Gartner put out a prediction this week: by 2027, 40 percent of enterprises will pull back or shut down AI agents they've deployed, because of governance gaps that only showed up once the agents were live.
The headline reads as a warning. The more useful read is that these failures are predictable. And predictable failures are preventable.
The mistake isn't deploying agents. It's applying one set of rules to all of them. An agent that summarises documents needs different guardrails from one that can change records or move money. Treat them the same and you either lock down the simple ones until they're useless, or let the powerful ones loose without enough oversight.
So before you let an agent run, a few things worth deciding:
What can it actually touch? Can it only read, or can it act? Read-only is low risk. The moment an agent can change something, the stakes jump.
Whose permissions does it borrow? By default an agent often runs on its developer's access, usually more than the task needs. The safer setting is the narrowest one that still lets it work.
Who can stop it, and how fast? When it acts on bad input or exceeds its brief, what stops it, how fast, and who's authorised to make that call.
What gets written down? A record of what the agent did and why, so that when something looks off, you can actually trace it.
None of this is about slowing down. It's the opposite. The teams that decide these things up front are the ones who get to deploy more agents, with more confidence, faster. The governance is what makes the speed safe.
Governance is one of the five dimensions the diagnostic covers, alongside Mandate, Process, People, and Infrastructure.
Source: Gartner, May 2026