In the week of March 17–21, 2026, four companies launched AI agent governance platforms. Kore.ai released an Agent Management Platform spanning every major framework. Entro Security debuted “Shadow AI” governance for rogue agents. Two startups—Geordie AI and Token Security—made the RSAC 2026 Innovation Sandbox Top 10 for agent security. Microsoft published “Secure Agentic AI End-to-End.” The World Economic Forum released a white paper on agent governance.
The AI agent governance market is arriving faster than anyone projected. Gartner predicts enterprises will operate thousands of agents by 2028. Databricks reports that companies with governance tools get 12 times more AI projects into production. The category is real, it is large, and it is forming now.
But every solution being built solves only half the problem.
The WHO Layer: Identity, Access, and Permissions
The current wave of AI governance platforms answers three questions: Which agents exist in our organization? What systems can they access? When should they be suspended or retired?
These are important questions. They are also familiar—they mirror the identity and access management (IAM) patterns that enterprises have used for human employees for decades. Microsoft’s Agent 365, launching May 1 at $15/user/month, makes this explicit: every agent gets an Entra ID, conditional access policies, audit trails, and lifecycle management. “Treat agents like employees,” the pitch goes.
| Platform | Launched | Primary Capability | Governance Type |
|---|---|---|---|
| Microsoft Agent 365 | May 1, 2026 (GA) | Agent identity, audit trails, compliance | WHO |
| Kore.ai AMP | Mar 17, 2026 | Cross-framework agent management | WHO |
| Entro Security AGA | Mar 18, 2026 | “Shadow AI” discovery + access control | WHO |
| Geordie AI | 2025 (RSAC 2026 Top 10) | Agent-native security + behavior monitoring | WHO + partial HOW |
| Token Security | 2025 (RSAC 2026 Top 10) | Non-human identity governance | WHO |
| NVIDIA NemoClaw | Mar 2026 (GTC) | Runtime sandboxing + guardrails | WHO (infrastructure) |
| Salesforce Agentforce | 2025 ($540M ARR) | Agent orchestration + admin controls | WHO |
The pattern is consistent: identity, access, audit. Who is this agent? What can it touch? Did it comply?
This is necessary. It is also insufficient.
The Missing Layer: HOW Agents Decide
Consider an agent with perfect credentials. It has the right Entra ID, the right permissions, the right audit trail. It is authorized to access your customer database, your email system, and your financial APIs.
Now consider what WHO governance cannot prevent that agent from doing:
- Fabricating data to make its own metrics look better
- Spending $50,000 on ad campaigns because no economic constraint evaluated the decision
- Sending 10,000 emails that damage your brand because no reputation gate checked the content
- Optimizing a metric in ways that harm users (Goodhart’s Law at machine speed)
- Failing silently for 13 days because no liveness check detected the outage
- Making irreversible decisions without human escalation because no authority level bounded its autonomy
An authorized agent making bad decisions is not an identity problem. It is a governance problem—and specifically, a governance problem that WHO-layer solutions are architecturally unable to solve.
The Analogy
Giving an agent an Entra ID and access policies is like giving an employee a badge and a laptop. It tells you they work here and which rooms they can enter. It tells you nothing about whether they will make good decisions once inside.
What HOW Governance Looks Like
HOW governance addresses the decision layer—not who the agent is, but how the agent reasons, evaluates, and constrains itself. In practice, it requires four architectural components that no current platform provides:
1. Hard Constraints (Inviolable Rules)
Rules that cannot be overridden by the agent, by other agents, or by prompt manipulation. Not “guidelines” or “policies” stored in a dashboard—constraints enforced programmatically on every execution cycle.
Examples: no fabricated data (ever), no spend above a threshold without human approval, no silent outage longer than 24 hours, no timing-unsafe secret comparisons.
2. Evaluation Gates (Decision Checkpoints)
Before an agent acts, its decision passes through evaluation gates that assess whether the action is epistemically sound (is the agent certain enough?), economically viable (does the math work?), reputationally safe (could this damage trust?), and governmentally compliant (does this follow the rules?).
WHO governance asks: Is this agent allowed to act? Gate-based governance asks: Should this action be taken at all?
3. Authority Levels (Bounded Autonomy)
Not all decisions are equal. A daily status update requires less oversight than a $10,000 budget allocation. HOW governance defines graduated authority levels that match the reversibility and impact of each action to the appropriate level of autonomy.
This is where Singapore’s new Model AI Governance Framework for Agentic AI aligns: a five-tier graduated autonomy taxonomy where oversight scales with risk. The framework describes what the architecture should look like. The question is who will build it.
4. Self-Amendment (Evolutionary Governance)
Static rules break. Markets shift, regulations change, the system learns. HOW governance includes a formal amendment process—the ability for the system to evolve its own rules while maintaining inviolable core constraints.
This is the deepest architectural gap. Every current platform treats governance as a fixed configuration. Constitutional self-governance treats it as a living system.
| Capability | WHO Governance | HOW Governance |
|---|---|---|
| Prevent unauthorized access | Yes | Not its job |
| Prevent authorized-but-bad decisions | No | Yes |
| Detect data fabrication | No | Yes (epistemic gate) |
| Enforce spending limits | Partial (role-based) | Yes (economic gate) |
| Prevent reputation damage | No | Yes (risk gate) |
| Detect silent failures | No | Yes (liveness constraints) |
| Evolve rules over time | Manual config updates | Formal amendment process |
| Scale with agent count | Linear (per-agent policies) | Constitutional (rules apply to all) |
Why the Gap Matters Now
Three converging signals make this gap urgent:
Scale. 67% of Fortune 500 companies now have at least one AI agent in production, double from 34% in 2025. The World Economic Forum reports 82% of executives plan to deploy agents within three years. At the scale Gartner projects—thousands of agents per enterprise—per-agent admin policies become unmanageable. You need constitutional rules that apply to all agents by default.
