SailPoint AI Agent Research found that 80% of organizations report that their AI agents took unintentional actions. Only 44% have formal governance policies in place. This 36 point gap is not a bug. This is currently the default operating state for most AI deployments. And the solution most teams look for first only makes things worse.
Why do AI agents contradict themselves?
Three AI agents. A customer. A week.
Your marketer sends a premium positioning email on Monday. Your sales agent follows with a discount offer on Wednesday. Your support agent triggers a winback sequence on Friday because the account has gone silent.
All three had identical customer data. All three were optimizing for their own goals. The client, a $200,000 renewal, forwarded the three emails to your VP of Sales: “Can someone tell me what’s really going on there?”
The data was perfect. THE authority was lacking.
So what does each team do next? Reinstall human review. Keep someone in the loop between every AI action and customer touchpoint. We feel responsible.
This is the most expensive non-solution available.
If a human approves every AI output before delivery, you haven’t automated the decision. You’ve automated the draft and kept the bottleneck. In two quarters, your AI has created more remedial work than it has eliminated. Your CFO funds a babysitting layer instead of a leverage layer.
When demand exceeds capacity, “review everything” quietly transforms into “review nothing.”
Why can’t shared data solve the authority problem?
The problem does not come from the agents. The problem is that no one told the officers what they had.
A CDP can tell each agent who the customer is. He cannot tell any agent what he is authorized to commit to on behalf of this client. You can have pristine, unified data while still getting conflicting promises. The stack needs a decision layer that governs what an agent is allowed to do with the data it sees.
THE modular canvas frame correctly identifies “control data” as the core layer of the modern martech stack: policies, permissions, guardrails. The architecture is correct. What it doesn’t answer is who has the authority to act within these safeguards and under exactly what conditions.
Until these decision rights are explicit and machine-readable, control data constitutes context, not authority.
Federal guidance on trustworthy AI comes to the same place. Guardrails must be tested, justifications must be traceable, and human oversight must be reserved for boundary conditions rather than each outcome. Shared data can inform an agent. He can’t authorize one.
What does delegated authority actually require?
Delegated authority means coding three categories of rules for each decision an agent can make using the tool POP frame:
- Permissions define what the agent can do autonomously and under what conditions.
- Bonds define what it should always do whenever certain triggers occur.
- Prohibitions define what it should never do, regardless of optimization pressure.
These rules cannot be included in a policy document. An agent doesn’t read your compliance manual. They must live in an application layer that executes before an action reaches a client. The agent queries the layer. The layer returns a pass, flag, or hard stop. Each decision automatically generates a record.
Think of it as your company’s checkout API.
When this layer exists, the three-agent scenario plays out differently. Marketing sends the positioning email. Sales queries the authority layer before discounting, finds an indicator that the account is under active renewal, and routes it to a human instead of returning it. Support sees the escalation flag and maintains the recapture sequence.
Customer interaction. Coordinated. Consistent.
There is a subtlety that escapes most conversations about governance. Even when authority is defined, if different agents interpret the same term differently, you still get inconsistent results. If marketing interprets a “high-value customer” as a $100,000 lifetime spend and support interprets it as a $50,000 active contract, authority drifts across contexts. Consistency of interpretation is a structural requirement of the application level itself.
What happens when the authority layer doesn’t exist?
If your AI agents are optimized but uncoordinated, the problem is not in the data layer. This is the authority layer.
Define what each agent has, what requires escalation, and what requires a hard stop. Encode it. Apply it. Until this layer exists, you are not running a governed AI stack. You use a very fast improvisation engine with premium branding.
The application layer that drives this change is Decision architecture. But a portal without an underlying structure is just a wall. Delegated authority acts as a “wireframe,” providing technology and business leaders with a common language to define AI requirements without going into detail. It guarantees the liability of the manufacturer and transforms AI from a black box into a glass box.
This invisible cost has a name. But first, there’s a data problem lurking underneath.
