Agentic AI, capable of autonomously executing decisions like approving transactions, sending communications, and managing multi-step workflows, is rapidly integrating into enterprise operations. However, existing governance frameworks are struggling to keep pace, creating a significant accountability problem where regulators are left looking upstream to human oversight when these autonomous systems err. This article examines the growing chasm between the deployment of agentic AI and the governance structures designed to manage it, exploring the legal, ethical, and operational challenges that organizations must confront. Matt Galvin of Steptoe provides an expert analysis of this complex issue, highlighting the need for proactive adaptation of compliance strategies.
Agentic AI represents a fundamental evolution from earlier AI technologies. Unlike systems that merely assist human decision-making, agentic AI is designed to act independently to achieve its programmed objectives. This shift is driven by intense corporate pressure to enhance efficiency and modernize operations. Organizations are deploying these "digital workers" at an unprecedented scale, promising round-the-clock productivity, tireless execution, and the ability to compress complex workflows into minutes. However, this promise is shadowed by equally significant, and often unfamiliar, risks for compliance, legal, and risk management functions. These risks extend beyond privacy and autonomous worker regulations to encompass the increased use of "shadow AI" (unapproved, decentralized AI tools), profound accountability challenges, credibility issues, integrity risks, and the amplification of existing compliance and regulatory concerns, particularly in areas like intellectual property, export controls, and sanctions regimes.
The challenge is not theoretical; it is unfolding daily within enterprises, often invisibly and outside the reach of formal governance frameworks. The aspiration is to foster an "optimal co-intelligence environment" where AI systems and humans can operate effectively together, even without constant real-time human oversight.
The Evolving Legal and Regulatory Landscape
The integration of digital workers into corporate operations is subject to a dual stream of legal risks. The first stream comprises new and emerging obligations specifically targeting AI. Jurisdictions are actively developing regulatory frameworks. For instance, California has begun regulating AI in employment contexts, with anticipated disclosure requirements for automated decision systems impacting workers set to take effect on January 1, 2027. Securities regulators globally are scrutinizing how public companies disclose their AI capabilities and associated risks. Privacy regulators are intensifying their focus on automated processing, profiling, and cross-border data flows, aligning with the increasing global interconnectedness facilitated by AI.
Furthermore, federal contractors and grantees are increasingly finding that their agreements incorporate the NIST AI Risk Management Framework or analogous standards. AI-specific contractual requirements for many federal contractors are also slated for implementation later this year, signaling a growing federal imperative for AI governance. Beyond federal mandates, some states and municipalities are enacting legislation to govern specific AI applications, such as pricing in residential housing markets. The U.S. Department of Justice’s "Evaluation of Corporate Compliance Programs (ECCP)" now explicitly considers how companies govern AI within their compliance environments, indicating a significant shift in enforcement priorities.
The second stream of legal risk stems from long-standing legal regimes whose application to digital workers presents complex and often unresolved questions. Antitrust law, for example, must grapple with autonomous agents that engage in pricing, negotiation, or market coordination. Export controls and economic sanctions pose significant exposure risks when AI models are trained on or output controlled technical data, with the risk multiplying as agents move this data across jurisdictions through chained API calls. Employment law faces challenges when agents effectively make judgments related to hiring, performance, or termination, raising questions about wrongful dismissal and potential legal liabilities when individuals terminated based on agentic decisions are subsequently rehired. Data protection regimes like the GDPR, while not originally drafted with multi-step autonomous agents in mind, plainly apply to their operations.
Crucially, these two streams of risk—new AI-specific regulations and the application of existing laws to AI—must be governed holistically. Treating new AI laws as a separate compliance silo, while leaving existing risk owners to independently identify agentic exposure, is a predictable path to failure.
