New types of AI systems are emerging fast. These include systems that can plan tasks, use external tools, or act autonomously with minimal human input. These technologies often fall outside familiar governance boundaries. Their behaviour can change dynamically in response to prompts, updates, or interactions, making them difficult to assess up front or control through static policies.
These systems challenge traditional governance approaches. Risk assessments must expand beyond point-in-time reviews to continuous evaluation and adaptive controls, especially for models that initiate tasks, use tools, or influence other systems. Traditional checklists and approval gates might not be enough when systems adapt or escalate unpredictably.
Many organisations are also adopting outcome-based “service-as-a-software” models, where agentic AI systems take action independently to deliver services such as legal drafting, compliance checks, or code generation. This move from tool use to task delegation creates the need for fallback processes, escalation triggers, and clear accountability.
This practice helps organisations extend governance to these fast-moving applications. It encourages teams to ask the right questions before deployment, experiment safely, and update controls as new risks appear. It is particularly important for agentic AI, multi-agent systems, embedded AI in operational processes, or open-ended tools that generate content, actions, or decisions.
Why it matters
Emerging AI use cases often carry unclear or rapidly evolving risks. Even small pilot tools can scale quickly if plugged into business-critical workflows or external services. Without the right governance, organisations can lose visibility over how decisions are made, who is accountable, or what users are exposed to.
Static risk frameworks are rarely enough on their own. Some risks only become visible after deployment, especially when behaviour changes over time or across contexts.. That’s why this practice focuses on anticipation, exploration, and iterative control, not just documentation or approval. Anticipating emerging risks supports innovation without letting governance fall behind. It also gives organisations a credible answer when regulators, partners, or the public ask: “What are you doing to stay in control of fast-moving AI?”
Implementation tips
- Build an internal list or register of emerging AI applications, especially those that use tools, automate tasks, or influence decisions without direct human input.
- Identify governance “grey zones” where existing policies, controls, or roles don’t apply clearly.
- Define boundaries around what types of tasks or decisions can be delegated to agentic systems, particularly where accountability, legal or reputation risk is high.
- Engage cross-functional teams early (e.g. security, legal, operations) to sense and flag novel risks during design or procurement.
- Use sandboxes or internal pilots to explore new capabilities safely before wider rollout.
- Define clear conditions for when exploratory AI should be paused, reassessed, or escalated.
- Update your AI risk assessment process to include indicators for novelty, autonomy, or adaptive behaviours.
- Apply risk tiering to guide governance intensity and introduce checkpoints across the system lifecycle.
Support materials
IAPS – AI Agent Governance: A Field Guide
Outlines how to design governance for agentic AI systems using methods like capability limits, behavioural monitoring, and sandboxing.
UK Government – AI Insights: Agentic Workflow
Explains what makes a workflow “agentic” and provides a simple set of screening questions to identify AI systems that may act with unintended autonomy.
OECD – Steering AI’s Future: Strategies for Anticipatory Governance
Helps organisations align with international framing of agentic AI and understand why trust, oversight, and power delegation require special treatment.
AI Governance Initiative – Risk Tiers: Towards a Gold Standard for Advanced AI
Presents a tiered risk model to assess and govern advanced and adaptive AI systems.
Cooperative AI Foundation. – Multi-Agent Risks from Advanced AI
Summarises key risks from multi-agent AI (e.g. goal drift and emergent behaviour) and outlines governance strategies to manage them.
