What Is an AI Agent?
An AI agent is a system that uses an AI model to take autonomous sequences of actions to complete a goal, browsing the web, calling APIs, writing and executing code, sending communications, or interacting with other software. Unlike a chatbot that produces text, an agent acts in the world. This creates governance challenges that are qualitatively different from ordinary AI tool deployment.
Agents vs. tools: the key distinction
A conventional AI tool, a chatbot, a document summariser, an image generator, takes an input and produces an output. A human then decides what to do with that output. An agent inverts this relationship: it is given a goal, and autonomously decides what sequence of actions to take to achieve it.
This distinction matters enormously for governance. When a human reviews a chatbot output before acting, the human is the control. When an agent acts before a human reviews, the human oversight mechanism must be designed into the system, it does not happen automatically.
Governance risks specific to AI agents
Minimum governance requirements for agentic AI
Organisations deploying AI agents should establish, at minimum, the following controls before any agent takes autonomous action in a production environment:
- Complete audit logging of every action the agent takes, at every step
- Explicit scope limitation, agents should have access only to the systems and permissions required for their specific task
- Human approval checkpoints before irreversible actions (sending communications, executing payments, modifying production systems)
- A defined kill-switch or pause mechanism accessible to a named human responsible
- Testing in a sandboxed environment before production deployment, including adversarial testing for prompt injection