MIT Sloan Highlights Agentic AI Risks

The shift to agentic AI marks a fundamental change from predictive models to autonomous systems that take action, introducing new classes of risk around unintended consequences and emergent behavior. Research from MIT Sloan emphasizes that the primary challenges are not technical but "sociotechnical," with over 80% of the effort in deploying these systems consumed by data integration, stakeholder alignment, and governance, not model development. Governance frameworks are moving beyond high-level principles to concrete operational practices for agentic systems. Key considerations include establishing clear accountability for AI-driven errors, ensuring human oversight is meaningful without becoming a bottleneck, and designing for interruptibility when an agent's actions deviate from intended goals. The core challenge lies in governing systems that adapt in real-time and interact dynamically with other systems, a departure from the static nature of traditional software. For product leaders, this introduces new security vulnerabilities that require a shift in thinking. The attack surface expands beyond data breaches to include prompt injection, where malicious inputs manipulate an agent's actions, and privilege escalation, where an agent is granted excessive permissions across enterprise systems. This transforms AI agents into "digital insiders" that can create cascading failures if compromised. In the HR technology space, agentic AI is already automating complex workflows like interview scheduling, benefits enrollment, and compliance monitoring. Platforms are emerging that use agents to connect disparate systems like applicant tracking and payroll, executing multi-step processes without human intervention. This allows HR teams to move from transactional tasks to strategic functions like workforce planning and talent development. However, enterprise adoption faces significant hurdles in reliability and cost management. Unlike rule-based software, agents can be unpredictable, making consistent performance and latency difficult to guarantee. Furthermore, because agentic workflows are dynamic, the associated computational costs are variable and can escalate unexpectedly, requiring new monitoring and cost-control strategies. Recent studies highlight a concerning lack of transparency and control in many current agentic systems. A majority of platforms do not disclose safety testing protocols, and many lack a reliable way to shut down a rogue agent, sometimes only offering the ability to stop all agents at once. This absence of granular control and clear monitoring presents a significant barrier for deployment in regulated industries like finance and HR.