When Shadow AI Meets Agentic Capability: The Invisible Frontier
Much of the current discourse on AI governance centers on policies, frameworks, and regulatory compliance for formally deployed AI systems. While these are essential, a more immediate and often under-managed risk lies in the proliferation of "shadow AI"—the unapproved, decentralized use of AI tools by employees in their daily work. This phenomenon is not new, but its convergence with agentic capability marks a significant escalation. Organizations now face a largely invisible layer of autonomous or semi-autonomous decision-making operating outside established governance structures. In this environment, AI tools are perceiving, planning, and acting—executing end-to-end tasks, exercising judgment, and collaborating across systems in ways that can directly determine business outcomes. When agents are not properly coded or have ambiguous objectives, they can engage in misconduct and illegal behavior.
The compliance risk is most acute at the intersection of shadow AI and agentic capability. Unlike generative AI, which often operates in isolation on narrowly defined prompts, agentic AI is designed to interact across multiple systems. This requires deeper integrations, such as API access to enterprise tools like customer relationship management (CRM), enterprise resource planning (ERP), and human resources (HR) platforms. When shadow AI meets agentic capability, autonomous agents gain access to an organization’s systems, often without the organization’s knowledge. This trifecta of invisibility, autonomy, and access dramatically elevates risk and necessitates an evolution of compliance frameworks. It can enable users to circumvent controls like human supervision, substantially increasing the risk of unregulated or even illegal AI agent behavior, and driving significant investigation and remediation costs.
This convergence creates a new class of risk characterized by four interlocking concerns: accountability, credibility, security, and consistency.
Accountability in the Age of Autonomous Agents
A central tenet of recent compliance guidance, including the DOJ’s ECCP, is the preservation of human accountability over AI. This does not always necessitate a human in the loop, but rather a "human on the loop"—an individual responsible for designing, launching, and supervising these systems in a managed, well-defined manner. However, in an environment where shadow AI is proliferating agents, humans can find themselves effectively out of the loop.
Autonomous decision-making further diffuses responsibility. Attributing a decision to a single individual is already challenging in complex systems involving developers, data inputs, system architecture, and downstream users. This complexity is amplified when a non-human agent is the proximate cause of an action. Organizations may struggle to determine accountability when an agent or a team of agents approves an inappropriate transaction, sends misleading communications, or produces discriminatory outcomes. This dynamic places significant pressure on maintaining the clear lines of responsibility and oversight that are foundational to compliance and legal functions.
A significant challenge arises in the potential for a mens rea problem, which is critical in criminal enforcement, compliance program administration, and employment proceedings. Many legal and liability frameworks hinge on an individual’s knowledge or intent. The question of how to assign liability when a "bot did it" remains largely unsettled. Until this legal uncertainty is resolved, prudent organizations must assume that regulators and plaintiffs will look upstream—to the humans who designed, deployed, supervised, or failed to supervise the agent—as potentially responsible for aberrant outcomes.
Credibility and the Opacity of Agentic Decisions
Even when theoretical responsibility can be assigned, agentic systems present practical credibility challenges. Their actions are often difficult to understand, explain, or defend. Operating across multiple tools and datasets, they make multi-step decisions that resist easy interpretation. This opacity is exacerbated when digital workers are permitted to create subroutines or other digital workers, leading to a proliferation of agents that can act like "helpful gremlins." This lack of transparency undermines auditability and creates significant exposure during regulatory inquiries and litigation, where companies must justify their actions and reasoning.
As AI tools become more agentic, their outputs are no longer isolated. They are chained across tasks, with each step building upon the last. Errors, assumptions, and biases can rapidly compound or propagate throughout a workflow. This can lead to a phenomenon akin to "decision laundering," where AI-generated conclusions are accepted and operationalized with minimal scrutiny, yet exert significant influence over compliance assessments, internal reporting, and regulatory judgments. By the time a decision reaches a human reviewer, its provenance may be irrecoverable unless the organization has implemented robust data governance and explainability protocols.
Security Vulnerabilities Amplified by Agentic AI
Agentic AI introduces serious security risks, whether through shadow AI or the creation of unmonitored loss prevention channels. A primary concern is the flow of sensitive information into external systems. Employees frequently rely on consumer or quasi-enterprise tools for daily tasks, often inputting confidential business data, personal information, or legally privileged material.
