AI is no longer just answering questions. In more and more systems, it is deciding what to do next: moving money, changing prices, rewriting workflows, dispatching people and machines. “Agentic AI” has become the shorthand, but the more important reality is this: a growing share of consequential actions in the economy is being taken by software that is allowed to act with limited human oversight.
Yet governance is lagging badly. Recent analyses of AI governance and compliance show that most organisations still lack a complete inventory of where AI runs, and that only a minority have mature controls for autonomous systems. Forrester, meanwhile, expects spending on AI‑governance software alone to more than quadruple by 2030, growing at about 30% a year. Capability is racing ahead. Accountability is jogging to catch up.
A lot of the conversation on agentic AI gets stuck on definitions and demos, rather than what changes when these systems hit scale. For leaders in business, government and the startup world, a different set of questions is becoming more urgent: who is actually in control when systems take action, and what might go wrong, or even fail, when they do?
Agentic AI shifts power in ways that are easy to miss if you only look at the interface.
Control moves from explicit commands to ambient decisions. In the old world, a human had to click “run”, “send”, or “approve”. In an agentic world, systems can watch behaviour and data streams, infer goals, and act without being summoned. That makes recurring concepts in regulation – “meaningful consent”, “user intent”, “informed choice” – much harder to anchor, especially in homes, workplaces and cities infused with ambient intelligence.
Influence moves from visible touchpoints to back‑end orchestration. Early AI was easy to spot: a chatbot, a recommendation widget, a summarise button. Agents increasingly live in workflow engines, schedulers and API gateways. Their decisions ripple into billing systems, logistics chains, HR tools, security controls and content pipelines that most users (and often many executives) never see. Traditional transparency levers like labelling and pop‑ups do little here. The question is no longer “does the user know AI was involved?” but “can anyone reconstruct what actually happened?”
Risk moves from isolated systems to networks of systems. A single model can be tested and fenced. A web of agents, tools and models, updating shared state and sometimes calling each other, cannot be reasoned about so easily. A small mis‑specification in one component, or a change in one external API, can cascade across workflows no one ever mapped. Safety researchers and practitioners are already warning that loosely constrained agents can drift away from their designers’ intent in complex environments, creating new kinds of failure modes that are harder to predict and detect.
None of this is science fiction. OpenAI CEO Sam Altman has noted that many people already treat AI agents “like junior employees” – assigning tasks to clusters of agents and then reviewing the output. The metaphor is powerful, but it hides an uncomfortable truth: in any serious organisation, junior employees sit inside dense structures of oversight, training and consequence. Much of today’s agentic AI does not.
For governments and regulators, agentic AI is where several existing debates meet: AI safety, digital sovereignty, data protection and critical infrastructure.
Frameworks such as the EU AI Act were drafted around the idea of discrete “systems” performing defined tasks. Article 6 and Annex III, for example, classify “high‑risk” AI systems based on their role in products and their potential impact on health, safety or fundamental rights. That logic becomes harder to apply when a given outcome is the product of three models, four tools and two human approvals chained together by an orchestration layer.
Regulators now have to grapple with questions like:
Sovereignty adds another, subtler layer. States can insist that sensitive workloads run on local infrastructure or approved clouds. They can even invest heavily in domestic compute and data centres. But behaviour – how agentic systems actually act in the world – is shaped by models, data and toolchains that often cross borders. A public‑sector agent built inside a national stack may still call external APIs, rely on models trained elsewhere, or be updated from overseas repositories. In defence and security contexts, where sessions like “AI on the Battlefield: Who Calls the Shots?” sit in the WSAI programme, that raises a hard question: what does it really mean to be “in control” when the logic your systems run on is effectively negotiated with outside actors?
This is one reason why analysts expect sustained growth in AI‑governance markets, and why dedicated “agentic AI in government” studies are already emerging. The basic message is simple: if states want to keep up with the systems they are authorising, they will need better visibility, new forms of cross‑border cooperation and more direct engagement with exactly how agentic AI is being designed and deployed in practice – not just with policy drafts.
