Agentic AI governance needs runtime controls | RECATOOLS — Practical Tools. Trusted Intelligence.

Dramatic night view of Marina Bay Sands, Singapore, with glowing cityscape and reflection. Photo by Soulful Pizza on Pexels

AI & ML · 6 Jun 2026 —

AI agents are moving faster than the governance systems meant to control them. A 4 June 2026 TechRadar Pro opinion piece captured the issue bluntly: AI governance exists on paper, but enforcement often does not.

That is the right problem statement for this phase of enterprise AI. The conversation should no longer be limited to whether companies have an AI policy, an ethics statement or a responsible-use guideline. The strategic question is whether those principles are enforceable when an AI agent is actually making decisions, calling tools, touching data and initiating workflows.

The governance gap is becoming operational risk

Deloitte’s research on agentic AI provides the harder context. Its survey of 3,235 IT and business leaders across 24 countries found that only 21% of respondents said their organisations had a mature governance model in place for agentic AI. Deloitte also said approximately 80% of surveyed organisations lacked mature governance capabilities for agentic AI.

At the same time, adoption is accelerating. Deloitte reported that 74% of respondents expect their companies to be using AI agents at least moderately by 2027. TechRadar Pro’s current analysis makes the same strategic point: enterprises moved quickly on AI agents, while governance did not.

That gap should concern boards and management teams because agentic AI is not just another productivity feature. An AI agent is different from a chatbot because it can act. It can retrieve information, trigger workflows, use tools, make recommendations and, in some architectures, complete tasks with limited human intervention.

When the system can act, governance must also become active.

Policy is necessary, but not sufficient

Most enterprises already know how to write governance documents. They can define acceptable use, list prohibited data, appoint owners, and publish broad principles such as transparency, accountability and fairness.

Those documents matter. But for agentic AI, policy is only the starting point.

The real control layer needs to answer operational questions. What identity does the agent use? What systems can it access? What data can it retrieve? What actions can it take without approval? What actions require a human checkpoint? What happens when the agent fails, loops, hallucinates, leaks information or acts outside its intended role?

Deloitte identifies several governance capabilities that are directly relevant here, including clear agent boundaries, real-time monitoring systems and audit trails that capture the full chain of agent actions.

These are not abstract governance concepts. They are implementation requirements.

Treat AI agents as identities

One useful way to think about agent governance is identity.

In enterprise cybersecurity, human users, service accounts and applications are assigned roles, access limits and monitoring rules. AI agents should be treated with the same seriousness. If an agent can read data, query systems or trigger actions, then it needs a defined identity, scoped permissions and a reviewable activity trail.

This is where many AI pilots become dangerous. A team may connect an agent to internal data, SaaS tools or workflow automation without applying the same identity and access discipline used for employees or applications.

That creates blind spots. If an agent retrieves sensitive information, sends an incorrect instruction, modifies a record or triggers an external workflow, the organisation needs to know which agent did it, under what instruction, using which permission, and whether a human approved the action.

Without that, accountability becomes theatre.

Singapore’s framework points in the right direction

Singapore’s Infocomm Media Development Authority updated its Model AI Governance Framework for Agentic AI on 20 May 2026. IMDA said the framework provides guidance to organisations on responsible deployment of agents, recommending technical and non-technical measures to mitigate risks while emphasising that humans are ultimately accountable.

That last point is critical. Agentic AI may automate parts of work, but accountability cannot be delegated to the model. The enterprise remains responsible for the system it deploys, the permissions it grants and the outcomes it allows.

IMDA also said the updated framework includes real-world case studies and new best practices to help organisations operationalise the recommendations. This is the right direction for ASEAN enterprises because the region does not need more high-level AI slogans. It needs practical playbooks that help companies deploy AI safely while still innovating.

Singapore’s approach is described by IMDA as practical and balanced: guardrails are put in place while space for innovation remains. That is the balance businesses should aim for. Over-control will slow adoption. Under-control will turn AI pilots into operational and reputational risk.

What ASEAN enterprises should do next

For ASEAN organisations, the practical next step is to move agentic AI governance into the same discipline as cybersecurity, data protection and enterprise architecture.

That means starting with an inventory. Which agents exist? Which teams built them? Which models do they use? Which data sources and tools are connected? Are they internal-only, customer-facing or partner-facing? Are they making recommendations, taking actions, or both?

The second step is control mapping. Each agent should have a defined purpose, owner, access scope, approval threshold, monitoring process and audit trail. If the agent touches regulated data, customer information, payments, HR records, legal documents or security systems, the control bar should be higher.

The third step is runtime monitoring. A policy that says an agent should not access certain information is weak unless the system can detect, block or escalate that behaviour. The same applies to tool use, prompt injection, unusual action patterns and attempted access outside the agent’s intended role.

The final step is human accountability. Human-in-the-loop should not be a decorative checkbox. It should be applied where the action is irreversible, high-value, regulated, customer-impacting or reputationally sensitive.

Sources & cross-checks

Primary: Deloitte Insights, “Agentic AI is scaling faster than guardrails,” 24 April 2026 — https://www.deloitte.com/us/en/insights/topics/emerging-technologies/ai-agents-scaling-faster.html
Corroborated: TechRadar Pro, “A live operational risk: Why AI agents are outrunning your security,” 4 June 2026 — https://www.techradar.com/pro/a-live-operational-risk-why-ai-agents-are-outrunning-your-security
Verified: Cross-checked Singapore’s updated Model AI Governance Framework for Agentic AI, publication date, accountability language, case-study update and practical-guardrails framing against IMDA’s factsheet and press release — https://www.imda.gov.sg/resources/press-releases-factsheets-and-speeches/factsheets/2026/updated-model-ai-governance-framework-for-agentic-ai

Tags: #Singapore #Enterprise-AI #Agentic-AI #AI-Governance #digital-trust

Jeffrey Tan

Founder & Architect, RECATOOLS · Singapore

Jeffrey Tan is the Founder & Architect of RECATOOLS, a Singapore-based technology initiative focused on free tools, AI-curated news, cybersecurity intelligence, and ASEAN-ready digital utilities.

View author profile → · Editorial policy