Meet Your New Colleague. It’s Already Making Decisions.

Carl Hahn, Cáitrín McKiernan, Akita Adkins and Luisa Saboya contributed to this article.

Agentic AI represents a structural shift from earlier forms of AI. These systems do not merely support human decision-making — they increasingly execute decisions autonomously to achieve their objectives.

Under intense pressure to drive efficiencies and modernize operations, organizations are rapidly deploying new tranches of digital workers across their enterprises. The promise is significant: round-the-clock execution, tireless workers, scaled judgment and the ability to compress workflows that once spanned days into minutes. 

But the risks are equally significant, and many of them are unfamiliar to the compliance, legal and risk functions that must now manage them as AI-powered agents and digital workers deployed at scale across their enterprise. These risks are not limited to privacy and other autonomous worker regulations that are proliferating, but extend to increased use of off-book or shadow AI, accountability challenges, credibility questions, integrity risks and amplification of existing compliance and regulatory risks, particularly those around intellectual property, export controls and sanctions regimes that can be triggered through unintended data loss.

To realize the benefits of digital workers, organizations must navigate an uncertain environment in which AI systems and humans can operate effectively together, even if this is without real-time human in-the-loop oversight. We think of that as an optimal co-intelligence environment. To be clear: This challenge is not theoretical; it is unfolding inside enterprises today, often invisibly, and frequently outside the reach of formal governance frameworks. 

The legal and regulatory landscape

Two streams of legal risk converge on digital workers. The first consists of new and emerging obligations specifically directed at AI. California has begun regulating AI in employment contexts, including anticipated disclosure requirements effective Jan. 1, 2027, concerning the use of automated decision systems on workers. 

Securities regulators are scrutinizing how public companies describe AI capabilities and risks. Privacy regulators globally are sharpening expectations around automated processing, profiling and cross-border data flows. Federal contractors and grantees increasingly find that their agreements incorporate the NIST AI risk management framework or analogous standards by reference and, moreover, AI-specific contract requirements applicable to many federal contractors will take effect later this year. Further, some states and even municipalities are passing legislation that govern specific applications, such as the pricing of residential housing. And the DOJ’s “Evaluation of Corporate Compliance Programs (ECCP)” now expressly contemplates how companies govern AI in their compliance environment.

The second stream is older but no less consequential: long-standing legal regimes whose application to digital workers raises challenging and even unresolved questions. Antitrust law must contend with autonomous agents that price, negotiate or coordinate across markets. Export controls and economic sanctions create exposure when models are trained on, or output, controlled technical data — and the risk multiplies when agents move that data across jurisdictions through chained API calls. Employment law confronts agents that effectively make hiring, performance or termination-related judgments and employment law risks that arise when individuals terminated based on such agentic decisions are rehired. And data protection regimes like GDPR were not drafted with multi-step autonomous agents in mind, yet plainly apply to them.

These two streams should be governed together. Treating new AI laws as a separate compliance silo while leaving existing risk owners to discover agentic exposure on their own is a predictable path to failure.

Opinion

Canaries in the Coal Mine: Law’s Crashout Over AI Is Coming for Everyone

by Brad Harmon

June 2, 2026

Shadow AI & lack of proper guardrails are problematic combination

Read moreDetails

When shadow AI meets agentic capability

Much of the current discussion of AI governance focuses on policies, frameworks and regulatory compliance for formally deployed systems. Those instruments are important. But a more immediate and under-managed risk lies elsewhere, particularly in organizations with highly trained workforces that are taking an organizationally conservative approach to AI deployment: the rise of shadow AI — the unapproved, decentralized use of AI tools by employees in the course of day-to-day work.

Shadow AI is not new. What is new is its convergence with agentic capability. Organizations now face a largely invisible layer of autonomous or semi-autonomous decision-making operating outside established governance structures. In this environment, AI tools are perceiving, planning and acting — executing end-to-end tasks, exercising judgment and collaborating across systems in ways that, in some cases, determine business outcomes. And in situations where agents are not properly coded or have ambiguous objectives, agents can engage in misconduct and illegal behavior.

The compliance risk lies precisely at the intersection. Unlike generative AI, which often works in isolation on narrowly scoped prompts, agentic AI is designed to act across systems. It needs a connected ecosystem and demands deeper integrations like API access to enterprise tools, such as customer management, enterprise resource planning and HR platforms. When shadow AI meets agentic capability, autonomous agents obtain entry to an organization’s systems, often without the organization’s knowledge. The resulting trifecta — invisibility plus autonomy plus access — is what raises the stakes and forces compliance frameworks to evolve. This trifecta can help users evade controls like human supervision, materially increasing risk of unregulated or even illegal AI agent behavior. It can also drive investigation and remediation costs when compliance departments are called to clean up the mess.

This convergence creates a new class of risk built around four interlocking concerns: accountability, credibility, security and consistency.

