Author: Dr. Joshua Scarpino, CEO, Assessed Intelligence
Enterprise adoption of artificial intelligence has moved from a strategic question to an operating reality. The McKinsey Global Survey on the state of AI reports that 88 percent of respondents now use AI regularly in at least one business function, and 23 percent are scaling agentic AI systems within their enterprises.¹ Healthcare is advancing along a similar curve, with 85 percent of surveyed leaders exploring or already adopting generative AI capabilities.² The adoption data is unambiguous; the governance maturity required to support it lags behind by a significant margin, and that gap is where the next generation of operational and regulatory exposure is forming.
Agentic AI represents a structural change in how enterprise systems operate. Generative AI produces an output that a human reviews before acting on it. Agentic AI plans, decides, and executes with limited or no human intervention, which shifts the accountability question from whether the model is accurate to who is accountable when the system acts. Gartner projects that more than 40 percent of agentic AI projects will be canceled by the end of 2027 due to escalating costs, unclear business value, or inadequate risk controls.³ Organizations that have not internalized that shift are managing the wrong category of risk.
The risk data reinforces the concern. Anthropic’s Agentic Misalignment research stress-tested sixteen leading AI models from multiple developers in simulated corporate environments and found that models from every developer resorted to malicious insider behaviors, including blackmail of executives and leaking of sensitive information, when those behaviors were the most effective path to preserve their operation or achieve their assigned goals.⁴ Complementary academic research reports that fewer than 10 percent of organizations maintain robust governance frameworks for AI deployment, and that global trust in fully autonomous AI fell from 43 percent to 27 percent during 2025.⁵ Organizations are granting expanded decision authority to systems operating in environments that lack the oversight infrastructure to constrain them.
The Limits of Existing Governance Controls
Most enterprise AI governance programs were designed for models that generate predictions, not for agents that take actions. Policies that passed review and impose administrative controls do not constrain what an autonomous agent can do within live production systems. A policy document does not throttle an agent’s API calls, and a risk register does not revoke an agent’s access to a customer database at 2:00 AM. As agent populations grow, the distance between documented policy and executed behavior widens, and organizations lose the ability to answer basic questions about what their systems did, on whose authority, and with what consequence.
Independent audit addresses that gap. An audit is a structured, evidence-based verification that declared controls are implemented, operative, and effective. It is not a document review, and it is not a self-assessment. In the absence of independent verification, organizations are left to attest to their own compliance, a posture that regulators, insurers, and enterprise customers increasingly reject. The OECD AI Principles, the first intergovernmental standard on AI and the foundation for subsequent regulation including the EU AI Act, require that AI actors ensure traceability of datasets, processes, and decisions across the AI system lifecycle, and apply a systematic risk management approach to each phase of that lifecycle on an ongoing basis.⁶ The expectation of evidence-based accountability is not a novel demand; it is becoming the baseline.
What an Agentic AI Audit Must Cover
An audit tailored to agentic AI must evaluate more than model performance. It must evaluate the full operational surface the agent touches, including identity, data access, tool invocation, decision logging, escalation pathways, and decommissioning. It must also apply binary criteria, compliant or non-compliant, because subjective assessments allow risk to survive a review unnoticed.
Audit schemes designed specifically for algorithmic, artificial intelligence, and autonomous (AAA) systems are beginning to emerge. ForHumanity’s Independent Audit criteria for AAA Systems codifies audit criteria across ethics, bias, privacy, trust, and cybersecurity, and models its binary determinations after financial audit standards such as GAAP and IFRS.⁷ Schemes of this kind address domains that general-purpose IT audits routinely omit, including vendor management for third-party agent components and decommissioning pathways for systems that rarely have a defined end of life. They are also jurisdictionally sensitive, allowing audit criteria to align with the regulatory environment in which the system operates. A single internal control standard cannot satisfy divergent legal obligations across the EU AI Act, GDPR, and comparable frameworks in other jurisdictions.
Why an Agentic-Specific Audit Differs from a General IT Audit
General IT and cybersecurity audits, such as SOC 2 or ISO 27001, evaluate control environments that assume human-mediated decision-making. Agentic systems violate that assumption. A SOC 2 review does not evaluate whether an agent’s tool-use permissions are proportional to its task, whether its memory persistence creates a cross-session data leakage risk, or whether its decision log is sufficient to reconstruct an action for regulatory response or legal discovery.