In an agentic context, these risks are rarely confined to a single prompt. Multi-step workflows can lead to the progressive externalization and persistence of sensitive information. This dynamic poses acute risks under data protection regimes like GDPR, threatens trade secret protection, and can undermine claims of legal privilege by eroding confidentiality through iterative, undocumented disclosure. National security exposures, including those related to export control and sanctions regimes, follow a similar pattern when technical or controlled data flows out through agent calls. Furthermore, shadow AI use can be exploited by adversary agents seeking to gain access to enterprise IT systems as a trusted user. It is plausible to envision a cat-and-mouse game where agentic-driven phishing attacks exploit the programming biases of otherwise well-meaning digital workers.
Consistency and Integrity Under Threat
At a structural level, shadow agentic AI undermines the consistency and integrity of compliance frameworks. Formal compliance systems rely on standardized methodologies, defined risk criteria, and documented procedures. Shadow AI, conversely, enables highly individualized approaches. Different employees may use different tools, prompts, and assumptions, effectively creating fragmented, micro-level processes that diverge from approved standards and lead to actions lacking transparency and appropriate human supervision. Over time, this fragmentation erodes an organization’s ability to demonstrate consistency, fairness, and rigor—qualities that are paramount for regulatory trust, especially in regulated industries.
Evolving Compliance: From Prohibition to Governance
The risks associated with shadow and agentic AI are unlikely to be effectively mitigated through outright prohibition. Experience with earlier waves of "shadow IT," from personal devices to cloud platforms, demonstrates that blanket bans tend to drive usage further underground, precisely when oversight is most critical. Overly restrictive IT controls can push the workforce "off-grid" in the name of efficiency, leading to a complete loss of visibility.
A more effective response requires a fundamental shift in compliance posture: from approval-based control to governance grounded in visibility, accountability, and risk prioritization. This shift rests on several reinforcing pillars.
Strategic Rollout with Comprehensive Risk and Privacy Impact Assessments
Digital workers and AI agents should be deployed through a disciplined, risk-based program rather than opportunistically. The most consequential questions are often not technical but jurisdictional: What data can the agent access, and what can leave company premises? A meaningful pre-deployment risk assessment should map the agent’s data inputs, outputs, system integrations, and decision authority against relevant legal regimes (privacy, trade secrets, export controls, sectoral regulations) and the organization’s risk appetite. Classifying digital workers by impact tier (e.g., low, medium, high) allows controls to be scaled appropriately with the stakes involved. This process enables the enterprise to align the business objectives of agentic AI deployment with robust governance and risk management processes that effectively mitigate associated risks, preventing compliance from becoming an organizational impediment that drives workers toward shadow AI.
Establishing Clear, Practical Acceptable-Use Standards
Many existing AI policies remain too abstract to guide real-world behavior effectively. Effective standards must provide concrete direction on permissible data inputs, approved and restricted use cases, and acceptable use guidelines, including clear triggers for escalation to legal or compliance teams. Critically, these policies must explicitly address agentic behaviors such as task chaining, autonomous execution, and decision support, rather than treating AI as a passive tool. A policy designed for simple prompting with tools like ChatGPT will be inadequate for governing an agent that autonomously places trades, sends emails, or files tickets on behalf of a worker.
Providing Approved, Controlled Environments
When employees resort to external tools out of necessity or for perceived efficiency, organizations should offer sanctioned alternatives. These can include enterprise AI platforms, internally managed sandboxes, effective testing and red-teaming protocols, or vendor solutions deployed under appropriate contractual and technical safeguards. These controlled environments can incorporate data-handling restrictions, prompt and output logging, and integration with existing IT and compliance systems. Best practices observed include incubating agents in a development environment before deploying them into production after rigorous stress-testing. By enabling safe use rather than attempting to suppress all use, organizations can reduce the incentive for shadow adoption and gain valuable visibility into actual practices.
