- Two in five companies may have to cut AI agents by 2027
- Companies urged to reconsider their core governance policies
- Introduction of an in-depth four-step framework
Gartner has warned that up to two in five companies will have to decommission their AI agents by 2027 due to gaps in their governance frameworks that may only be discovered after incidents.
This is because organizations treat AI agents as either completely locked in or completely trustworthy. It’s these uniform controls that could end up causing the biggest problems for businesses over the coming years.
The report reveals that this could actually pose two risks: In addition to the obviously miscalculated trust that allows agents to access systems they should not have access to, overly strict policies could drive human workers to other, unapproved tools, increasing the potential risks of data exposure.
Governance is a crucial consideration for agentic AI
Moving forward, Gartner advises organizations to adopt a four-step framework for more granular access controls, starting with “Level 1: Observe.” This would grant AI agents read-only access to defined data sources, with outputs only available to the requesting user.
“Level 2: Advisor” would add to this by generating recommendations or proposed actions that must be manually reviewed by humans – under this policy, agents would still not have write access to systems.
For full read-write access, “Level 3: Act with Approval” would allow agents to perform actions, write data, and send communications, but only after explicit human approval each time.
The final policy, “Step 4: Act Autonomously,” is where AI agents can truly thrive by performing actions on their own. Humans would still be involved at the exception, audit log, and aggregate result levels.
“Since responsibility for results rests with the organization, this level requires the most rigorous governance, including continuous monitoring, enforced guardrails, rapid rollback mechanisms, circuit breakers that stop agent operation if thresholds are violated, and clear accountability for agent behavior,” explained Shiva Varma, principal analyst director.
Gartner’s report essentially serves to remind companies that rushing toward autonomy without carefully thinking about what agents can read and write could harm security down the road. With a calculated approach to governance, companies can avoid reactive rollbacks altogether.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
