GuideGovernance

The risk isn’t the model. It’s that no one governs the agents.

For a CTO the front line has moved: not which model to pick, but who uses what, with which data, with which permissions, and what the agents you shipped to production actually do. You don’t discover governance when you design. You discover it after the incident. Here are the 15 controls that move it earlier.

Raffaele Zarrelli·Founder, Yempik·June 29, 2026·9 min read
97%[1]
of companies hit by an AI breach had no basic access controls
63%[1]
have no AI governance policy
40%+[3]
of agentic AI projects canceled by 2027
In summary
  • The risk isn’t which model you pick: it’s that no one knows who uses what, with which data and which permissions.
  • You don’t discover governance when you design. You discover it after the incident, which is the most expensive moment.
  • For agents in production three controls matter: least-privilege access, human-in-the-loop, an inspectable audit trail.
  • Banning AI isn’t governance: you only push it into the shadows. Governing is channeling.
  • The 15 controls, across 6 domains, tell you in two minutes how exposed you are.
The problem

Three questions you can’t answer precisely

Try to answer, right now. How many different AIs are touching your company’s data? Who uses them, from which accounts, with which permissions? If the answer isn’t precise, you don’t have a model problem. You have a governance problem.

This isn’t theory. 97% of companies hit by an AI-related breach didn’t even have basic access controls[1], and 63% have no AI governance policy, or are still “writing” one.[1] Meanwhile nearly 3 in 4 accounts used for AI at work are personal, outside any company control.[2]

You don’t discover AI governance when you design. You discover it after the incident.

Why, for a CTO

The front line moved from the model to control

With AI, writing code and moving data is no longer the bottleneck. Control is. An agent in production doesn’t just answer: it reads, decides, acts. And if no one has decided what it can read, what it can do, and who approves, its autonomy becomes your risk surface.

It’s why Gartner expects over 40% of agentic AI projects to be canceled by 2027, partly due to inadequate risk controls.[3] Not because the models are weak (95% of generative AI pilots deliver no measurable return anyway[4]): because governance arrives later, once the incident has already found it.

The checklist

How exposed you are, right now

Check the controls you already have in production. The ones left empty are where an incident gets in. At the end you download the PDF, without leaving an email, and run it past the team.

Tool · CTO checklist

AI in production: the 15 controls

Check the controls you already have in production. The ones left empty are where an incident gets in. No login: download the PDF and run it past the team.

0/15 controls covered15 open gaps
01Visibility and inventory· you know who uses what

You can’t govern what you can’t see. Nearly 3 in 4 accounts used for AI at work are personal, outside any company control (Cyberhaven).

02Data and boundaries· what can touch which model

Source code is among the sensitive data that most often ends up inside an AI. It’s exactly what happened at Samsung.

03Agent access and identity· least privilege

97% of companies hit by an AI-related breach didn’t even have basic access controls (IBM, 2025).

04Human-in-the-loop· the human at the right point

If reviewing costs as much as redoing, approval becomes an automatic stamp. Show the human what the agent was reacting to, not just what it produced.

05Audit trail and observability· reconstruct what and why

With no trail, you learn about the incident from your customers. Late and expensive: shadow AI adds an average of $670,000 to a breach (IBM, 2025).

06Quality and ownership· before production, and who answers for it

Over 40% of agentic AI projects will be canceled by 2027, partly due to inadequate risk controls (Gartner).

Seriously at risk15 open gaps

You’re shipping AI to production blindfolded. Stop and cover the basics before adding more agents.

On the regulatory side: from 2 August 2026 the EU AI Act’s transparency obligations apply, while those for high-risk systems are postponed to 2 December 2027 (Digital Omnibus).[5] But most of these controls are worth it regardless of the law.

What to do Monday

Three moves that cover most of the risk

You don’t need a compliance program to start. Three steps, in this order, remove the largest share of the exposed surface.

  • Inventory and identity: list the AIs in use and the agents, and give each its own identity with minimal permissions. No shared admin-human keys.
  • Data boundaries: a written rule on what can go into an LLM, with sensitive data (customers, code, secrets) blocked before it leaves.
  • Human-in-the-loop where it counts: separate what the agent can read from what it can do; irreversible actions go through a human approval that’s reviewable at a glance.

Banning AI for your employees is the dumbest move: you only push it into the shadows. Governing is channeling.

Want these controls already built into your agent?

On a call we map your agents onto the 6 domains and tell you where you’re exposed. We take agents from demo to production, with governance already inside.

Book a call
FAQ

The questions we get asked most

What’s the difference between AI governance and agent governance?

AI governance is about how people use the tools (shadow AI, which data, which accounts, the policies). Agent governance is about systems that act autonomously in production: what they can read and do, who approves actions, how you reconstruct what they did and why. For a CTO the new risk is mostly the second one, because an agent doesn’t just answer: it acts.

Should I ban AI tools for the team?

No. It’s the most counterproductive move: you push usage into the shadows and lose all visibility. Governance isn’t there to forbid, it’s there to channel: approved tools, clear rules, an official channel, and company accounts instead of personal ones. That way usage comes out of the shadows and becomes governable.

Does the EU AI Act actually require all of this?

Partly. From 2 August 2026 transparency obligations apply (telling users when they’re interacting with an AI); obligations for high-risk systems were postponed to 2 December 2027 with the Digital Omnibus. But most of the checklist controls are worth it regardless of the law: they reduce operational risk, not just regulatory risk.

Where does a CTO with little time start?

With the three highest-impact controls: a minimal-permission identity for each agent, a written boundary on which data can go into an LLM, and human approval on irreversible actions. They cover the largest share of the risk surface. You close the rest of the checklist over the following weeks.

Transparency note

I wrote this article myself. The analysis and the field experience are mine and Yempik’s. For editing and layout I had Claude help. The numbers have a source, cited at the end: the substance is mine, the tool is disclosed.

Transparency

Sources

  1. [1]IBM, “Cost of a Data Breach 2025”: 97% of AI breaches with no access controls, 63% with no governance policy, +$670,000 with shadow AI. www.ibm.com
  2. [2]Cyberhaven: most AI use at work runs through personal accounts; source code is among the most exposed sensitive data. www.cyberhaven.com
  3. [3]Gartner: over 40% of agentic AI projects will be canceled by end of 2027, partly due to inadequate risk controls. www.gartner.com
  4. [4]MIT NANDA, “The GenAI Divide: State of AI in Business 2025”: 95% of generative AI pilots with no measurable return. fortune.com
  5. [5]EU Artificial Intelligence Act: risk categories and transparency obligations; postponed high-risk deadlines (Digital Omnibus). artificialintelligenceact.eu
Keep reading

See also

AI governance for SMEsThe version for starting from zero: shadow AI and the first 30 days.How to integrate AI agents into your companyFrom the process to the agent in production, without joining the 95% that fail.Who owns the company brainGovernance and ownership: where the operating memory lives and who controls it.When you DON’T need AIThe cases where AI is the wrong choice.