The next AI risk is already becoming operational
The first wave of enterprise AI disappointment was familiar. Organisations rushed toward AI, only to discover that the models were not the real blocker. The data was. Information was fragmented, ownership was unclear, metadata was weak, trust was inconsistent, and enterprise knowledge was scattered across systems, documents, teams and processes.
That is the starting point of the first article in this series: Why Enterprise AI Fails: The Data Problems Nobody Fixed First. AI did not create those problems. It exposed them.
The next risk is now emerging faster and with greater consequences.
The problem is no longer just that AI does not know enough about the enterprise. The problem is that AI is now being allowed to act inside the enterprise.
Agents, copilots, autonomous workflows, custom GPTs, AI-enabled SaaS tools and agentic platforms are moving from experimentation into daily work. They are being connected to internal systems, personal information, intellectual property, customer records, workflow tools and decision processes. They are being used by employees who may not fully understand what the tools can access, where data goes, how outputs are produced, or who is accountable when something goes wrong.
This is the governance problem behind the agentic enterprise: AI adoption is moving faster than enterprise control.
For boards and senior leaders, the question is no longer whether AI is being used. It is whether the organisation can prove that AI use is visible, controlled, accountable and aligned to risk appetite.
The issue is not whether organisations should slow AI down. It is whether they can govern AI at the speed it is now being adopted.
AI adoption is moving faster than enterprise control.
AI chaos is becoming operational
The early phase of enterprise AI was dominated by pilots. Many were visible enough to appear in steering committees, innovation forums or technology roadmaps. They had sponsors, slide decks and some degree of containment.
Agentic AI is different. It spreads through use. A team adopts a tool. An employee builds a workflow. A department connects an AI assistant to documents. A vendor embeds AI into an existing platform. A power user creates automation that quietly becomes part of how work gets done.
Traditional governance assumes that systems pass through structured channels: architecture review, security review, delivery lifecycle, production release, service ownership, support model and known user access. But AI adoption is not waiting for those channels. It is moving at the speed of individual convenience.
That creates a widening gap between what leadership believes is happening and what is actually happening. In many organisations, official AI strategy and real AI usage are already diverging.
Shadow AI is becoming shadow operations
Shadow IT was already difficult. Shadow AI is worse.
Shadow IT usually means unapproved tools, unofficial databases, SaaS subscriptions, spreadsheets or workarounds. The risks were serious but often bound. Shadow AI can ingest, transform, infer, summarise, generate, recommend, classify and act. When it becomes agentic, it can also trigger workflows, update systems, send communications or influence decisions at scale.
This is not just a tooling problem. It is an operating model problem.
If an organisation does not know what agents exist, where they run, who created them, what data they access, which systems they connect to, what decisions they support and what outputs they produce, then it cannot honestly claim to be governing AI.
It may have an AI policy. It may have a responsible AI statement. It may have a committee. It may have principles. But it does not have control.
Shadow AI becomes especially dangerous when it crosses from experimentation into operational dependency. A team may begin by using an AI tool informally to speed up analysis, summarise documents, generate client content, triage requests or support internal decisions. Over time, the output becomes embedded in how work gets done.
The process changes, but nobody updates the process documentation. The risk changes, but nobody updates the risk register. The accountability changes, but nobody updates the operating model.
That is the point at which shadow AI becomes shadow operations.
Agent sprawl multiplies old data problems
Enterprises already struggle with duplicated systems, inconsistent processes, competing data definitions and fragmented ownership. Agents can multiply those problems.
Without clear inventory and lifecycle management, different teams can create agents that perform similar tasks in different ways. They may use different prompts, data sources, access permissions, model configurations, evaluation standards and escalation rules. One agent may produce one version of a customer answer. Another may produce a different version. A third may trigger a workflow based on a different interpretation altogether.
This connects directly to the data problem underneath enterprise AI. If the underlying information environment is fragmented, agents inherit that fragmentation. If ownership is unclear, agents amplify that ambiguity. If metadata is weak, agents struggle to understand context. If governance is inconsistent, agents operate unevenly across the enterprise.
