Credo AI warns agentic risks
- Credo AI said April 24 that enterprise “agentic coding” only works with explicit rules, project context, module documentation, and human review, reframing autonomous coding as a governed engineering workflow. - The company said agents are not “magic boxes” and warned that boards now face risks from autonomous actions, including API calls, spending authority, audit trails, and supply-chain cascades. - The warning lands as firms race to deploy agents before governance tools and memory systems mature, leaving gaps in persistence, oversight, and recovery. (credo.ai)
AI agents can now write code, call tools, and trigger workflows, but Credo AI says enterprises still need rules, context, and human review around every important decision. (credo.ai) In an April 24 post, Credo AI described “agentic coding” as autonomous planning, execution, and iteration on code changes under explicit standards and oversight. The company said predictable output depends on commands, plans, module documentation, and disciplined context management. (credo.ai) Credo AI made the same case more broadly in February and March, arguing that boards now have to govern agents that can set sub-goals, call application programming interfaces, and move data or money with less scrutiny than human staff. Its March framework listed seven governance issues, including permissions, multi-agent interactions, and “agentic sprawl.” (credo.ai 1) (credo.ai 2) The technical problem underneath that warning is memory. A normal chatbot is stateless, meaning each session starts nearly from scratch unless something saves and retrieves prior facts. (arxiv.org) A March 2026 survey on autonomous large language model agents said memory is what turns a stateless text generator into an adaptive agent. The paper described memory as a write-manage-read loop and said current systems still show “stubborn gaps” on multi-session tests that mix recall with decision-making. (arxiv.org) The paper’s example was a debugging assistant that forgets a codebase over the weekend, rereads the same files on Monday, and retries the same failed fix from Friday. That is the reliability risk enterprises run when agents act across long tasks without persistent state. (arxiv.org) Security groups are responding with runtime controls, not just policy documents. Microsoft said April 2 that its open-source Agent Governance Toolkit was built to address all 10 OWASP risks for agentic applications, including goal hijacking, tool misuse, memory poisoning, cascading failures, and rogue agents. (opensource.microsoft.com) Microsoft said the toolkit intercepts each agent action before execution with sub-millisecond policy enforcement, borrowing ideas from operating systems, service meshes, and site reliability engineering. That matches Credo AI’s argument that governance has to sit inside the workflow, not in a spreadsheet or annual review. (opensource.microsoft.com) (credo.ai) The regulatory clock is also getting closer. Microsoft noted that the European Union Artificial Intelligence Act’s high-risk obligations take effect in August 2026 and the Colorado AI Act becomes enforceable in June 2026. (opensource.microsoft.com) So the practical message from this week’s Credo AI explainer is narrower than the hype around autonomous coding: if an agent can act, it needs persistent memory, bounded permissions, audit logs, and a human who can stop it. (credo.ai 1) (credo.ai 2)