Accountability 

A central focus of recent compliance guidance — including the ECCP — is ensuring that organizations preserve human accountability over AI. Importantly, that does not always mean a human in the loop. Often it means a human on the loop: a person with the responsibility to design, launch and supervise these systems in managed, well-bounded ways. But as indicated above, in an environment where shadow AI is proliferating agents, humans can find themselves out of the proverbial loop.

Autonomous decision-making further diffuses responsibility. Attributing a decision to a single individual is already difficult when outcomes flow from complex interactions among developers, data inputs, system architecture and downstream business users; this is further complicated when a non-human (i.e, an agent) is the proximate cause of an action. Organizations may struggle to determine who is accountable when an agent (or a team of agents) approves a transaction it should not have approved, sends a misleading communication or produces a discriminatory outcome. This dynamic puts significant pressure on maintaining the clear lines of responsibility and oversight that underpin compliance and legal functions.

There is also a real potential mens rea problem that can arise in criminal enforcement, compliance program administration or employment proceedings. Many of our most important enforcement and liability frameworks turn on what a person knew or intended. How does the law find liability when the bot did it? Until that question settles, prudent organizations should assume that regulators and plaintiffs will look upstream — to the humans who designed, deployed, supervised or failed to supervise the agent as being potentially responsible for aberrant outcomes.

Credibility 

Even where responsibility can be assigned in theory, agentic systems create a credibility crisis in practice. Their actions are often difficult to understand, explain or defend. They operate across multiple tools and datasets and make multi-step decisions that resist easy interpretation. This can be compounded in a scenario where digital workers are allowed to create subroutines — or other digital workers — that can proliferate in an ecosystem like helpful gremlins. That opacity undermines auditability and creates significant exposure in regulatory inquiries and litigation, where companies must justify what they did and why.

As AI tools become more agentic, outputs are no longer isolated. They are chained across tasks, with each step building on the last. Errors, assumptions and biases can rapidly compound or propagate across a workflow. The result is a phenomenon that might be called “decision laundering” — AI-generated conclusions are accepted and operationalized with little scrutiny, yet exert real influence over compliance assessments, internal reporting and regulatory judgments. By the time a decision reaches a human reviewer, its provenance may already be unrecoverable unless the organization has in place robust data governance and explainability protocols.

Security 

Agentic AI also presents serious security risks whether through shadow AI or merely by creating unmonitored loss prevention. The most common is the flow of sensitive information into external systems. Employees frequently rely on consumer or quasi-enterprise tools to support daily tasks, often inputting confidential business data, personal information or legally privileged material.

In an agentic context, these risks are rarely confined to a single prompt. Multi-step workflows can lead to the progressive externalization and persistence of sensitive information. This dynamic raises acute risks under data protection regimes like GDPR, threatens trade secret protection and may undermine claims of legal privilege by eroding confidentiality through iterative, undocumented disclosure. National security exposures, including under export control and sanctions regimes, follow the same pattern when technical or controlled data flows out through agent calls. And of course shadow AI use can be exploited by adversary agents looking to gain access to enterprise IT systems as a trusted user. It is not difficult to imagine a cat-and-mouse game where agentic-driven phishing attacks tend to exploit programming biases of otherwise well-meaning digital workers.

Consistency and integrity 

At a structural level, shadow agentic AI undermines the consistency and integrity of compliance frameworks. Formal compliance systems rely on standardized methodologies, defined risk criteria and documented procedures. Shadow AI, by contrast, enables highly individualized approaches: different employees rely on different tools, different prompts and different assumptions, effectively creating fragmented, micro-level processes that diverge from approved standards and take actions that lack transparency and appropriate human supervision.

Over time, that fragmentation erodes an organization’s ability to demonstrate consistency, fairness and rigor, qualities at the heart of regulatory trust, particularly in regulated industries. 

Evolving compliance from prohibition to governance

The risks associated with shadow and agentic AI are unlikely to be mitigated through prohibition. Experience with earlier waves of shadow IT — from personal devices to cloud platforms — demonstrates that blanket bans drive usage further underground at precisely the moment when oversight matters most. If IT controls are too restrictive, organizations push their workforce off-grid in the name of efficiency, losing entirely the visibility they most need.

A more effective response requires a shift in compliance posture: from approval-based control to governance grounded in visibility, accountability and risk prioritization. 

In practice, that shift rests on several reinforcing pillars.

Roll out strategically with a real risk and privacy impact assessment

Digital workers and AI agents should be deployed through a disciplined, risk-based program rather than opportunistically. The most consequential questions are not technical but jurisdictional: What data can the agent access and what can leave company premises? 

A meaningful pre-deployment risk assessment maps the agent’s data inputs, outputs, system integrations and decision authority against legal regimes (privacy, trade secrets, export controls, sectoral regulation) and against the organization’s own risk appetite. Classifying digital workers by impact tier — for example, low, medium and high — allows controls to scale with stakes. 

