Effective AI Governance Controls for AI Agents
My day job involves securing AI systems at scale and I have spent the last few months pulling apart every AI governance framework on the shelf to see which controls actually survive contact with autonomous agents. ISO 42001 and the NIST AI RMF are useful but neither was written for a system that chains tool calls, spawns subagents, and writes to shared memory. They treat identity as a noun, authority as something granted once, and audit as a log of human actions. None of those assumptions hold for agents.
In my opinion, there are three shifts that matter most:
- Delegation chain as the audit primitive. The question an auditor will ask is not "did the agent have the credential" but "who authorized this agent to act in this context and was the action within the scope." Every agent action has to be walkable back to a named human authorizer with a signed scope. Most programs cannot do this today.
- Scope enforced at the gateway, not inside the agent. The agent never holds a credential that outlives the call. The gateway enforces scope, mints call-scoped tokens, and refuses calls outside scope. Agents cannot be trusted to stay inside the lines especially under adversarial prompts.
- Memory as a provenance problem, not a storage problem. Memory poisoning is the attack that waits. The defense is to tag every piece of content in an agent context with the identity and authorization of whoever wrote it, and to treat memory reads as untrusted input.
I am interested in knowing your opinion on which of these controls are the hardest to implement and evidence for. Also, what are some other AI Governance controls that are truly effective for AI agents instead of just acting as compliance theatre?