Governing AI Agents: Lessons from Corporate Governance

The discourse around AI agent governance often treats it as an entirely new problem — unprecedented, requiring novel frameworks built from first principles. This framing is understandable but misleading. Organisations have governed autonomous actors for centuries. Every employee, contractor, subsidiary, and partner operates with delegated authority within institutional constraints. The patterns are well-established.

Delegation of authority. A regional manager can approve expenses up to $50,000 but must escalate above that threshold. A junior developer can merge code to staging but not to production. A customer service representative can issue refunds up to $200 but must involve a supervisor for larger amounts. These are governance structures, and they work.

The question is not "how do we invent governance for AI agents?" but "how do we apply governance patterns we already understand to a new category of actor?" The answer involves translating institutional structures — which currently exist as policies, cultural norms, and management hierarchies — into machine-readable infrastructure that agents can interact with at execution speed.

In corporate governance, delegation of authority is the foundational mechanism. No one in an organisation has unlimited authority. Authority flows from the board to the CEO, from the CEO to executives, from executives to managers, from managers to individual contributors. At each level, the scope of authority is defined — what decisions can be made, what resources can be committed, what actions can be taken without further approval.

This pattern maps directly to AI agents. An agent should not have undefined authority. It should have an **explicit scope**: what actions it can take, what resources it can commit, what domains it can affect. The scope should be expressed as machine-readable constraints, not natural language instructions that the agent interprets.

The critical difference from human delegation is **enforcement**. When a human employee exceeds their authority, the violation is usually caught after the fact — through expense reports, code reviews, or customer complaints. With AI agents, we have the opportunity to enforce delegation **before the action executes**. The governance gate pattern makes this possible: the agent's action is intercepted, checked against its delegated authority, and permitted or denied in real time.

This is actually an improvement over human governance. We cannot pre-screen every action a human employee takes. We can pre-screen every action an AI agent takes. The infrastructure cost is non-trivial, but the governance improvement is profound.

Every organisation has escalation chains — structured pathways for routing decisions that exceed an actor's authority to someone who can make them. A frontline employee escalates to a manager. A manager escalates to a director. A director escalates to a VP. The chain is well-defined and understood.

AI agents need identical infrastructure. When an agent encounters an action that exceeds its delegated authority — a spending decision above its limit, a deployment to a system outside its scope, a customer interaction that requires judgment beyond its training — it must escalate. But escalation requires three things that most agent deployments lack.

First, **the agent must know its boundaries**. If the agent does not have explicit constraints, it cannot know when it has exceeded them. This is why natural language instructions fail: they are ambiguous at the boundary. "Be careful with large purchases" is not a constraint. "$5,000 spending limit per transaction" is.

Second, **the escalation path must be defined**. When the agent escalates, who receives it? How quickly must they respond? What happens if they do not respond within the SLA? These are questions that corporate governance answers routinely for human actors but rarely for AI agents.

Third, **the escalation must include context**. A human escalation usually includes a conversation — "here is what happened, here is what I think we should do, here is why I cannot decide this myself." Agent escalations must include equivalent context: the attempted action, the constraint that triggered the escalation, the agent's assessment, and the relevant governance trace.

New employees start with limited authority. They earn more as they demonstrate competence. A new financial analyst cannot approve million-dollar trades on day one. A new surgeon does not perform unsupervised operations during their first week. Trust is earned incrementally through demonstrated performance within existing constraints.

This is **progressive trust**, and it is the most natural governance pattern we have. Yet most AI agent deployments ignore it entirely. Agents are deployed with a fixed set of permissions that never change — either overly restrictive (requiring human approval for everything, defeating the purpose of agents) or overly permissive (granting full autonomy from day one, creating risk).

Progressive trust for AI agents means starting with tight constraints and relaxing them based on demonstrated performance. An agent that has successfully handled 500 customer inquiries without escalation might earn authority to handle a broader set of issues. An agent that has deployed 200 low-risk changes without incident might earn authority to deploy medium-risk changes. The progression is tracked, evaluated, and governed — not assumed.

The implementation requires **governance traces** — records of every action the agent has taken, every constraint it has operated within, and every outcome. These traces are the agent's track record, analogous to an employee's performance history. Without them, progressive trust is impossible because there is no evidence base for expanding authority.

Corporate governance demands accountability through audit trails. Every significant decision — financial transactions, contractual commitments, regulatory filings — must be recorded, attributable, and reviewable. The audit trail is not optional; it is a legal and institutional requirement.

AI agents operating within institutions inherit this requirement, but most deployments fail to meet it. Agent actions are logged in application logs that are designed for debugging, not governance. The logs might tell you what the agent did, but not **under whose authority, against which constraints, with what delegation, and whether the action was within scope**.

A governance-grade audit trail for AI agents — what Constellation calls a **governance trace** — records not just the action but the complete governance context. Which constraints were evaluated. Which passed and which failed. What the agent's current trust level was. Whether any escalations were triggered. What the outcome was. This trace is the foundation of institutional accountability for agent actions.

The value of governance traces extends beyond compliance. They enable **forensic governance** — the ability to reconstruct exactly why an agent took a specific action, which is essential when things go wrong. They also enable **governance improvement** — analysing patterns in constraint failures and escalations to refine the governance framework over time.

Organisations that treat agent logging as a debugging concern are accumulating governance debt. The absence of governance-grade audit trails means that when a regulator, auditor, or board member asks "why did your AI do that?", the honest answer is "we are not sure, but the application logs suggest..."

Perhaps the most underappreciated lesson from corporate governance is **contestation** — the right of affected parties to challenge decisions through a structured process. Employees can appeal performance reviews. Shareholders can challenge board decisions. Citizens can contest government actions through judicial review. Contestation is what separates governance from mere control.

Almost no AI agent governance framework includes contestation. Actions are taken, and if someone disagrees, they raise the issue informally — in Slack, in a meeting, in an email. There is no structured mechanism for challenging agent decisions, no defined process for evaluating challenges, and no binding outcome.

This matters because governance without contestation is authoritarianism. If an AI agent takes an action that affects your work, your team, or your customers, and you have no formal mechanism to challenge that action, then the agent is not governed — it is merely controlled by whoever configured it. The affected parties have no voice.

A complete agent governance framework includes a **forum** — a structured mechanism where anyone affected by an agent's decision can submit a challenge, provide evidence, and receive a ruling. The challenge is evaluated against institutional principles, not the challenger's preferences. The ruling is binding and may result in constraint changes, policy updates, or remediation. This is how corporate governance works for human actors. AI agents deserve no less.