This process allows the enterprise to map the business objective it hopes to achieve with agentic AI to the governance and risk management processes that will in parallel effectively mitigate the risks. It can also help compliance avoid gumming up the works and creating organizational sludge that can drive workers to shadow AI.

Establish clear, practical acceptable-use standards

Many existing AI policies remain too abstract to guide real-world behavior. Effective standards provide concrete direction on permissible data inputs, approved and restricted use cases, acceptable use guidance and the triggers for escalation to legal or compliance teams. Critically, they must explicitly address agentic behaviors — task chaining, autonomous execution, decision support — rather than treat AI as a passive tool. A policy written for ChatGPT-style prompting will not govern an agent that places trades, sends emails or files tickets on a worker’s behalf.

Provide approved, controlled environments

Where employees turn to external tools out of necessity or efficiency, organizations should offer sanctioned alternatives: enterprise AI platforms, internally managed sandboxes, effective testing and red-teaming or vendor solutions deployed under appropriate contractual and technical safeguards. These environments can incorporate data-handling restrictions, prompt and output logging and integration with existing IT and compliance systems. 

Best practices that we have seen include incubating agents in a development environment before unleashing them into a production environment after stress-testing. By enabling safe use rather than suppressing all use, organizations reduce the incentive for shadow adoption and gain visibility into actual practice.

Train concurrently with rollout

Training cannot lag deployment. Every new digital worker should ship alongside live training and clear guidance for the people who will work with it, supervise it or rely on its outputs. Static annual modules are inadequate for a technology that changes monthly. Standards, examples and red-flag scenarios should be embedded into the workflows where employees actually encounter agents. Fortunately for fast-moving companies, AI-based solutions themselves can provide some of the answers to the problem of rapid AI deployment.

Develop rules with cross-functional buy-in

Effective governance demands cross-functional coordination. Responsibility for AI risk cannot rest solely with IT or compliance. Establishing dedicated AI risk committees — or integrating AI risk into existing governance bodies — ensures that legal, privacy, security, HR, business unit leaders and the board are aligned on what the organization will and will not tolerate. Without that alignment, agentic behaviors fall through organizational gaps with predictable results.

Build audit, monitoring and metrics for success

Traditional compliance models focus on violations after they have fully materialized. Agentic systems demand earlier intervention. Programs should emphasize identifying early indicators of misalignment — anomalous decision patterns, unexplained deviations from business rules or a drift in agent behavior — before they crystallize into regulatory breaches. Technical measures like network monitoring, API controls and prompt and output logging should sit alongside softer mechanisms, including internal audits, employee surveys and whistleblower channels that capture AI-related concerns. Define metrics for success up front: error and override rates, escalation volumes, time to detection and the share of agent activity that is logged and reviewable.

Integrate AI risk into existing frameworks

AI-related risks should be embedded into existing compliance risk assessments and control frameworks rather than treated as a standalone issue. Shadow and agentic AI intersect directly with confidentiality, anti-corruption, internal controls, third-party risk and regulatory reporting. Mapping AI risks onto these established frameworks identifies where current controls are inadequate and avoids further fragmentation of governance.

Agentic AI as a compliance enabler

This analysis is not purely cautionary. Deployed within robust governance frameworks, AI — including increasingly agentic systems — has significant potential to strengthen compliance functions themselves. Agentic AI can enhance monitoring, automate the triage and escalation of risks, surface anomalies in transaction or communications data and improve the integrity and timeliness of internal reporting. The same capabilities that create exposure in the wrong hands can, in the right hands, dramatically expand a compliance team’s reach.

Despite the uncertainty surrounding agentic and shadow AI, the current moment represents a uniquely valuable window for organizations to learn and experiment. Because the technology is evolving and governance frameworks are not yet fully defined, companies have an opportunity to engage with these systems in a more exploratory, lower-stakes way — testing use cases, observing how agents behave in practice and identifying where controls break down. Waiting for fully mature solutions would be a mistake. Organizations should be building familiarity and internal capability now, so that when standards harden — and they will — they are ready.

This period of relative flexibility allows compliance and legal teams to shape how agentic AI is deployed within their organizations, rather than reacting later under pressure. Realizing the upside depends not on the level of autonomy granted to agents but on embedding clear limits, auditability and oversight from the outset. It is time for risk managers to make friends with technology and invite them to dinner like an honored guest rather than a thief robbing their cupboards at night.

The objective in governing shadow and agentic AI is not to eliminate informal use entirely; it is to bring it within the perimeter of governance. By aligning standards, technology, oversight and culture, organizations can manage decentralized AI use while positioning themselves to harness agentic capabilities in a controlled and compliant manner.

Digital workers are joining the workforce whether or not compliance functions are ready. The choice is not whether to allow them but whether to govern them. Companies that treat the rollout as a serious compliance program — with risk-based deployment, real training, cross-functional ownership and meaningful audit — will find that their new colleagues genuinely earn their place. Those that do not will discover, often too late, that the bot did it, and no one is quite sure who is responsible.