Agent sprawl is not separate from data disorder. It is data disorder with autonomy attached.
Agent sprawl is data disorder with autonomy attached.
That creates questions many organisations are not ready to answer. Who owns an agent? Is it the person who built it, the team that uses it, the function that funds it, the technology team that enables it, or the business process owner whose workflow it affects? Who retires it? Who validates it? Who monitors it? Who approves changes?
Without answers, enterprises will accumulate agents the same way they accumulate spreadsheets, dashboards, workflows, and SaaS tools: quickly, unevenly, and with limited visibility.
Only this time, the unmanaged assets can reason, generate, recommend, and act.
AI literacy is not keeping pace with AI access
The problem is not that employees are reckless. The problem is that the tools are becoming easier to use than they are to understand.
A person can use an AI tool effectively enough to get a useful answer without understanding the underlying risks. They may not know what data the tool stores, whether prompts are retained, whether outputs are grounded in approved sources, whether sensitive information is leaving the enterprise, whether the model is hallucinating, or whether the answer is appropriate for a regulated workflow.
That is a significant governance gap.
Most enterprise control environments rely on people understanding enough about policy to behave appropriately. But AI changes the cognitive load. Users are not just deciding whether to share a document or follow a process. They are deciding whether to delegate work to a system that may access data, transform content, produce recommendations, and influence outcomes in ways the user may not fully see.
The phrase “human in the loop” is often used as reassurance. But it can become a false comfort if the human does not understand the loop.
If the user cannot explain what the agent did, what data it used, what assumptions it made, or what should happen when the output is wrong, then human oversight may be superficial. Humans become rubber stamps for automation rather than meaningful control.
This is one of the defining risks of the agentic enterprise: bad decisions do not just become easier to make. They become easier to scale.
Bad decisions do not just become easier to make. They become easier to scale.
Accountability remains unresolved
When an AI agent makes or influences a decision, where does accountability sit?
With the business owner? The technology team? The data owner? The model provider? The vendor? The employee who accepted the output? The executive who approved the AI programme? The risk function that set policy? The legal team that interpreted regulation? The security team that approved access? The HR team if the workflow affects employees?
Most organisations do not yet have clean answers.
This is not a philosophical issue. It is operational. If an AI-enabled process fails, the organisation needs to know who responds. If an agent produces biased outcomes, someone must be responsible for investigating and correcting them. If a workflow breaches privacy rules, someone must be accountable for containment and remediation. If a model’s performance deteriorates, someone must notice. If an agent causes downstream process disruption, someone must own the impact.
Enterprise AI governance often begins with principles: fairness, transparency, safety, accountability, privacy, explainability. But agentic AI turns those principles into operating questions. Who signs off? Who monitors? Who intervenes? Who pays? Who reports? Who can stop the process? Who is liable?
A governance model that cannot answer those questions is not yet governance. It is aspiration.
The security attack surface is expanding
Agentic AI creates new security concerns because it changes how systems interact.
Agents may connect to enterprise applications, retrieve data, call APIs, execute tasks, interact with documents, communicate with users, and rely on prompt-based instructions. Each connection point creates potential exposure. Each permission creates potential misuse. Each integration expands the attack surface.
Enterprises have spent years improving identity and access management for humans. But agents complicate identity. Is an agent acting as itself, as a user, as a service account, or as a delegated process? What permissions should it have? Should it inherit a user’s access rights? Should it have narrower permissions than the user? How is access reviewed? How is it revoked? How is activity logged?
If those questions are not resolved, agents may become a new class of privileged actors with insufficient oversight.
The risk is not limited to malicious attacks. Misconfiguration can be enough. An agent with excessive access can retrieve the wrong data. A poorly constrained workflow can expose sensitive information. A prompt injection attack can manipulate behaviour. A connected tool can create unintended downstream actions. A model can summarise confidential material into an inappropriate channel.
The result is not a single security gap. It is a rapidly expanding control surface.