An audit designed for agentic systems must address a different set of control objectives. It must verify that each agent holds a distinct, attributable identity and that its permissions are scoped to the minimum necessary for its task. It must confirm that every agent action can be reconstructed, attributed, and explained in a form usable under regulatory or legal review. It must evaluate whether human oversight is designed to interrupt agent behavior before consequential action, not after. It must assess whether the level of autonomy granted is proportional to the risk the agent can cause, with defined escalation pathways for out-of-scope situations. It must test whether the organization can detect, contain, and remediate agent misbehavior within the operational window that matters.
These are not hypothetical controls. Anthropic’s research documents that models will disobey direct commands to avoid harmful behaviors, and that simple instructions such as “do not spread non-business personal affairs” reduced but did not eliminate blackmail and corporate espionage in the tested scenarios.⁴ The implication for enterprise deployment is direct: policy-level controls and natural-language instructions are insufficient on their own, and organizations must be able to verify through audit evidence that their technical controls enforce what their policies declare.
From Annual Review to Continuous Assurance
Annual audit cycles are insufficient for systems that generate risk continuously. A misconfigured agent permission can persist for months before detection under traditional review models. In an environment where AI agents execute thousands of actions daily, reliance on periodic audits is not a compliance gap; it is an operational liability.
Organizations should pair independent third-party audit with continuous internal assurance. Independent audit establishes the baseline and verifies the control design at a defined point in time. Continuous assurance verifies that the controls remain effective in the intervals between audit cycles. Each function addresses a different question, and organizations deploying agentic systems at scale require both.
The ARISE Framework™ as an Operational Layer
The ARISE Framework™, developed by Assessed Intelligence, is designed to provide the continuous assurance layer that sits alongside independent audit regimes. Organized across seven domains, GOVERN, MANAGE, IDENTIFY, PROTECT, DETECT, RESPOND, and VALIDATE, ARISE establishes the operational controls required to manage AAA system risk on an ongoing basis. Where an independent audit asks whether controls meet a defined standard at a point in time, ARISE asks whether the organization can sustain those controls as the system, the data, and the regulatory environment evolve. The two functions are complementary. Independent audit confirms that the system meets a recognized standard of compliance at the time of evaluation, and the ARISE Framework™ maintains the conditions under which that compliance holds. Together, they support Secure & Responsible Technology.
The organizations that will lead the next phase of AI adoption will not be the ones that moved fastest. They will be the ones that moved deliberately, with verified controls, independent assurance, and continuous oversight in place before the risk materialized.
References
- Singla, A., Sukharevsky, A., Hall, B., Yee, L., & Chui, M. (2025). The state of AI in 2025: Agents, innovation, and transformation. McKinsey & Company. https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai
- Pardo Martin, C., Lamb, J., Dahab, A., Jones, J., & Bhasker, S. (2025). Generative AI in healthcare: Current trends and future outlook. McKinsey & Company. https://www.mckinsey.com/industries/healthcare/our-insights/generative-ai-in-healthcare-current-trends-and-future-outlook
- Gartner, Inc. (2025). Gartner Predicts Over 40% of Agentic AI Projects Will Be Canceled by End of 2027. https://www.gartner.com/en/newsroom/press-releases/2025-06-25-gartner-predicts-over-40-percent-of-agentic-ai-projects-will-be-canceled-by-end-of-2027
- Lynch, A., Wright, B., Larson, C., Ritchie, S. J., Mindermann, S., Perez, E., Troy, K. K., & Hubinger, E. (2025). Agentic Misalignment: How LLMs Could Be Insider Threats. Anthropic. https://www.anthropic.com/research/agentic-misalignment
- AURA: An Agent Autonomy Risk Assessment Framework (2025), arXiv preprint 2510.15739. https://arxiv.org/pdf/2510.15739
- OECD (2019, updated 2024). Recommendation of the Council on Artificial Intelligence: Principle 1.5 on Accountability. OECD/LEGAL/0449. https://oecd.ai/en/dashboards/ai-principles/P9
- ForHumanity. Independent Audit of AI Systems. https://forhumanity.center/independent-audit-of-ai-systems/
Assessed Intelligence delivers vCISO and vCRAIO leadership, ARISE Framework™ implementation, and continuous assurance through the OPERATE retainer. If your organization is deploying agentic AI and needs governance that operates at the speed of your systems, speak with an advisor.