The latest surveys and forecasts tell a slightly uncomfortable story. On one hand, AI is woven into everyday business: most large organisations now use it across multiple functions, and agents are on track to become a standard feature of enterprise software. On the other, only a minority have managed to move beyond scattered pilots to systems that are monitored, governed and understood as a whole. The gap between those two facts is where most of the risk now sits.
When AI is confined to isolated pilots, failures are local and mostly reputational. When agents sit in payment flows, supply‑chain routing, HR screening, maintenance planning or trading systems, local errors can propagate through an organisation and, in some sectors, through entire markets. A quiet change in how an agent reprices contracts or reroutes energy loads is not just a UI bug; it can feed into real‑world grid imbalances or liquidity crunches in systems that are already under strain from AI‑driven demand.
Boards and executive teams therefore need to treat agentic AI as an operating‑model decision, not a feature. It changes where decisions live, who can observe them, and how brittle the organisation becomes under stress. It also has implications for talent and institutional memory: if more and more “everyday” decisions are taken by opaque systems, human expertise risks atrophying on the sidelines – and when those systems fail, the people who are supposed to step in may no longer have the context or practice to do so safely.
For startups, agentic AI is both a lever and a liability.
On the one hand, it allows small teams to run operations that would once have required dozens of people: agents can stitch together customer support, back‑office workflows, basic finance and even parts of product discovery. Analysts expect the AI orchestration market alone to reach around $11 billion in 2025 and more than $30 billion by 2030, as enterprises look for governed ways to coordinate agents and automation across their stacks.
Founders building agentic infrastructure – developer platforms, orchestration frameworks, AI‑native SaaS – have an additional responsibility: their defaults become everyone else’s risk surface. Choices about logging, escalation, red‑teaming and alignment with rules like the AI Act do not just affect their own products; they shape how hundreds of downstream teams understand “normal” for agentic AI.
There is, however, an opportunity here. As more buyers start asking hard questions about observability, incident response and regulatory alignment, startups that can give concrete, verifiable answers will stand out. In a market where “agentic” is fast becoming generic marketing language, the ability to demonstrate auditable autonomy may be one of the few real moats.
One is deliberate limits on autonomy. Not every system that can act should be allowed to. High‑impact decisions in areas like healthcare, welfare eligibility, critical infrastructure and large financial transfers need clear lines where agents can propose but not execute, and where a human with domain responsibility must make the final call. Provisions around “high‑risk” systems in the EU AI Act point in this direction, but most organisations will need to go beyond the legal minimum in internal policy.
Another is system‑level observability. Metrics and logs need to be designed so humans can reconstruct chains of action across agents and tools, not just check latency and costs. The basic test is simple: when something strange happens, can you trace the path from intent to outcome without guesswork? That implies “flight recorders” for agents, evaluation frameworks that test not just outputs but sequences of decisions, and red‑team exercises that target the orchestration layer, not only individual models.
A third is AI‑specific incident response. Organisations need playbooks for AI incidents that sit alongside cyber and operational‑risk plans: how to detect problems, who to alert, how to throttle or disable agents safely, how to communicate with regulators and affected users, and how to learn from near‑misses. Forrester’s forecast that AI‑governance tooling will quadruple by 2030 is a sign that many expect incident‑driven learning to become a permanent part of the landscape.
Finally, there is the need for shared baselines between states, platforms and major users. No single actor sees the full network anymore. That is why, in parallel to national regulations, you now see calls for common evaluation regimes, shared reporting on serious failures, and minimum safety standards for widely‑used models and tools.
The value of those conversations is not in finding a single answer. It is in making the real questions unavoidable:
For WSAI’s audience, those are not abstract questions. They are the difference between agentic AI as a genuine advantage – and agentic AI as the fastest way to lose control of systems that matter.
If this is something you’re actively navigating, the conversation doesn’t stop here.
Inside the InspiredMinds! Community Hub, you’ll find deeper insights, expert perspectives, and practical discussions from the people building and deploying AI across Europe and beyond.