Cost, production and change are being underestimated
AI is often sold as a path to efficiency. But efficiency is not automatic.
Agentic AI can introduce direct costs from model usage, platform licensing, infrastructure, integration, monitoring, evaluation, security tooling, and support. It can also introduce indirect costs through failed experiments, duplicated agents, rework, process disruption, compliance review, employee training, and governance overhead.
Many AI business cases are built on assumed productivity benefits. Those assumptions can be fragile, especially when usage scales unpredictably. A small pilot may look inexpensive. A widely adopted workflow that calls models repeatedly across thousands of tasks may look very different.
The production problem is just as significant. A demo agent can produce impressive outputs. A workflow can appear functional. A chatbot can answer questions. But production is not the same as performance in a controlled demo.
Production requires reliability, resilience, monitoring, access control, auditability, support, escalation, change management, and measurable value. It requires clarity over what happens when the model is wrong, unavailable, biased, manipulated, outdated, or too expensive.
There is also the human impact. AI agents do not just automate tasks. They change work. They alter how decisions are made, how information moves, how employees interact with systems, how teams coordinate, and how accountability is distributed.
The result can be operational confusion and employee alienation. Organisations talk about productivity, but not enough about the human system that productivity depends on.
The danger is mistaking experimentation for readiness.
Explainability becomes harder as agents coordinate
Explainability is difficult enough when a single model produces an answer. It becomes harder when multiple agents, tools, systems, prompts, data sources, and workflow steps interact.
A business outcome may involve one agent retrieving data, another summarising it, another classifying it, another invoking a system, another drafting a response, and a human approving the final action. If something goes wrong, the organisation needs to reconstruct what happened.
Which agent acted? What did it access? What instructions did it follow? Which model was used? What context was available? What output was produced? What downstream process was triggered?
Without traceability, agentic systems become black boxes distributed across workflows.
That is particularly problematic in regulated environments, but it matters everywhere. Customers, employees, auditors, executives, and regulators will not be satisfied with “the AI did it” as an explanation.
The questions leaders should be asking now
Before scaling agentic AI further, leaders need to ask some uncomfortable questions.
- What AI tools, agents and workflows are already being used across the enterprise?
- Which ones are approved, owned and monitored?
- What data can they access?
- Which systems do they connect to?
- Which decisions or workflows do they influence?
- Where are humans approving outputs they cannot explain?
- Where are agents operating without clear accountability?
They should also ask whether governance can see real usage, not just approved use cases.
- Is access logged and reviewed?
- Are agent outputs traceable?
- Can risk, compliance and security teams intervene quickly enough?
- Can the organisation stop, change or retire an agent when needed?
- Does anyone know which AI-enabled workflows have quietly become operational dependencies?
These questions are not designed to slow AI down. They are designed to stop AI becoming operational before the enterprise has the controls, ownership and evidence needed to govern it.
Governance theatre will not be enough
Many organisations will respond to AI risk by creating policy documents, review boards, acceptable use statements, and responsible AI principles. These may be necessary, but they are not sufficient.
AI governance must control real usage, workflows, and agents, not just policy documents.
That is the difference between governance as theatre and governance as control.
Governance theatre produces artefacts that signal seriousness. Real governance changes what happens in the enterprise. It affects what can be deployed, what can access data, what must be reviewed, what is monitored, what is logged, what is stopped, what is escalated, and who is accountable.
The agentic enterprise will expose the weakness of governance models that exist mainly on paper.
If governance cannot see shadow AI → it cannot control it.
If it cannot inventory agents → it cannot manage them.
If it cannot trace data lineage → it cannot explain outcomes.
If it cannot assign accountability → it cannot enforce responsibility.
If it cannot monitor value → it cannot distinguish useful automation from expensive noise.
If it cannot manage change → it cannot protect employees or processes from disruption.
Bad data foundations make AI unreliable. Lack of enterprise memory makes agents context poor. Weak governance allows both problems to spread through real operations.
Enterprise AI chaos is not coming from the future. It is already present in the gap between AI adoption and enterprise control.
