.png?width=259&name=WSAI%20Amsterdam%20Orange%20no%20dates%202000x300%20(1).png)
.png?width=263&name=IM_Mothership_assets_LOGO_MINT%20(2).png){kind=logo}
AI is no longer just answering questions. In more and more systems, it is deciding what to do next: moving money, changing prices, rewriting workflows, dispatching people and machines. “Agentic AI” has become the shorthand, but the more important reality is this: a growing share of consequential actions in the economy is being taken by software that is allowed to act with limited human oversight.
The adoption numbers are already startling. McKinsey’s 2025 State of AI survey found that 88% of organisations now use AI in at least one business function, and 79% report using generative AI – making it one of the fastest‑adopted technologies the firm has ever tracked. At the same time, McKinsey notes that only around a third of companies have managed to scale AI beyond pilots. In parallel, Gartner forecasts that 40% of enterprise applications will embed AI agents by the end of 2026, up from around 5% today.
Yet governance is lagging badly. Recent analyses of AI governance and compliance show that most organisations still lack a complete inventory of where AI runs, and that only a minority have mature controls for autonomous systems. Forrester, meanwhile, expects spending on AI‑governance software alone to more than quadruple by 2030, growing at about 30% a year. Capability is racing ahead. Accountability is jogging to catch up.
Quiet shifts in power that matter more than definitions
A lot of the conversation on agentic AI gets stuck on definitions and demos, rather than what changes when these systems hit scale. For leaders in business, government and the startup world, a different set of questions is becoming more urgent: who is actually in control when systems take action, and what might go wrong, or even fail, when they do?
Agentic AI shifts power in ways that are easy to miss if you only look at the interface.
Control moves from explicit commands to ambient decisions. In the old world, a human had to click “run”, “send”, or “approve”. In an agentic world, systems can watch behaviour and data streams, infer goals, and act without being summoned. That makes recurring concepts in regulation – “meaningful consent”, “user intent”, “informed choice” – much harder to anchor, especially in homes, workplaces and cities infused with ambient intelligence.
Influence moves from visible touchpoints to back‑end orchestration. Early AI was easy to spot: a chatbot, a recommendation widget, a summarise button. Agents increasingly live in workflow engines, schedulers and API gateways. Their decisions ripple into billing systems, logistics chains, HR tools, security controls and content pipelines that most users (and often many executives) never see. Traditional transparency levers like labelling and pop‑ups do little here. The question is no longer “does the user know AI was involved?” but “can anyone reconstruct what actually happened?”
Risk moves from isolated systems to networks of systems. A single model can be tested and fenced. A web of agents, tools and models, updating shared state and sometimes calling each other, cannot be reasoned about so easily. A small mis‑specification in one component, or a change in one external API, can cascade across workflows no one ever mapped. Safety researchers and practitioners are already warning that loosely constrained agents can drift away from their designers’ intent in complex environments, creating new kinds of failure modes that are harder to predict and detect.
None of this is science fiction. OpenAI CEO Sam Altman has noted that many people already treat AI agents “like junior employees” – assigning tasks to clusters of agents and then reviewing the output. The metaphor is powerful, but it hides an uncomfortable truth: in any serious organisation, junior employees sit inside dense structures of oversight, training and consequence. Much of today’s agentic AI does not.
Why this is now a sovereignty and regulation problem
For governments and regulators, agentic AI is where several existing debates meet: AI safety, digital sovereignty, data protection and critical infrastructure.
Frameworks such as the EU AI Act were drafted around the idea of discrete “systems” performing defined tasks. Article 6 and Annex III, for example, classify “high‑risk” AI systems based on their role in products and their potential impact on health, safety or fundamental rights. That logic becomes harder to apply when a given outcome is the product of three models, four tools and two human approvals chained together by an orchestration layer.
Regulators now have to grapple with questions like:
- When a high‑stakes decision emerges from a network of components, which parts are high‑risk for the purposes of audit and enforcement?
- Who is required to keep the logs and evidence needed to reconstruct that decision?
- How do you test and certify behaviour in systems that can rewire their own workflows by discovering and calling new tools over time?
Supervisory tools are also under strain. Impact assessments, documentation requirements and human‑review rights all assume a reasonably linear decision process that can be mapped and explained. That assumption weakens when agents can branch across internal and external tools in milliseconds and loop until they reach a goal that was never precisely defined in the first place.
Sovereignty adds another, subtler layer. States can insist that sensitive workloads run on local infrastructure or approved clouds. They can even invest heavily in domestic compute and data centres. But behaviour – how agentic systems actually act in the world – is shaped by models, data and toolchains that often cross borders. A public‑sector agent built inside a national stack may still call external APIs, rely on models trained elsewhere, or be updated from overseas repositories. In defence and security contexts, where sessions like “AI on the Battlefield: Who Calls the Shots?” sit in the WSAI programme, that raises a hard question: what does it really mean to be “in control” when the logic your systems run on is effectively negotiated with outside actors?
This is one reason why analysts expect sustained growth in AI‑governance markets, and why dedicated “agentic AI in government” studies are already emerging. The basic message is simple: if states want to keep up with the systems they are authorising, they will need better visibility, new forms of cross‑border cooperation and more direct engagement with exactly how agentic AI is being designed and deployed in practice – not just with policy drafts.
Enterprises: from model risk to system risk
Inside large organisations, the biggest risk is no longer that a single model will misbehave. It is that autonomous behaviour becomes so deeply woven into processes that it can negatively change how the organisation functions.
The latest surveys and forecasts tell a slightly uncomfortable story. On one hand, AI is woven into everyday business: most large organisations now use it across multiple functions, and agents are on track to become a standard feature of enterprise software. On the other, only a minority have managed to move beyond scattered pilots to systems that are monitored, governed and understood as a whole. The gap between those two facts is where most of the risk now sits.
