An AI agent with no deterministic kill switch has been deployed. The governance question is whether that deployment has any real constraints on it.

What agentic AI governance means

Agentic AI refers to AI systems that take autonomous actions in the world, rather than simply generating text for a human to review. An AI agent might browse the web to gather information, execute code to process data, manage files and documents, make purchases on behalf of a user, or send emails and messages. It can also orchestrate other AI agents, creating multi-agent systems where one AI delegates tasks to others.

This is meaningfully different from a language model that produces a draft for a human to approve. Agentic AI acts. That makes the governance question fundamentally different: who is accountable when an AI agent takes an action that causes harm?

IMDA's answer, published in the 2026 framework, is that humans are always ultimately accountable. But maintaining that accountability requires specific governance structures that most organisations have not yet built.

This is also a harder governance problem than it looks. Conventional AI governance was designed for systems that process defined inputs in controlled conditions: you validate the model, set the policy, and assume conditions at deployment will hold. Agentic systems do not work that way. They act across external services, encounter data they were never tested against, and operate in conditions that shift continuously after launch. A policy that was fit for purpose at deployment can erode within months as the systems your agents interact with change, the tasks they are given drift, or your own organisation's risk appetite shifts. Governance that only checks the system before it goes live is already late by the time something goes wrong.

The critical mechanism is what Aivance calls the Governance Firewall: when an agent hits a critical risk threshold, the system forces a Suspended Handoff State. The Suspended Handoff State is a hard stop: execution cannot clear until a designated human has explicitly ratified it. If your agentic systems do not have this mechanism, your human oversight amounts to reading logs after things have already happened.

Where agentic systems create new risk

Because AI agents take actions rather than producing text for a human to review, the risk profile is categorically different from conversational AI. Five specific vulnerabilities appear consistently in enterprise agentic deployments.

Hidden instructions in data. An agent that reads documents, emails, or web content can be manipulated by malicious instructions embedded in that content. A financial agent reading a supplier invoice could be instructed, through text in the invoice itself, to take actions outside its intended task. This is currently the fastest-growing attack vector in enterprise AI. (Technically: prompt injection.)

Agents with too much access. When an agent is given access to systems beyond what its specific task requires, the exposure extends far beyond the task itself. A customer service agent does not need access to financial records. A procurement agent does not need access to HR data. Over-permissioned agents create risk that is invisible until something goes wrong. (Technically: over-permissioned agents.)

Agents running without oversight. Business teams across many organisations are deploying AI tools with agentic capabilities independently, without informing IT, risk, or compliance. These deployments have no governance framework, no defined permission boundaries, and no audit trail. They are often the organisation's largest governance blind spot. (Technically: shadow AI.)

No defined identity or audit trail. Most organisations have mature identity and access management for human users. Very few have extended that to non-human actors. An AI agent that acts without a defined identity, defined access rights, and a complete record of its actions creates accountability gaps that are difficult to close after the fact. (Technically: identity and access management for AI agents, or IAM.)

Data leaving the organisation through integrations. When agents connect to external tools and services via APIs or integrations, sensitive organisational data can leave the organisation through poorly governed connections. The agent may share data with external services that your information security policy would never permit a human employee to share. (Technically: third-party data leakage.)

The Agentic AI Governance Readiness Assessment covers all five categories across your deployments, including deployments you may not yet have a complete picture of.

IMDA's four governance dimensions

The IMDA Model AI Governance Framework for Agentic AI v1.5 identifies four dimensions that organisations deploying agentic AI are expected to work through:

Assessing and bounding the risks upfront. Before deployment, each agentic AI system should be assessed for its risk profile: what actions can it take, across which systems, under what conditions? Risk factors including task complexity, the scope of external system interaction, multi-agent orchestration chains, and the irreversibility of potential actions all inform this assessment. The operating parameters that constrain autonomous behaviour, including what the agent may never do without human approval and what resource ceilings apply, are set from this assessment. Governance here also covers how those parameters are reviewed and updated as the agent's environment or task scope evolves after launch.

Making humans meaningfully accountable. IMDA's guidance is clear that human oversight should be meaningful rather than nominal. For agentic systems, this means defining at what decision points human review is required, what information a human sees before approving or rejecting an agent's proposed action, and how to handle situations where agents act faster than humans can review. The Suspended Handoff State (the mechanism that halts an agent and requires explicit human ratification before execution clears) is the technical implementation of that intent. Most organisations deploying AI agents do not have it.

Implementing technical controls and processes. Governance commitments for agentic AI must be technically enforced, not just documented. This dimension covers the controls that constrain agent behaviour: access permissions and API authorisations that limit which external systems an agent can reach, action logging and audit trails, anomaly detection and threshold alerting, and the enforcement mechanisms that make operating parameters binding rather than advisory. It also covers the process for human intervention when an agent behaves unexpectedly and the correction process after an incident.

Enabling end-user responsibility. Users interacting with or affected by agentic AI systems should be appropriately informed. This covers disclosure that an AI agent is acting on their behalf or affecting their experience, mechanisms for users to understand the scope of agent authority, and the ability to escalate to a human or opt out of agent-driven interactions. For enterprise deployments, this extends to employees, customers, or counterparties who are affected by agentic decisions: they should have appropriate transparency about what the agent can do and a clear path to human recourse when they need it.

What the assessment produces

Over three weeks, the assessment covers:

• A complete inventory of agentic AI deployments currently in production or in development, including third-party tools with agentic capabilities
• A gap assessment against IMDA's four-dimension framework for each deployment in scope
• A risk rating for each deployment using a traffic light format
• A prioritised remediation roadmap with recommended actions
• A board-ready summary of your agentic AI governance posture

The assessment requires approximately 15 hours of your team's time, concentrated in two structured sessions and a closing review.

Why this matters now

Agentic AI is being deployed faster than governance frameworks are being adopted. Deloitte's 2026 State of AI in the Enterprise report, surveying 3,235 senior leaders globally, found that nearly three in four companies (74%) plan to deploy agentic AI within two years. Only 21% currently have a mature governance model for autonomous agents. That gap accumulates liability with every deployment that proceeds without a deterministic oversight mechanism.

The pattern in Asia Pacific is particularly sharp. APAC is leading globally on AI adoption across multiple categories (physical AI, agentic systems, and enterprise-scale deployment) but governance frameworks have not kept pace with that adoption rate. Organisations that build the enforcement layer now will be significantly better positioned as regulatory scrutiny of autonomous AI systems increases, and as enterprise procurement teams begin requiring documented agentic AI governance as a baseline condition of doing business.

This is also a differentiated position. Telling a client, an investor, or a regulator that you have mapped your agentic AI deployments against IMDA's MGF v1.5, and that your human override mechanisms are technically enforced rather than aspirationally documented, is a specific and credible governance signal that very few organisations in Singapore can currently make.