← Back to the Overview
Deep Dive · Agent Governance

The Evidence Map for Production Agent Governance

The action layer behind the core verdict: how to turn the briefing into a production-readiness conversation without overstating the evidence.

Source  Storm Research v2 Verification  16/16 citation clusters checked Prepared for  Leader discussion
How to use this

Use this as a readiness map for any agent that could touch customer commitments, regulated records, operational systems, safety-adjacent workflows, spending, approvals, or audit-sensitive evidence. The question is not whether the agent is impressive. The question is whether the organization can explain and control its authority.

First moves before hiring anyone

01
Inventory the agents and near-agents.

List the systems that already draft, recommend, route, trigger, or change work. Include shadow tools and shared credentials, because the risk often hides outside the official pilot list.

02
Name the agent operating owner.

For each consequential agent, name the person accountable for job definition, data diet, permissions, review loop, incident response, and retirement.

03
Classify permission by action, not label.

Mark whether the agent observes, advises, acts with approval, or acts within narrow autonomy. Re-approve when it moves from reading to writing, sending, spending, approving, or touching regulated systems.

04
Define the run receipt.

Capture user, delegator, agent identity and version, task, retrieved sources, tool calls, data touched, policy checks, approval step, output or action, exception, and rollback status.

05
Separate ownership from challenge.

The business owner operates. Risk, security, model governance, or audit can validate, challenge, narrow authority, and suspend the agent. This prevents accountability from turning into one person to blame.

Owner, briefing, proof

Owner

The Agent Owner's Card: job, data diet, permissions, review loop, incident response, and retirement owner.

Briefing

A permission-tier decision brief: what the agent can do now, what it cannot do, and which move requires a new approval.

Proof

A run receipt that preserves delegation context, tool use, policy checks, approval, action, and recovery evidence.

Where to start

Start with owner, briefing, and proof for one agent or pilot. If the gap is material, widen to a readiness look at the agent control model, and build the operating machinery only when the sponsor wants it run.

Claim ledger

16/16
Checked
citation clusters traced to primary or strongest reachable sources
0
Fabricated
no invented source clusters found
3
Corrected
wording narrowed after source review
7
Demoted
useful signals kept out of the headline
ConfirmedEU AI Act: high-risk systems require logs, oversight, documentation, accountability, incident procedures, and deployer obligations.eur-lex
CorrectedNIST AI 600-1: useful role, inventory, testing, monitoring, incident, and deactivation guidance, but voluntary rather than binding.nist.gov
ConfirmedFINRA 2026 GenAI guidance: existing supervision, recordkeeping, monitoring, model-version, prompt/output, human-review, and agent guardrail expectations apply.finra.org
ConfirmedSR 11-7: older model-risk pattern supports inventory, validation, governance, audit, documentation, and effective challenge.federalreserve.gov
ConfirmedISO/IEC 42001: AI management-system framing supports traceability, transparency, risk management, and continuous governance.iso.org
ConfirmedDelegated execution research: standard traces may not identify delegation scope; delegation context needs to bind at execution time.arxiv.org
ConfirmedAuditable Agents research: accountability needs recoverable actions, lifecycle coverage, policy checks, responsibility attribution, and evidence integrity.arxiv.org
ConfirmedOverlaying Governance research: current IAM/OAuth patterns are too static for recursive delegation and dynamic scopes.arxiv.org
DemotedGoverned AI-Assisted Engineering: oversight tiers and velocity-preservation claims are analytic modeling, not measured enterprise acceleration.arxiv.org
CorrectedGartner agentic AI forecast: cancellation and 2028 forecast points verified; exact vendor-count details treated as secondary-reported.gartner.com
DemotedIBM CIO/CTO figures: governance-gap, incident, and deployment-multiple figures are vendor-survey signals through accessible reporting.itpro.com
DemotedCSA/Aembit identity survey: useful directional signal on AI-vs-human activity, but vendor-sponsored and reached through secondary reporting.itpro.com
ConfirmedSEC AI-washing settlements: Delphia and Global Predictions settled charges tied to misleading AI claims.sec.gov
ConfirmedAir Canada chatbot case: reporting shows the company was responsible for misleading chatbot refund information.guardian
DemotedReplit incident: strong reported failure case, but not an official postmortem or regulatory finding.businessinsider
CorrectedEchoLeak / CVE-2025-32711: Microsoft 365 Copilot vulnerability confirmed; no verified in-the-wild victim harm found.arxiv.org
What would change our mind
Deep Dive staged from verified Storm Research v2 · nothing here asserts above the registry calibration