81% of companies plan to expand AI agents into more complex use cases this year. The technology supports it. The organizational infrastructure, in most cases, hasn’t caught up yet.
The numbers tell a clear story. Deloitte’s 2026 State of AI in the Enterprise report surveyed 3,235 business and IT leaders across 24 countries. Nearly three-quarters of organizations plan to deploy agentic AI within two years. But only 21% report having a mature model for governing those agents.
That’s a 53-point spread between ambition and readiness.
What changed
When the tool was a chatbot, the failure mode was manageable. A wrong answer was an inconvenience. Someone noticed it, corrected it, moved on. The blast radius was small because the tool’s authority was small. It could suggest. It couldn’t act.
Agents change that equation. An agent executes across systems, across departments, sometimes across vendors. It doesn’t wait for a human to review its output before taking the next step. A flawed process doesn’t just produce a bad recommendation. It acts on it, then acts on the consequences of that action, compounding the error with each step.
Governance designed for chatbots doesn’t transfer to agents. Reviewing outputs after the fact works when the tool is advisory. It fails when the tool has execution authority.
The investment-readiness mismatch
The investment side is accelerating. Venture capital funding in agentic AI increased 265% between Q4 2024 and Q1 2025, according to HBR. Companies are customizing agents to fit their specific business needs, with 85% planning to do so, per Deloitte.
The readiness side isn’t keeping pace. EY’s 2026 Technology Pulse found that 78% of technology leaders admit AI adoption is outpacing their risk management capabilities. More than half of department-level AI initiatives are running without formal approval from anyone outside the team that launched them.
This isn’t unique to agents. Every major technology wave follows a similar pattern: invest in the capability first, figure out oversight second. Cloud computing, mobile enterprise apps, and IoT deployments all went through versions of this cycle. The difference with agents is the speed of the cycle and the scope of what they can do before anyone intervenes.
Some organizations are already adapting. Companies running smaller agent deployments (internal workflow bots, supply-chain monitors, customer routing systems) are building governance muscle in real time, learning from failures on contained use cases before scaling. That’s the healthy version of the pattern. The risk is in the gap between those early learners and the majority that haven’t started.
Deloitte’s numbers put it in proportion: 35% of organizations have no formal agentic AI strategy at all. Another 42% are still developing their roadmap. Only 25% have moved more than 40% of their AI pilots into production.
What governance actually means here
Governance in this context isn’t a compliance exercise or a policy document reviewed once a quarter. It’s a practical question: can your organization pause, audit, or override an agent mid-execution?
NIST recognized this gap in early 2026 when it launched its AI Agent Standards Initiative, the first federal effort specifically targeting agent governance. The initiative focuses on human supervision mechanisms, escalation protocols, access controls, and accountability structures for agents in production environments. For organizations planning agent deployments over the next 12-18 months, this matters: the standards you’ll eventually need to meet are being written right now, and building toward them early is cheaper than retrofitting later.
The working model emerging from Deloitte’s research is graduated autonomy. Start with agents that augment human decisions. Move to agents that automate tasks within human-defined processes. Reach full autonomy only after building what they call “agent supervisors” at critical decision points.
In practice, that looks like an agent that processes invoices autonomously up to a set threshold, but routes anything above it to a human reviewer before executing payment. The supervisor isn’t checking every action. It’s positioned at the decision point where the stakes change.
Gartner predicts over 40% of agentic AI projects will be canceled by the end of 2027. The real picture is probably more nuanced. Some of those cancellations will be governance failures. Many will be the normal attrition of enterprise pilots: integration friction, unclear ROI, shifting budgets. But even partial cancellation rates at that scale point to a coordination problem. Organizations that didn’t define who owns the agent’s decisions, who monitors its behavior, or who has the authority to shut it down will lose more time and money than those who sorted it out early.
The practical test
Scaling AI agents is the right call for companies with clear use cases and strong data infrastructure. History suggests the market will self-correct. The first major public incident involving an autonomous agent will accelerate governance adoption across the industry, just as major breaches did for cybersecurity budgets. The question is whether your organization builds that muscle before or after that moment.
Before your next agent deployment, ask one question: who in your organization has the authority to stop an agent mid-execution, and can they do it in under 60 seconds?
Related: Your Board Is Asking About AI. What Does Your Report Actually Say? covers the reporting side of the same governance gap: boards approving AI budgets they can’t evaluate.