Boardroom’s next governance challenge: AI agents
Boardroom’s next governance challenge: AI agents – Opinion News | The Financial Express
https://www.financialexpress.com/opinion/boardrooms-next-governance-challenge-ai-agents/4273028
As enterprises rapidly deploy autonomous AI agents with elevated access privileges, traditional human-centric corporate governance is breaking down.
June 21, 2026 21:10 IST
By Badal Bhushan
For decades, corporate governance rested on a simple assumption: people make decisions, systems execute them.
That assumption is rapidly becoming outdated.
Across industries, enterprises are deploying autonomous AI agents capable of accessing databases, interacting with customers, processing transactions and making operational decisions with minimal human intervention. These systems are no longer passive software tools. They are emerging as active participants in business processes, often operating with levels of access and influence that rival senior employees.
Yet while boards and executives celebrate the productivity gains promised by artificial intelligence, a fundamental governance question remains largely unanswered: who is accountable for the actions of a non-human actor?
The issue is more than a cybersecurity concern. It is becoming a corporate governance challenge.
STORIES YOU MAY LIKE
Traditional enterprises have spent decades building sophisticated systems to manage human behaviour. Employees are vetted, permissions are controlled, privileges are monitored and actions are audited. Accountability sits at the heart of modern governance. Every significant decision can, in theory, be traced back to an identifiable individual.
ALSO READ
Autonomous AI agents disrupt this framework.
Velocity Divergence
Unlike human employees, they can operate continuously, interact with multiple systems simultaneously and execute decisions at machine speed. In a single day, an AI agent may access more business applications, process more data and trigger more workflows than many employees would in months.
The problem is that most organisations still treat these systems as software rather than identities.
That distinction matters.
When a human employee receives elevated access to critical systems, there are clear approval processes, oversight mechanisms and accountability structures. When an AI agent receives similar privileges, those controls are often far less mature. Ownership may be unclear. Audit trails may be incomplete. Decision pathways may be difficult to reconstruct.
As a result, organisations are creating highly privileged digital actors without establishing equivalent governance frameworks.
The broader debate around AI has so far focused on technical risks. Concerns about hallucinations, model bias, data leakage and malicious prompts dominate discussions in boardrooms and regulatory forums. These risks are real and deserve attention.
But they are only part of the story.
The deeper challenge concerns authority rather than intelligence.
Before organisations decide what an AI system is allowed to do, they must first establish what that system is from a governance perspective. Is it merely an application? A digital employee? A regulated entity within an enterprise control framework?
The answer will determine how accountability is assigned when things go wrong.
Consider a simple scenario. An AI agent approves a transaction that violates compliance rules, rejects a legitimate customer request, or triggers an operational action that causes financial loss. Who bears responsibility? The software vendor? The technology team? The business unit? The executive who authorised deployment?
Without a clearly defined identity and governance structure, accountability quickly becomes blurred.
This is particularly important as highly regulated sectors such as banking, healthcare, insurance and defence accelerate AI adoption. Regulators increasingly care less about whether a system uses artificial intelligence and more about whether institutions can explain, monitor and govern its actions.
ALSO READ
Boards should therefore begin asking four basic questions. Who authorised the AI agent? What permissions does it possess? How were those permissions approved? And how are its activities independently monitored?
Many organisations would struggle to answer all four consistently today.
That should concern investors as much as cybersecurity teams.
The evolution of enterprise security has always followed technological change. The move to cloud computing transformed infrastructure controls. The rise of remote work accelerated zero-trust architectures. Artificial intelligence now demands a similar shift.
The future of governance cannot remain human-centric. It must encompass human identities, machine identities, cloud workloads and autonomous AI agents under a common framework of accountability.
The companies that thrive in the AI era will not simply be those with the most advanced models. They will be those that build the strongest systems of trust around them.
The next major enterprise failure may not result from a rogue employee or a flawed algorithm. It may stem from an autonomous digital actor operating with significant authority but without a clearly mapped identity, owner or chain of accountability.
That is not merely a technology problem. It is a governance problem.
(The author is a distinguished engineer specialising in Identity and Access Management (IAM), Zero Trust security, machine identity governance, and AI-driven identity systems)
Disclaimer: The views expressed are the author’s own and do not reflect the official policy or position of Financial Express.
This article was first uploaded on June twenty-one, twenty twenty-six, at ten minutes past nine in the night.
© The Indian Express (P) Ltd
aniltikotekar4sme.com 