The Agentic Shift: When Agents Act, Who Can Stop Them?

Enterprises are accelerating autonomy, but most have not engineered the circuit breaker: authority, promises, and evidence.

Hi, welcome to the Trusted Agents Situation Room. As AI systems move from assisting to acting, most enterprises are scaling decision capacity faster than they are engineering override authority, contractual duties, and audit-grade evidence.

We help risk, compliance, and governance leaders see where agentic systems will surface hidden weaknesses in data, process, and policy, and what controls need to be built before those systems scale. Because by the time this becomes obvious, it will already be late.

In 20 seconds

This week’s shift: agentic systems are no longer “helping.” They are coordinating actions that change outcomes. The governance gap is not whether the agent can do the task; it’s whether your organisation can (1) stop it at speed, (2) prove what it was authorised to do, and (3) show an evidence trail when something goes wrong.

What happened

AI-enabled decision systems are now coordinating decisions faster than most executive teams are redesigning who actually has the authority to stop them.

Why it matters

Accountability stays attached to named people, but agentic systems compress the time between signal and action, which means your intervention window shrinks unless it is engineered into the architecture.

The decision it forces

You need an explicit posture for the next 12 months: block agents in high-risk workflows, allow them only through controlled endpoints, build first-party agents with strict guardrails, or prepare for agent-to-agent operations where delegation limits and evidence trails are non-negotiable.

​
​

What we’re tracking this week

• ​When Scale Outruns Authority by Dr Joanna Michalska. Authority design is lagging decision capacity. If your organisation is accelerating decisions through agents without redesigning who can intervene and how fast, you’re building speed without brakes.
• ​Observable Contractual Loyalty by Daniel "Dazza" Greenwood, Commissioned by: Stanford Loyal Agents Initiative. “Loyalty” is becoming an evaluation problem, not a marketing claim. This draft framework shows how to turn fuzzy trust language into explicit duties, scoped authorisations, and tests you can actually run.
• ​Assessing Claude Mythos Preview’s cybersecurity capabilities from Anthropic Security. Capability is rising fast enough that “nothing bad has happened yet” is not a strategy. Mythos is a useful glimpse of how quickly agentic tooling can compress both attack and defence cycles, and why governance has to assume speed.
• ​How to scale AI with integrity and trust? by Jackson Pek, Chief Corporate & Legal Affairs Officer - Amadeus. Governance at scale means operationalising evidence capture, not writing more policy. Amadeus lays out how they’re aligning to the EU AI Act and scaling Responsible AI through standardised workflows that help teams produce consistent compliance evidence as use cases multiply.

Do you want Situation Room updates delivered to your inbox?

The circuit breaker problem

Most agent programs start with capability. Risk teams should start with control.

Joanna’s point is simple and brutal: decision capacity is accelerating, but authority to intervene is not. If your operating model quietly assumes “a human will catch it,” you have already lost the argument. The system will move faster than the human, and accountability will still land on the human.

​Promise theory gives a useful way to make this concrete. In promise theory, an agent is anything that can act, and the system is the network of promises those agents make and keep. An enterprise becomes governable when those promises are explicit, limited in scope, and observable. When promises are vague, or hidden in people’s heads, the system is held together by human restraint and human patching. That does not survive agent speed.

This is where Loyal Agent Evals is particularly helpful for risk and compliance leaders. Greenwood’s point is not “trust the model.” It’s: contract for the behaviour you need, then evaluate it. The report argues that most frontier-model consumer terms allocate reliance and liability risk to users and generally do not assume fiduciary or agency duties, while adjacent SaaS markets (legal-tech especially) often do contract for limited agency and confidentiality-bound intermediary status, which matters for privilege-sensitive workflows.

The practical pattern is deployable this year:

• Publish explicit duties (a CONTRACT.md analogue)
• Publish user authorisation preferences (an AUTH_PREFS.md analogue)
• Architect gates that enforce those duties (not “policy around the system”)
• Run public evaluations and keep the evidence.

If you are accountable for governance, your “circuit breaker” is not a committee. It is a designed set of promises, permissions, and proof.

Mythos is a capability accelerant for both attackers and defenders

​Anthropic’s Mythos Preview write-up is, at minimum, a reminder that security capability is moving quickly, and that frontier models can materially shift the cost and speed of cybersecurity work. Whether you read it as a defensive opportunity or an offensive risk, the governance implication is the same: your control model cannot assume slow adversaries or slow mistakes.

OWASP is the checklist, not the strategy

​OWASP’s State of Agentic AI Security and Governance is useful because it names the threat surface in plain terms: memory poisoning, tool misuse, prompt injection, insider amplification, and the need for runtime monitoring and fine-grained access control. It is the “what to instrument” companion to the Loyal Agent Evals “what to contract and test” approach.

Questions to Ask your Peers

If you’re the person expected to “sign off” on an agentic pilot, these are the questions that cut through theatre:

• Where does this process only work because people quietly patch the gaps?
• Which decisions rely on judgment that lives in someone’s head rather than in the system?
• If an agent pushed this workflow to the edge of the rules, what would happen to the customer, the business, and the data?
• Who can stop the system, and how fast? What is the escalation path at 2am?
• What are the agent’s explicit duties in this workflow (loyalty, confidentiality, disclosure, confirmation), and where are they written down?
• What evidence will we have if a regulator asks “why did it do that”?

Where Trusted Agents comes in

When Trusted Agents works with clients, those are exactly the questions we put on the table. We put your processes, customer experience, data, and governance on the spot, then build the execution plan needed to address them.

If you want to push on agentic AI without losing control of what matters, start here and book a 30 minute conversation with us.

Read more

• LinkedIn. “When Scale Outruns Authority.” Dr Joanna Michalska. Feb 24, 2026. {}
• McKinsey & Company. “Trust in the age of agents.” Rich Isenberg; Lucia Rahilly. March 5, 2026. {}
• Anthropic (Red Team). “Assessing Claude Mythos Preview’s cybersecurity capabilities.” Nicholas Carlini et al. April 7, 2026.
• OWASP Gen AI Security Project. “State of Agentic AI Security and Governance 1.0.” OWASPGenAIProject Editor. August 5, 2025.
• Stanford Loyal Agents Initiative. “Loyal Agent Evals: A Legal Evaluation Framework for AI Agents (Observable Contractual Loyalty) (v0.7).” Daniel “Dazza” Greenwood. April 21, 2026.
• Amadeus Blog. “How to scale AI with integrity and trust?” Jackson Pek. April 21, 2026.
• Trusted Agents Blog. “Situation Room Provocation: What the Octopus Teaches Us About Agentic AI.” Trusted Agents Ltd.
• YouTube. “2. Preliminaries – Promise Theory Basics.” Promise Theory and Applications (channel)
• Arxiv: Cooperation in Human and Machine Agents: Promise Theory Considerations by Mark Burgess

​The Trusted Agents Ltd.​
​Unsubscribe · Preferences​