- Two out of five companies may have to scale back AI agents by 2027
- Companies are encouraged to rethink basic governance policies
- Thorough, four-step framework introduced
Gartner has warned that as many as two in five companies will need to decommission their AI agents by 2027 due to gaps in their governance frameworks that may only be discovered after incidents.
This is because organizations are either treating AI agents as fully locked down or fully trusted – it is these uniform controls that could end up causing the biggest headache for businesses in the next few years.
The report reveals that this can actually pose two risks – as well as the obvious miscalculated trust that gives agents access to systems they shouldn’t have access to, overly strict policies can lead human workers to other, unapproved tools, increasing potential data exposure risks.
Governance is a crucial consideration for agent AI
Moving forward, Gartner advises companies to adopt a four-step framework for more granular access controls, starting with ‘Level 1: Observer’. This would give AI agents read-only access to defined data sources, with output only available to the requesting user.
‘Level 2: Advisory’ would add to this by generating recommendations or suggested actions to be manually reviewed by humans – under this policy agents would still not have write access to systems.
For full read and write access, ‘Level 3: Act with Approval’ would let agents perform actions, write data and send communications, but only after explicit human approval each time.
The final policy, ‘Stage 4: Act Autonomously’, is where AI agents can really come into their own by performing actions themselves. Humans will still be involved with exceptions, audit logs, and aggregate failure levels.
“Because accountability for results remains with the organization, this level requires the most stringent governance, including continuous monitoring, enforced guardrails, rapid rollback mechanisms, circuit breakers that halt agent operations upon threshold violations, and clear ownership of agent behavior,” explained senior director analyst Shiva Varma.
Gartner’s report essentially serves to remind companies that rushing into autonomy without careful consideration of what agents can read and write can hurt security later. With a calculated approach to management, companies can avoid reactive rollbacks altogether.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
