- Two in five companies could be forced to reduce their AI agents by 2027
- Companies urged to reconsider basic governance policies
- A comprehensive four-stage framework is introduced
Gartner has warned that up to two in five companies will have to decommission their AI agents by 2027 due to gaps in their governance frameworks that could be discovered only after incidents occur.
This is because organizations are treating AI agents as either completely locked down or fully trusted; It’s these uniform controls that could end up causing the biggest headaches for businesses in the years to come.
The report reveals that this could actually present two risks: In addition to the obvious miscalculated trust that allows agents to access systems they should not have access to, overly strict policies could drive human workers to other unapproved tools, adding to the potential risks of data exposure.
Governance is a crucial consideration for agent AI
Moving forward, Gartner advises companies to adopt a four-stage framework for more granular access controls, starting with ‘Level 1: Observe.’ This would grant AI agents read-only access to defined data sources, with results only available to the requesting user.
‘Level 2: Advice’ would add to this by generating recommendations or proposed actions that need to be manually reviewed by humans; Under this policy, agents would still not have write access to the systems.
For full read and write access, ‘Level 3: Act with Approval’ would allow agents to perform actions, write data, and send communications, but only after explicit human approval each time.
The final policy, ‘Stage 4: Act Autonomously’, is where AI agents can really shine by executing actions on their own. Humans would still be involved in exceptions, audit logs, and aggregated result levels.
“Because accountability for outcomes remains the responsibility of the organization, this level requires the most rigorous governance, including continuous monitoring, enforced guardrails, rapid reversal mechanisms, circuit breakers that stop agent operation in case of threshold violations, and clear ownership of agent behavior,” explained senior director and analyst Shiva Varma.
Gartner’s report essentially serves to remind companies that rushing toward autonomy without careful consideration of what agents can read and write could harm security in the future. With a calculated approach to governance, companies can avoid reactive rollbacks entirely.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