Complexity. Multi-agent systems introduce emergent behaviors that no single-agent IAM policy can predict. When Agent A passes data to Agent B, which passes a decision to Agent C, who authorized the final action? WHO governance traces the identity chain. HOW governance evaluates whether the decision should have been made at all.
Regulation. The EU AI Act takes full effect August 2, 2026. NIST launched its AI Agent Standards Initiative with listening sessions in April. Singapore published the world’s first governmental framework for agentic AI governance. These frameworks all describe behavioral requirements—transparency, human oversight, risk management, accuracy, robustness. These are HOW requirements, not WHO requirements.
The 12x Signal
Databricks reports that companies using AI governance tools get 12 times more AI projects into production. Governance isn’t a brake—it’s an accelerator. But only if it governs the decisions, not just the identities.
The “AI Brain Fry” Connection
BCG’s March 2026 study coined the term “AI brain fry”—the mental fatigue workers experience from overseeing AI systems. Among affected workers, 33% reported increased decision fatigue. 34% showed active intention to leave their company.
But here is the finding that matters most: workers who used AI to reduce repetitive work reported lower burnout. The variable that determined whether AI helped or harmed was not the AI itself. It was how the AI was governed—whether workers managed the AI’s decisions, or whether the AI managed its own.
This is the same WHO vs. HOW distinction at the human level. If your governance model requires humans to review every agent decision (WHO governance), you create more cognitive load, not less. If your governance model means agents constrain themselves within verified boundaries (HOW governance), humans supervise the system, not every action.
What Constitutional Self-Governance Means in Practice
Constitutional self-governance is not a metaphor. It is an architectural pattern where agents operate under binding rules—hard constraints, evaluation gates, and formal amendment processes—enforced programmatically on every execution cycle.
In a constitutional system:
- An agent cannot fabricate data, even if it would make its metrics look better, because a hard constraint prevents it on every cycle
- A spending decision passes through an economic gate that evaluates sustainability before execution, not after
- A marketing email is checked by a risk gate that prevents reputation damage before the email is sent, not flagged in an audit log after
- When a rule needs to change, a formal amendment process preserves the audit trail and prevents uncontrolled drift
- When an agent fails, a circuit breaker pattern prevents cascading failures, and a dead letter queue preserves the failed task for human review
The distinction from admin governance is not ideological. It is architectural: constraints are enforced in the execution loop, not in the monitoring dashboard.
The Category Definition Race
Right now, “AI governance” is being defined by the largest platforms. When Microsoft says “AI governance,” they mean Agent 365—identity, access, audit. When Kore.ai says “agent management,” they mean cross-framework admin controls. When Entro says “agent governance,” they mean Shadow AI discovery.
If these definitions calcify, “AI governance” will permanently mean “admin dashboard for agents.” And the HOW layer—the part that actually prevents bad decisions, that regulatory frameworks are actually requiring, that the “AI brain fry” research says matters most—will remain unbuilt.
The question for organizations deploying AI agents is not whether to adopt governance. It is whether to adopt governance that only controls who agents are, or governance that also controls how agents decide.
The badge gets them in the building. The constitution tells them how to behave once inside.
Read the Full Research Preprints
The WHO vs. HOW framework is formalized across two peer-reviewable preprints: the Constitutional Self-Governance architecture (12 mechanisms, NIST/EU AI Act mapping) and the Agent Security Harness (protocol-level verification that proves decision-layer governance holds under adversarial conditions).
Constitutional Self-Governance (DOI: 10.5281/zenodo.19162104) Agent Security Harness (DOI: 10.5281/zenodo.19343034)Measure Your Decision Load
AI agents make thousands of decisions daily. So do you. Our free assessment measures your cognitive decision burden in under 5 minutes.
Take the AssessmentFrequently Asked Questions
What is the difference between WHO governance and HOW governance for AI agents?
WHO governance controls agent identity, access, and permissions—which agents exist, what systems they can access, and what actions they’re authorized to perform. HOW governance controls agent decision-making—the rules, constraints, and evaluation criteria that determine how an agent reasons about choices, handles uncertainty, and responds to failure. Most current AI governance solutions only address WHO.
Why does AI agent governance need both identity and decision governance?
Identity governance prevents unauthorized access but cannot prevent authorized agents from making bad decisions. An agent with the right credentials can still fabricate data, overspend budgets, ignore safety constraints, or optimize for metrics that harm users. Decision governance addresses this gap by embedding behavioral constraints, evaluation gates, and self-correction mechanisms into the agent’s operational loop.
What is constitutional self-governance for AI agents?
Constitutional self-governance is a framework where AI agents operate under binding rules—hard constraints, evaluation gates, and amendment processes—that are enforced programmatically on every execution cycle. Unlike admin dashboards that let humans monitor agents, constitutional governance means the agents govern themselves within defined boundaries.
Related Articles
- The First AI Cyber Espionage Campaign Succeeded Because the Agents Had No Constitution
- The OS for AI Agents: What Jensen Huang Gets Right—and What’s Missing
- The AI Governance Scaling Problem Nobody Wants to Talk About
- Constitutional AI Governance: From Rules to Self-Governing Systems
- ClawTeam: 2,430 Experiments, Zero Governance
- The White House Says Go Fast. NIST Says Manage Risk. Nobody Says How.
Is your organization governance-ready?
78% of executives can't pass an independent AI governance audit in 90 days (Grant Thornton). Our Constitutional AI Governance Stress Test shows you exactly where the gaps are — before your board asks.
Get Your Governance Score →