Microsoft caught 31 companies poisoning AI memory in 60 days. None of them were threat actors. The MINJA research achieves 98% injection success against GPT-4. OWASP put memory poisoning at ASI06 in their 2026 Top 10 for Agentic Applications. Quarterly audits run on the wrong cadence to catch any of it.
David Baum Five days in January 2026, four AI productivity tools shipped indirect prompt injection vulnerabilities. Same pattern in every case. Simon Willison named it in June 2025: private data access plus untrusted content plus external communication equals data exfiltration. You can't remove any leg without breaking the agent. Governance has to shift from prevention to containment.
David Baum Banks waited fifteen years for an SR 11-7 successor. They got SR 26-2 on April 17. Footnote 3 explicitly excludes generative and agentic AI from the guidance. The agencies' AI-specific RFI is coming 'in the near future.' Banks running agents in production right now have no formal guidance and supervisory expectations regardless.
David Baum On March 18 2026, a Meta AI agent exposed restricted company and user data for two hours. The credentials were valid. The governance was not.
David Baum Humans can't watch every agent, every action, every second. Guardian agents (dedicated policy engines that monitor, audit and enforce governance on other agents at runtime) resolve the tension between machine-speed execution and meaningful oversight.
David Baum Non-human identities outnumber human identities 50:1 in the average enterprise environment. That ratio is projected to reach 80:1 within two years. Yet only 10% of organizations have strategies for managing non-human and agentic identities. Most AI agents deployed in production run with the same permissions as the user or service account that launched them, including filesystem write access, network egress, code execution and database admin credentials. IAM systems enforce permissions based on human identity. When actions are executed by an AI agent, traditional authorization breaks down.
David Baum Retiring an AI agent is harder than retiring a server. Agents hold API keys, cached tokens, vector embeddings and downstream dependencies that persist long after someone clicks 'disable.' Here is the seven-step protocol that keeps your attack surface from growing every time you sunset an agent.
David Baum 78% of executives cannot confidently pass an AI governance audit within 90 days. The organizations that can are nearly 4x more likely to report revenue growth. This is the phase-by-phase playbook for getting from zero to governed in one quarter.
David Baum Nearly 90% of business spreadsheets contain errors. Only 37% of organizations have AI governance policies in place. And 79% of IT leaders report encountering unauthorized AI deployments. When your agent governance relies on shared spreadsheets and quarterly reviews, you are governing a static snapshot of a system that changes daily. This is the dimension-by-dimension comparison of what breaks when manual governance meets production agents at scale.
David Baum 97% of enterprises expect a material AI agent security incident within the next 12 months. Only 20% have tested an incident response plan. This playbook covers the containment protocols, forensic procedures and regulatory notification timelines that your existing runbook does not.
David Baum The EU AI Act classifies virtually all public sector AI applications that affect citizens as high-risk. OMB memoranda M-25-21 and M-25-22 establish federal AI procurement and governance requirements. GSA's proposed AI clause mandates 72-hour incident reporting, prohibits foreign AI systems and holds prime contractors liable for all downstream compliance. Government AI agents that deny benefits, approve permits or process citizen requests trigger administrative law obligations that commercial AI governance frameworks do not address.
David Baum Financial services firms deploying AI agents face the most complex regulatory overlay of any industry. SR 11-7 model risk management, MiFID II suitability obligations, DORA operational resilience requirements, PSD2 payment security standards and EU AI Act high-risk classifications all apply simultaneously. A trading agent executing autonomously breaks every assumption SR 11-7 was built on. A KYC agent making onboarding decisions must produce audit trails that satisfy multiple regulators across jurisdictions. The governance requirements are not emerging. They are already being enforced.
David Baum AI adoption among legal professionals doubled from 31% to 69% in a single year. Yet 54% of law firms provide no AI training and 43% lack any formal AI policy. A federal court has already ruled that documents generated using consumer AI tools are not protected by attorney-client privilege. ABA Formal Opinion 512 maps the ethical obligations. The EU AI Act classifies AI in the administration of justice as high-risk. The governance framework for legal AI agents is not hypothetical. It is already being enforced.
David Baum Building compliance infrastructure after you have built your AI system costs 10-50x more than building it in parallel. Organizations with high levels of shadow AI pay $670,000 more per breach. And 97% of those experiencing AI security incidents lacked proper access controls. The business case for agent governance is not about preventing hypothetical risk. It is about quantifying the cost you are already paying.
David Baum The AI governance platform market will hit $492 million this year. Most of that spend will go to tools that were not built for agents. Here is how to tell the difference between a purpose-built governance platform and a GRC checkbox with an AI label.
David Baum By late 2026, more than 35% of insurers will deploy AI agents across at least three core functions. The EU AI Act classifies insurance underwriting AI as high-risk. EIOPA has published governance requirements. And 81% of regulators now identify fairness and bias mitigation as critical. Insurance is where agent governance stops being theoretical and starts being existential.