Concurrent Training with Rollout
Training cannot lag behind deployment. Every new digital worker should be accompanied by live training and clear guidance for the individuals who will work with it, supervise it, or rely on its outputs. Static annual training modules are insufficient for a technology that evolves monthly. Standards, practical examples, and red-flag scenarios should be embedded directly into the workflows where employees encounter agents. Fortunately, AI-based solutions themselves can assist in addressing the challenge of rapid AI deployment by providing adaptable training resources.
Developing Rules with Cross-Functional Buy-In
Effective AI governance demands cross-functional coordination. Responsibility for AI risk cannot rest solely with IT or compliance departments. Establishing dedicated AI risk committees or integrating AI risk considerations into existing governance bodies ensures alignment among legal, privacy, security, HR, business unit leaders, and the board of directors regarding acceptable organizational practices. Without such alignment, agentic behaviors can fall through organizational gaps, leading to predictable negative consequences.
Building Audit, Monitoring, and Metrics for Success
Traditional compliance models often focus on violations after they have fully materialized. Agentic systems necessitate earlier intervention. Programs should prioritize identifying early indicators of misalignment, such as anomalous decision patterns, unexplained deviations from business rules, or a drift in agent behavior, before they crystallize into regulatory breaches. Technical measures like network monitoring, API controls, and prompt/output logging should be complemented by softer mechanisms, including internal audits, employee surveys, and whistleblower channels designed to capture AI-related concerns. Defining metrics for success upfront is crucial; these should include error and override rates, escalation volumes, time to detection, and the proportion of agent activity that is logged and reviewable.
Integrating AI Risk into Existing Frameworks
AI-related risks should be embedded into existing compliance risk assessments and control frameworks rather than treated as a standalone issue. Shadow and agentic AI intersect directly with confidentiality, anti-corruption, internal controls, third-party risk, and regulatory reporting. Mapping AI risks onto these established frameworks helps identify where current controls are inadequate and prevents further fragmentation of governance structures.
Agentic AI as a Compliance Enabler
This analysis is not solely cautionary. When deployed within robust governance frameworks, AI, including increasingly agentic systems, holds significant potential to strengthen compliance functions themselves. Agentic AI can enhance monitoring capabilities, automate the triage and escalation of risks, surface anomalies in transaction or communication data, and improve the integrity and timeliness of internal reporting. The same capabilities that pose exposure risks when mismanaged can, in the right hands, dramatically expand a compliance team’s reach and effectiveness.
Despite the inherent uncertainty surrounding agentic and shadow AI, the current moment represents a uniquely valuable window for organizations to learn and experiment. Because the technology is rapidly evolving and governance frameworks are not yet fully mature, companies have an opportunity to engage with these systems in a more exploratory, lower-stakes manner. This involves testing use cases, observing agent behavior in practice, and identifying where controls might break down. Waiting for fully mature solutions would be a strategic misstep. Organizations should be building familiarity and internal capability now, so they are well-prepared as standards inevitably harden.
This period of relative flexibility allows compliance and legal teams to actively shape how agentic AI is deployed within their organizations, rather than reacting later under pressure. Realizing the upside of agentic AI depends not solely on the level of autonomy granted to agents but on embedding clear limits, auditability, and oversight from the outset. It is time for risk managers to embrace technology, inviting it into their organizations as a partner rather than viewing it as an unchecked threat.
The objective in governing shadow and agentic AI is not to eliminate informal use entirely but to bring it within the perimeter of governance. By aligning standards, technology, oversight, and corporate culture, organizations can manage decentralized AI use effectively while positioning themselves to harness agentic capabilities in a controlled and compliant manner.
Digital workers are entering the workforce, regardless of whether compliance functions are fully prepared. The choice is not whether to permit their presence but whether to govern them responsibly. Companies that treat the rollout as a serious compliance program—incorporating risk-based deployment, comprehensive training, cross-functional ownership, and meaningful audit—will find that their new technological colleagues genuinely earn their place. Those that do not will discover, often too late, that "the bot did it," and no one is quite sure who is ultimately responsible.
