
UPS now uses AI agents to clear 90% of its 112,000 daily customs packages without human review. Brilliant, until the day an agent learns a misclassification pattern that flies through 30,000 packages before anyone notices. Customs penalties land six weeks later. The auditor wants to know who approved each one.
Nobody did. The agent did, 30,000 times.
The Yale piece flags this risk for supply chain. The same shape applies anywhere you have agents acting at scale: pricing tools, fraud screening, content moderation, claims processing. If you cant see a cascade in advance, youre governing the symptom not the cause.
Shadow agents.
Ask your IT director how many AI agents your company uses. They will give you a number. Now ask every employee what AI tools they use to do their job. The number you get back will be five to ten times higher.
Welcome to the shadow estate. People are spinning up agents using personal API keys, ChatGPT custom GPTs, and Zapier-style automations. Each holds credentials, accesses data, and produces outputs someone is now relying on. The Cloud Security Alliance flagged this in March, predicting shadow agents will be the source of most early incidents.
You cannot govern what you don’t know exists.
Audit theatre.
The Compliance Committee meets monthly. The agents iterate hourly. The risk register gets updated quarterly while agent behaviour drifts daily.
A 2026 industry survey found that fewer than 15% of organisations have AI agents going live with full security and IT sign-off. The rest are doing audit theatre, and quite a lot of them know it. They’ve signed off because nobody knows what signing off would actually involve at this speed.
If your governance is a checklist applied at deployment, every one of these failures slips through.
What governance actually has to be
Here’s the bit nobody wants to hear: governance for AI agents cant be a thing you add on top of how the company operates. It has to be how the company operates.
That sentence sounds like consultant fluff. Its not. It means something specific, and the difference shows up in four concrete places.
In late 2025 I designed an AI implementation programme for a multinational sportswear company. They wanted their product teams using AI agents to handle research, brief writing, and decision documentation. The tooling was unremarkable: Microsoft Copilot Studio, an MS Teams interface, a knowledge agent grounded in their internal SharePoint. Off the shelf.
What made it work was not the tooling. It was that governance was woven into how the team did their job, not stapled on afterwards. Specifically:
One. The risk tier for any decision was decided at the workflow design stage, not at the point of approval. A pricing recommendation went through a different review path than a logo asset request. The agents knew this because the workflow templates encoded it.
Two. Every agent had a named human owner. Not “the AI committee.” A specific person, by name, with the authority to change the agent’s behaviour and the responsibility for what it produced. If that person left, ownership reassigned within a working day, or the agent paused.
Three. Audit trails were designed to be read, not just stored. The compliance team got dashboards that surfaced anomalies in plain English. Nobody drowned in JSON logs.
Four. Incident response was a rehearsed operational role, not a memo. We ran the equivalent of fire drills. Twice. They were uncomfortable. They were also the reason the team kept their nerve when something genuinely odd happened in month four.
Pull any one of those four out and the governance falls apart within weeks. The agents keep working. The oversight does not.
This is the central argument of The Generative Organization, the book I co-authored with Bryan Cassady in 2025: you can’t govern what you havent designed, and you cant scale what isnt anchored. Treat AI capability and organisational design as one problem, and the answers are tractable. Treat them as two adjacent problems, and you’ll spend the next two years writing policies nobody reads.
What to actually do on Monday
You probably cant restructure your operating model this week. You can do these three things, and they will tell you more about your real AI risk than any framework.
1. Audit your shadow estate. Email every team in the company. Ask what AI tools they use to do their job. Tell them honestly there is no penalty for naming them. Combine the list with what IT thinks you have. The gap between those two numbers is your problem.
2. Find a named owner for every agent on the list. Not “Marketing.” Not “the AI Working Group.” A person. If you cant find one in 48 hours, that agent doesn’t run in production until you can.
3. Write down the worst thing each agent could plausibly do. Then ask: what would have to be true for us to know it had happened within an hour? Within a day? If the answer is “we wouldnt,” you have your priority list.
These three actions will take a working week. They are unglamorous. They are also the difference between knowing where you stand and assuming.
After that
For organisations that get serious, the work has shape. I run a three-week discovery sprint that maps your current operating model against agent-aware governance design, finds the gaps, and produces a 90-day intervention plan. Most clients move from there into framework design and phased rollout. Some find the discovery itself is enough to redirect what they were already doing.
Sonnenfeld closes his Fortune piece with a line worth keeping: governance done well is what makes AI adoption durable. The version most companies are doing right now does the opposite. It looks like governance, which means everyone stops worrying, which means the agents keep getting deployed, which means the eventual incident is bigger.
If your AI pilots are working, but you can’t quite explain why, or you can’t predict when they wont, thats the gap. Bridgeable. Not with a framework alone.
If your organisation is past the AI experiment phase and the production gap is starting to look architectural rather than technical, book a 30-minute conversation and we’ll figure out what your situation actually needs.
Tim Robinson is the founder of Agilist Limited, a fractional AI implementation practice based in Wiltshire, UK. He is co-author of The Generative Organization (Cassady & Robinson, 2025) and works with portfolio investors, accelerator MDs, and founder-CEOs on getting AI agents from pilot to durable production.