When AI is confined to isolated pilots, failures are local and mostly reputational. When agents sit in payment flows, supply‑chain routing, HR screening, maintenance planning or trading systems, local errors can propagate through an organisation and, in some sectors, through entire markets. A quiet change in how an agent reprices contracts or reroutes energy loads is not just a UI bug; it can feed into real‑world grid imbalances or liquidity crunches in systems that are already under strain from AI‑driven demand.
Boards and executive teams therefore need to treat agentic AI as an operating‑model decision, not a feature. It changes where decisions live, who can observe them, and how brittle the organisation becomes under stress. It also has implications for talent and institutional memory: if more and more “everyday” decisions are taken by opaque systems, human expertise risks atrophying on the sidelines – and when those systems fail, the people who are supposed to step in may no longer have the context or practice to do so safely.
Startups: maximum leverage, minimal forgiveness
For startups, agentic AI is both a lever and a liability.
On the one hand, it allows small teams to run operations that would once have required dozens of people: agents can stitch together customer support, back‑office workflows, basic finance and even parts of product discovery. Analysts expect the AI orchestration market alone to reach around $11 billion in 2025 and more than $30 billion by 2030, as enterprises look for governed ways to coordinate agents and automation across their stacks.
On the other hand, startups operate with thin capital buffers and little reputational slack. History from fintech, crypto and autonomous vehicles shows how a single high‑profile failure can reshape the rules for an entire category: Wirecard’s collapse helped trigger a much tougher BaFin stance on German fintechs; the FTX saga accelerated enforcement and political pressure across crypto exchanges; Uber’s fatal self‑driving crash in Arizona led to bans and tighter scrutiny of AV testing far beyond one company. A comparable failure involving autonomous AI systems in consumer finance, healthcare, employment or mobility would almost certainly provoke a similar regulatory and public‑opinion backlash – one that would not stop at the startup that made the initial mistake.
Founders building agentic infrastructure – developer platforms, orchestration frameworks, AI‑native SaaS – have an additional responsibility: their defaults become everyone else’s risk surface. Choices about logging, escalation, red‑teaming and alignment with rules like the AI Act do not just affect their own products; they shape how hundreds of downstream teams understand “normal” for agentic AI.
There is, however, an opportunity here. As more buyers start asking hard questions about observability, incident response and regulatory alignment, startups that can give concrete, verifiable answers will stand out. In a market where “agentic” is fast becoming generic marketing language, the ability to demonstrate auditable autonomy may be one of the few real moats.
What serious control looks like in practice
If we accept that agents are coming – and the adoption curves suggest they are – the useful question is not “should we use them?” but “what does serious control actually look like?” Across enterprises, regulators and builders, some contours are beginning to appear.
One is deliberate limits on autonomy. Not every system that can act should be allowed to. High‑impact decisions in areas like healthcare, welfare eligibility, critical infrastructure and large financial transfers need clear lines where agents can propose but not execute, and where a human with domain responsibility must make the final call. Provisions around “high‑risk” systems in the EU AI Act point in this direction, but most organisations will need to go beyond the legal minimum in internal policy.
Another is system‑level observability. Metrics and logs need to be designed so humans can reconstruct chains of action across agents and tools, not just check latency and costs. The basic test is simple: when something strange happens, can you trace the path from intent to outcome without guesswork? That implies “flight recorders” for agents, evaluation frameworks that test not just outputs but sequences of decisions, and red‑team exercises that target the orchestration layer, not only individual models.
A third is AI‑specific incident response. Organisations need playbooks for AI incidents that sit alongside cyber and operational‑risk plans: how to detect problems, who to alert, how to throttle or disable agents safely, how to communicate with regulators and affected users, and how to learn from near‑misses. Forrester’s forecast that AI‑governance tooling will quadruple by 2030 is a sign that many expect incident‑driven learning to become a permanent part of the landscape.
Finally, there is the need for shared baselines between states, platforms and major users. No single actor sees the full network anymore. That is why, in parallel to national regulations, you now see calls for common evaluation regimes, shared reporting on serious failures, and minimum safety standards for widely‑used models and tools.
As Mark Esposito argues in the World Economic Forum’s “AI, energy and geopolitics: The triple transition challenge,” AI, energy systems and geopolitics are converging, and “to deliver on the promises of AI, no leader from the public or private sector can afford to ignore the energy system or international politics.” Agentic AI will only intensify that interdependence, because it links decisions taken by autonomous systems even more tightly to where compute, power and governance actually sit.
Where WSAI fits
World Summit AI sits in the middle of these tensions by design. Sessions on “Who shapes AI’s destiny? Power, control, and responsibility”, “Orchestrating Agentic AI: Control, scale, and enterprise value” and “From prototype to production: Engineering responsible AI systems at scale” bring together the people currently making the trade‑offs: frontier labs, infrastructure providers, regulators, policy thinkers, enterprise builders and start‑ups.
The value of those conversations is not in finding a single answer. It is in making the real questions unavoidable:
- If AI agents are going to act like junior employees, who trains them, who approves their remit, and who is on the hook when they go wrong?
- How do we align what is technically possible with what is legally acceptable and socially legitimate?
- And how do we do that while the energy system, the geopolitical environment and the underlying infrastructure are all shifting under our feet?
For WSAI’s audience, those are not abstract questions. They are the difference between agentic AI as a genuine advantage – and agentic AI as the fastest way to lose control of systems that matter.
What do you think?
If this is something you’re actively navigating, the conversation doesn’t stop here.
Inside the InspiredMinds! Community Hub, you’ll find deeper insights, expert perspectives, and practical discussions from the people building and deploying AI across Europe and beyond.
Join our regular LinkedIn newsletter - Global AI Dispatch!