David Baum 78% of executives lack confidence they could pass an AI governance audit within 90 days. The gap is not missing policies. It is missing visibility. Most organizations have no single screen that shows how many agents they run, what those agents access, whether they comply with policy and what risk they carry.
David Baum Fewer than 100 organizations held ISO 42001 certification by January 2026. That number will shift fast: Microsoft, AWS and Google Cloud have all certified and enterprise procurement teams are adding ISO 42001 to vendor questionnaires. For organizations running autonomous AI agents, the standard offers the only certifiable AI management framework. But the standard was written for AI systems, not AI agents and the gap between the two creates compliance blind spots that auditors are starting to notice.
David Baum Your dashboards are green. Your agent is on fire. Traditional APM tools confirm a request succeeded with a 200 OK and acceptable latency, but they cannot detect when an agent selects the wrong tool, gets trapped in a reasoning loop or hallucinates a confident answer. The observability gap between what you monitor and what your agents do is where production failures hide.
David Baum Spending on AI governance platforms is projected to reach $492 million in 2026 and surpass $1 billion by 2030. The vendor landscape is expanding fast, with IBM, Microsoft, Google Cloud and AWS competing alongside specialist providers. But most RFP templates were written for traditional software procurement. They miss the questions that matter for agent governance: runtime policy enforcement, autonomous decision monitoring, multi-agent coordination and behavioral drift detection. This template fills that gap.
David Baum 78% of enterprises have AI agent pilots. Only 14% have reached production scale. The gap is not technology. It is governance, ownership and operational discipline that breaks at every inflection point between a handful of agents and hundreds.
David Baum 68% of employees use AI tools without IT approval. 86% use them at least weekly. Only 25% of organizations have full visibility into the agents operating in their systems. The shadow agent problem is not hypothetical. It is running in your environment right now, accessing your data, making decisions and creating compliance exposure you cannot see.
David Baum 88% of organizations reported confirmed or suspected AI agent security incidents in the past year. 91% of AI tools operate without IT approval. The average SaaS application now has at least 10 AI agents associated with it. Yet most governance frameworks focus exclusively on agents you build. Third-party agents, embedded in your SaaS tools, managed by your vendors and chained through partner integrations, operate outside your governance perimeter. This is the due diligence framework for the agents you did not build but are accountable for.
David Baum DevOps governs code. MLOps governs models. AgentOps governs actions: the autonomous decisions and tool invocations AI agents execute without waiting for human approval.
David Baum The 2017 Trust Service Criteria weren't designed for autonomous AI agents, but auditors are applying them anyway. Here's what they'll ask and the 25 controls you need.
David Baum Your AI agents have never read your governance documents. Policy-as-code closes the enforcement gap by expressing governance rules as machine-readable, machine-enforceable code that is evaluated in real-time at the moment an agent acts.
David Baum Single-agent governance handles the agent. Multi-agent governance handles the interactions: what happens when agents delegate, trust each other's output and collaborate on workflows that none of them individually controls.
David Baum Gartner predicts 40% of enterprise applications will embed AI agents by end of 2026. These agents process your data and take actions in your systems, but sit outside your governance framework because your vendor deployed them, not you.
David Baum Risk classification is the decision that shapes everything downstream in agent governance. This guide provides a three-dimension scoring model (data sensitivity, decision authority and blast radius) that maps every AI agent to a governance tier.
David Baum Healthcare has always been the most heavily regulated domain for technology. AI agents are about to collide with five European regulations simultaneously, and 92.7% of healthcare organizations with active agent deployments already report security incidents.
David Baum A certification is a snapshot. The moment after it's issued, changes begin accumulating: model updates, new data sources, owner departures. The gap between certified state and actual state widens invisibly.
David Baum Human-in-the-loop sounds prudent, but research shows humans in governance roles provide correct oversight roughly half the time. The fix isn't removing humans. It's placing them where they add judgment, not rubber stamps.
David Baum MLOps was built for predictions. Agents don't predict; they act. Here's why the operational discipline that governed the last generation of AI doesn't work for the next one and what AgentOps must replace.
David Baum Roval is launching the State of AI Agent Governance 2026 survey, the first practitioner-led benchmark focused on how enterprises govern autonomous AI agents. Here's why the industry needs it and why your data point matters.
David Baum Gartner predicts 40% of agentic AI projects will fail by 2027. Not because the technology doesn't work, but because the economics don't. Here's where the money goes and how to stop the bleeding.
David Baum Every enterprise has a Configuration Management Database for servers, applications and network devices. AI agents (autonomous, identity-bearing and increasingly numerous) have no equivalent system of record. Here's why they need one and what it must track.
David Baum When a board member asks how many AI agents are running in your organization you should have a clear and immediate answer. Here are nine other high-stakes questions that often follow.
David Baum Every enterprise is deploying AI agents. Almost none can answer a basic question: how many are running right now? This framework provides structured guidance for governing AI agents across the enterprise.
David Baum