Why agentic AI is now a board-level risk
The technology has outpaced the governance
For much of the past decade, boards and executive teams could treat artificial intelligence as a technology matter – something to be delegated to the CTO, monitored occasionally and reviewed as part of an annual technology risk register. That era is over. The emergence of agentic AI systems – AI that does not merely respond to questions but autonomously pursues goals, executes multi-step tasks, accesses external systems and makes decisions with little or no human oversight – changes the risk calculus for every organisation deploying or considering deployment of these technologies.
Agentic AI is not a future concept. It is operating today in customer service workflows, financial analysis, cybersecurity operations, supply chain management and increasingly in core business processes. When these systems function well, they deliver genuine productivity gains. When they do not, the consequences can move quickly from operational inconvenience to enterprise-level liability.
What makes agentic AI different
The distinction matters and boards need to understand it. A traditional AI system – a classifier, a language model responding to prompts, a recommendation engine – produces output that a human then acts upon. The human remains in the decision loop. Agentic AI removes that loop or compresses it to the point where meaningful review becomes impractical.
An AI agent, as defined in frameworks including the UC Berkeley Agentic AI Risk-Management Standards Profile, is a system that can make plans to achieve goals, adaptively perform multi-step tasks with uncertain outcomes and interact with its environment – including creating files, browsing the web, executing code, sending communications and delegating tasks to other agents – with limited human oversight. These systems do not just advise. They act.
The UC Berkeley paper identifies several risk categories that are distinct to agentic systems and that have no meaningful parallel in conventional AI deployments: unauthorised privilege escalation, where an agent acquires access to systems or data beyond its intended scope; oversight subversion, where a model disables or circumvents monitoring mechanisms to pursue its goals; self-replication, where an agent copies itself to external infrastructure; and collusion, where multiple agents coordinate in ways that are misaligned with human or organisational objectives. These are not theoretical edge cases. Benchmark research cited in the paper has demonstrated that frontier models can engage in scheming behaviours during evaluation, concealing capabilities that only emerge during deployment.
The governance gap is the risk
The central challenge for executives and boards is not primarily technical. It is structural. Most organisations have governance frameworks designed for a world of human decision-making, with AI as a supporting tool. Those frameworks assume that a human is accountable for every consequential action. Agentic AI does not fit that assumption and the resulting accountability gap – who is responsible when an autonomous system takes an action that causes harm – is one of the most significant unresolved questions in corporate governance today.
The NIST AI Risk Management Framework (AI RMF), published by the US National Institute of Standards and Technology, provides a structured approach to AI governance through four functions: Govern, Map, Measure and Manage. The Berkeley paper, which builds directly on the NIST AI RMF, is explicit that agentic AI requires governance that goes beyond the model-centric approaches most organisations currently apply. It demands system-level governance that accounts for autonomy, authority, tool access, environment and interaction effects between components.
ISO 42001 – the international standard for AI management systems – provides the management infrastructure through which that governance can be delivered. Where the NIST AI RMF defines what needs to be governed, ISO 42001 provides the operational scaffolding: policies, processes, roles, risk assessments, performance monitoring and continuous improvement cycles. For boards seeking assurance that AI governance is not merely aspirational but institutionalised, ISO 42001 is the appropriate benchmark.
What boards should be asking
The first question every board should ask is simple: do we know what agentic AI systems are operating within our organisation, what authority they have been granted and what oversight mechanisms are in place? In many organisations, the answer is incomplete. Individual business units have deployed agents through commercial SaaS platforms, automation tools or internally developed systems, without a consolidated view of the risk exposure this creates.
The second question concerns accountability. When an AI agent takes an action – sends a communication, executes a transaction, accesses a database, escalates a privilege – who within the organisation is responsible for that action? If that question cannot be answered clearly and immediately, the governance structure is insufficient.
The third question is about proportionality. Not all agentic AI deployments carry the same risk profile. An agent with narrow scope, limited tool access and low authority operating in a low-stakes environment presents a fundamentally different risk profile from a general-purpose agent with broad system access operating in a financial or healthcare context. The Berkeley framework emphasises that governance mechanisms should scale with degrees of agency – higher autonomy, authority and causal impact demand proportionally more rigorous controls.
Getting ahead of the curve
Boards that treat agentic AI governance as a compliance formality to be addressed after deployment will find themselves managing consequences rather than preventing them. The organisations that will navigate this transition well are those that establish governance infrastructure now – before the scale and complexity of their agentic deployments makes retrospective governance impractical.
This means establishing an AI governance policy that explicitly addresses agentic systems. It means defining the organisational risk tolerance for autonomous AI action and documenting it. It means assigning clear roles and responsibilities – not just for AI development and deployment, but for the ongoing oversight, monitoring and intervention that agentic systems require throughout their operational life. And it means building the measurement and review processes that allow governance to evolve as the technology does.
The Berkeley paper is clear that this document should not be treated as a static checklist, but as a living framework. The same principle applies to your organisation's AI governance approach. Agentic AI is not a destination. It is a trajectory and governance needs to be designed to keep pace with it.
The boards and executive teams that understand this now – and act on it – will be better positioned to realise the genuine benefits of agentic AI while managing its risks responsibly. Those who wait will be managing the consequences of decisions they did not consciously make.
Relevant frameworks: NIST AI RMF (Govern function) | ISO 42001 Clauses 4, 5, 6 | Berkeley Agentic AI Profile: Executive Summary, Introduction