The organisations that manage this well will not be the ones with the most policies, committees or principles. They will be the ones that can see how AI is actually being used, understand where risk is accumulating, and turn governance into operational control before agentic AI becomes embedded in the way work gets done.
What has to change
The next stage of AI governance requires a shift from policy-led governance to operational control.
Organisations need visibility of where AI is being used, ownership of the agents and workflows being created, clear accountability for AI-enabled decisions, access controls that reflect how agents actually operate, and monitoring that can show whether AI is behaving as intended.
That does not mean creating a larger committee or slowing every team down. It means making governance practical enough to work at the speed of adoption. Leaders need to know what exists, what it touches, who owns it, what risks it creates, what controls apply, and what happens when something goes wrong.
Put simply, AI governance has to move from statements of intent to control over real usage.
Governance theatre produces artefacts. Real governance changes what happens in the enterprise.
The next step: an AI Governance Readiness Reality Check
Enterprise AI does not become controllable just because policies exist. It becomes controllable when the organisation can see how AI is actually being used, understand what it touches, assign clear accountability, and apply governance in the flow of real work.
That is where many organisations need help now. Not a heavy governance redesign, and not another policy exercise, but a focused, practical look at where AI adoption is outpacing enterprise control.
An AI Governance Readiness Reality Check gives leaders a clear view of the shadow AI, agent sprawl, access, accountability, oversight and operational risk gaps most likely to undermine responsible AI adoption.
It should answer the questions that matter most.
- Which AI tools, agents and workflows are already being used across the enterprise?
- Which ones are approved, owned and monitored?
- What data and systems can they access?
- Where are humans approving outputs they cannot explain?
- Where is accountability unclear across business, technology, data, risk, security and operations?
- Which controls are missing, manual or too slow? Which issues need fixing first?
That is the conversation many enterprises need now, because the organisations that win with AI will not simply be the ones that move fastest, launch the most agents or publish the strongest responsible AI principles. They will be the ones that can make AI visible, controlled, accountable and usable in the flow of real business.
AI is exposing more than data problems. It is exposing the gap between enterprise ambition and enterprise control.
The question is whether you find that gap deliberately now, or let agentic AI expose it later in front of your users, regulators, customers and board.
FAQs
What is AI governance?
AI governance is the way an organisation controls how AI is used, deployed, monitored and held accountable in real business activity.
Effective AI governance defines which AI tools and agents are allowed, what data they can access, who owns them, what controls apply, how outputs are monitored, how risks are escalated, and who is accountable when something goes wrong.
Why is AI governance becoming more urgent now?
AI governance is becoming more urgent because AI is moving from controlled pilots into daily operations. Agents, copilots, autonomous workflows, custom GPTs, AI-enabled SaaS tools and agentic platforms are being connected to internal systems, customer records, personal information, intellectual property, workflow tools and decision processes.
The issue is no longer just whether AI has enough context. It is whether the enterprise can control what AI is now being allowed to do.
What is shadow AI?
Shadow AI is the use of AI tools, agents or workflows outside approved enterprise governance, security or operating model controls.
It can include employees using public AI tools, teams creating unofficial automations, departments connecting AI assistants to documents, or vendors embedding AI into platforms without full organisational visibility.
Shadow AI is more complex than shadow IT because AI can ingest, transform, infer, summarise, generate, recommend, classify and act.
What does “shadow AI is becoming shadow operations” mean?
It means AI use is no longer staying at the edge of experimentation.
A team may start by using an AI tool informally to speed up analysis, summarise documents, generate content or triage requests.
Over time, the output becomes embedded in how work gets done. The process changes, but process documentation is not updated. The risk changes, but the risk register is not updated. Accountability changes, but the operating model is not updated. That is when shadow AI becomes shadow operations.
What is agent sprawl?
Agent sprawl is the uncontrolled growth of AI agents, copilots, assistants and autonomous workflows across the enterprise.
