Agent rules: match autonomy to risk

Companies are starting to treat artificial intelligence agents less like chatbots and more like employees with spending limits, approvals, and audit trails. (venturebeat.com) Bain said this month that modern agent systems need three core layers: orchestration, observability, and governed data access. The firm argued that security and governance have to be built in “by design,” not added after deployment. (bain.com) That design shows up in how much authority an agent gets. VentureBeat described operating modes such as suggest-only, propose-and-approve, and execute-with-rollback, with higher-risk tasks getting tighter human review and recovery controls. (venturebeat.com) The shift is happening because these systems now do more than draft text. Bain said agents can discover tools, share memory, call other agents, execute code in sandboxes, and pass context across multi-step workflows inside a single request. (bain.com) That wider reach has turned identity into a core control. Bain said older access systems assumed a human user in a role-based session, while autonomous agents need contextual, least-privilege permissions for each tool they touch. (bain.com) Microsoft made the same case on April 2, when it released an open-source Agent Governance Toolkit aimed at runtime policy enforcement for agents. Microsoft said the package includes action interception before execution, cryptographic identity, and secure agent-to-agent communication. (opensource.microsoft.com) The risk list is getting more formal, too. Microsoft said the Open Worldwide Application Security Project published a Top 10 for agentic applications in December 2025 covering goal hijacking, tool misuse, identity abuse, memory poisoning, cascading failures, and rogue agents. (opensource.microsoft.com) Policy pressure is also moving closer to enforcement dates. Microsoft said high-risk obligations under the European Union Artificial Intelligence Act take effect in August 2026, and the Colorado Artificial Intelligence Act becomes enforceable in June 2026. (opensource.microsoft.com) Outside vendors are using the same language. A World Economic Forum article published March 16 said responsible governance means defining an agent’s capabilities by context, as memory, tool access, and agent-to-agent protocols expand what these systems can do across email, calendars, storage, and enterprise software. (weforum.org) Even identity companies are framing the problem as a permissions issue, not just a model issue. Okta wrote in July 2025 that agent governance has to shift from static oversight to dynamic, identity-driven controls because autonomous systems can plan, adapt, and act over longer timeframes without constant human supervision. (okta.com) The emerging rule is simple: the more money, data, or operational risk an agent can touch, the narrower its autonomy gets. Firms that want agents to act at scale are building the same basics first — permissions, approvals, observability, and a way to undo mistakes. (venturebeat.com)