Getting Agentic AI under Control

Al agents are powerful, but without strong governance, they can become a liability.
The challenge isn’t just preventing rogue behaviour: it’s ensuring visibility, accountability, and compliance at scale. As organisations deploy more Al agents, shadow Al becomes a real risk. If agents are pulling from ungoverned, disparate systems, tracking performance, debugging errors, and ensuring regulatory compliance become nearly impossible.

A multi-step workflow alone is not sufficient to qualify as agentic AI. It must have autonomy in deciding how to execute or adapt that workflow based on context, data, or changing goals. Agentic AI, however, differs significantly from traditional workflow automation.

Whereas traditional workflow automation…

  • Executes a predefined sequence of steps
  • Logic is typically static and rule-based
  • No autonomy — it reacts to triggers but doesn’t make strategic choices.

Agentic AI is different and…

  • Understands the goal, not just the script
  • Chooses or adapts actions based on real-time data or exceptions
  • Can reason through alternate paths, reprioritise steps, or escalate intelligently

For example, faced with conflicting invoice data, an AI agent might pull historical patterns, consult internal policies, and choose to request clarification or initiate an approval override.

Key components that qualify a system as agentic are:

  1. Autonomy – operates with a degree of independence from hard-coded logic.
  2. Decision-making – selects actions based on intent, goals, or dynamic input.
  3. Planning – sequences tasks toward an outcome, possibly adjusting on the fly.
  4. Contextual awareness – uses available data or tools to optimize how it acts.

In enterprise terms, a workflow engine is like a script runner whereas Agentic AI is like a junior analyst who understands the business objective and can navigate ambiguity to get results.

Agentic AI offers immense promise, but also requires a fundamentally different approach to control. It’s not enough to secure the outputs; we must shape, monitor, and govern the underlying decision-making processes themselves. By embedding control mechanisms across the full lifecycle, from training and capability design to runtime policies and external governance, we can responsibly harness the power of autonomous AI.

Controlled Agentic AI

To deploy agentic AI responsibly, especially in enterprise, high-stakes, or regulated environments, organizations must embed control mechanisms across all layers of system design, development, and operation. Below is a structured overview of the key techniques available today.

1. Goal alignment and intent control

Controlling an agent begins with aligning its goals with human intent. Several techniques help shape the agent’s purpose and behavior:

  • Limit what the AI is allowed to optimize for by bounding its goal space—especially in reinforcement learning or planning contexts.
  • Require human approval before executing high-impact actions, enabling oversight at critical moments.
  • Pre-train or fine-tune models on a normative “constitution” that encodes ethical and behavioural boundaries (as seen in Anthropic’s work).
  • Introduce separate agents that monitor or challenge the decisions of others, creating internal checks and balances.

2. Capability and access control

Autonomous agents often have access to APIs, data, or physical systems. Limiting their capabilities is essential:

  • Only allow specific commands or tool usage, ideally with sandboxing or execution logging.
  • Apply security best practices from identity and access management (IAM), giving agents only the minimum access they need.
  • Force the agent to act through vetted tools or workflows where each interaction is controlled and observable.
  • Use runtime policy engines (e.g. OPA/REGO) to authorise, modify, or deny actions based on context, time, or user role.

3. Interpretability and monitoring

To build trust and enable intervention, agents must be observable and explainable:

  • Require the agent to explain its reasoning before or alongside actions.
  • Capture all inputs, outputs, tool calls, and state changes—critical for audit and forensics.
  • Trace internal states that lead to specific behaviours to enable debugging or corrective fine-tuning.
  • Run agents in isolated or simulated environments before deploying in production.

4. External governance and oversight

Beyond technical control, broader governance structures are necessary:

  • Provide immediate override or shutdown mechanisms for safety, i.e. kill switches and circuit breakers:
  • Document agent capabilities, limitations, and observed behaviours in production.
  • Apply formal governance and audit standards, such as ISO 42001 or NIST RMF, to assess and certify agentic systems (but be aware of our post).
  • Assign digital identities to individual agents (e.g., DIDs) and make them belong to the IAM and sign actions to ensure traceability and accountability.

5. Architectural and design-level patterns

How agents are architected has major implications for control:

  • Keep agents “in role” (e.g., as legal advisor or compliance bot) to prevent off-topic or manipulative behavior.
  • Isolate sensitive actions or data within verifiable execution contexts, Trusted Execution Environments (TEEs)
  • Use context-aware prompting (e.g., RAG pipelines) to anchor actions in policy documents, rules, or known facts.
  • Break agent behaviour into observable, enforceable steps, often with human intervention points, e.g. via n8n or LangChain (see also here).