4 in 10 AI agents headed for demotion or the rubbish bin

Forty percent of organizations are set to demote or decommission AI agents as they hit problems with governing the heavily hyped technology. Or so says Gartner, which reckons that creating a uniform governance system for all AI agents without considering their level of autonomy or scope can lead to a failure of the approach to business automation. AI agents make calls to LLMs to understand user requests or instructions in natural language and then interact with and update application data. The technology has been hyped by application giants including SAP, Oracle, Workday and Salesforce over the last year. SAP, for example, recently launched its Autonomous Enterprise concept for the future of its business applications. CEO Christian Klein promised it could anchor AI agents in the business processes, data and governance so they can deliver accurate, compliant and secure outcomes, unlocking new sources of revenue and meaningful cost savings." However, Gartner warns that a large chunk of organizations are unlikely to get the governance model right. The research company said AI agent implementations are more likely to go wrong when organizations fail to distinguish between an agent's ability to act and the scope of access it is granted. Organizations are treating AI agent governance as binary, either locked down or fully trusted, and that is the root cause of failure," said Shiva Varma, Senior Director Analyst at Gartner. Agents operate at different autonomy levels and across different trust boundaries. When the same controls are applied indiscriminately, organizations encounter two common failure modes: over-restriction of simple agents, which slows delivery and drives shadow development, or under-restriction of more autonomous agents, which increases operational, security and compliance risk." Varma said AI agents can act at a scale and speed that can outpace human oversight. Because accountability for outcomes remains with the organization, this level requires the most rigorous governance, including continuous monitoring, enforced guardrails, rapid rollback mechanisms, circuit breakers that halt agent operation on threshold violations and clear ownership for agent behavior." The Register has previously shown how vendors are unlikely to take legal responsibility for the action of AI agents. Balaji Abbabatulla, Gartner vice president and lead analyst for Oracle, said there was a lot of legal language to protect the vendors in terms of technology. Instead of being legally liable, they talk about monitoring, observability and audits. Georgina Kon, Linklaters partner in digital, data, and commercial law, said: "A lot of the current laws don't really lend themselves particularly easily, because it assumes always that a human or company is doing something and that's not true. But you can't also have a world where people are creating agents and not liable for them. What it comes down to is what the market can bear commercially." Gartner recommends that organizations planning to implement AI agents should apply a proportional governance approach classifying AI agents across distinct autonomy levels, with each level representing a different trust boundary and corresponding governance requirements. (R)