Different teams may create agents that perform similar tasks in different ways, using different prompts, data sources, access permissions, model configurations, evaluation standards and escalation rules.
Agent sprawl is risky because it multiplies old enterprise problems: fragmented data, unclear ownership, weak metadata and inconsistent governance.
As the article puts it, agent sprawl is data disorder with autonomy attached.
Why is “human in the loop” not enough?
“Human in the loop” is only effective when the human understands the loop.
If a user cannot explain what the agent did, what data it used, what assumptions it made, or what should happen when the output is wrong, then human oversight may be superficial.
This is why AI literacy matters: the tools are becoming easier to use than they are to understand.
Who is accountable when an AI agent makes or influences a decision?
That is one of the hardest governance questions.
Accountability may involve the business owner, technology team, data owner, model provider, vendor, employee using the output, risk function, security team, legal team or executive sponsor.
Effective AI governance needs to define this clearly before AI is embedded into operational workflows. A governance model that cannot answer who signs off, who monitors, who intervenes, who reports and who can stop the process is not yet governance. It is aspiration.
Why do AI agents create new security and access risks?
AI agents create new security and access risks because they change how systems interact.
Agents may retrieve data, call APIs, execute tasks, communicate with users and connect to enterprise applications. Each connection point creates potential exposure. Each permission creates potential misuse.
Organisations also need to decide whether an agent acts as itself, as a user, as a service account or as a delegated process, and how that access is reviewed, logged and revoked.
You may be interested in the following articles about the risks that AI agents pose to the business: We’re Letting AI Act Like Attackers and Why Your Next Insider Threat Might Not Be Human
Why is explainability harder with agentic AI?
Explainability becomes harder when multiple agents, tools, systems, prompts, data sources and workflow steps interact.
A business outcome may involve one agent retrieving data, another summarising it, another classifying it, another invoking a system, and a human approving the final action. If something goes wrong, the organisation needs to reconstruct what happened.
Customers, employees, auditors, executives and regulators will not be satisfied with “the AI did it” as an explanation.
Why is moving from AI experimentation to production risky?
A demo agent can produce impressive outputs, but production is different. Production requires reliability, resilience, monitoring, access control, auditability, support, escalation, change management and measurable value.
It also requires clarity over what happens when the model is wrong, unavailable, biased, manipulated, outdated or too expensive.
AI agents do not just automate tasks; they change how work, decisions, accountability and teams operate.
What is governance theatre?
Governance theatre is the appearance of governance without real operational control.
It includes policies, committees, principles, statements and review boards that signal seriousness but do not materially control what happens in the enterprise.
hat signal seriousness but do not materially control what happens in the enterprise. Real AI governance affects what can be deployed, what can access data, what must be reviewed, what is monitored, what is logged, what is stopped, what is escalated and who is accountable
What is an AI Governance Readiness Reality Check?
An AI Governance Readiness Reality Check is a focused review for organisations seeing fast AI adoption, shadow AI, early agent experimentation or concern from risk, compliance, security or leadership teams.
It gives leaders a clear view of where AI adoption is outpacing enterprise control, including gaps around shadow AI, agent sprawl, accountability, access, oversight, auditability and operational risk.
The output should help leaders understand what to fix first so AI governance controls real usage, not just policy documents.
Jump to a section:
- The next AI risk is already becoming operational
- AI chaos is becoming operational
- Shadow AI is becoming shadow operations
- Agent sprawl multiplies old data problems
- AI literacy is not keeping pace with AI access
- Accountability remains unresolved
- The security attack surface is expanding
- Cost, production and change are being underestimated
- Explainability becomes harder as agents coordinate
- The questions leaders should be asking now
- Governance theatre will not be enough
- What has to change
- The next step: an AI Governance Readiness Reality Check
This article is part of Ortecha's enterprise AI operationalisation series:
- Why Enterprise AI Fails: The Data Problems Nobody Fixed
- Controlling AI Chaos: Governance for the Agentic Enterprise [You're here!]
- Coming Soon: Why AI Agents Fail Without Enterprise Memory
