Express Computer

Home  »  Guest Blogs  »  The AI governance gap nobody is talking about

The AI governance gap nobody is talking about

Guest BlogsArtificial Intelligence AINews
By Express Computer
The AI governance gap nobody is talking about
By Apoorva Kumar, CEO, Disseqt
0 0

By Apoorva Kumar, CEO, Disseqt

Across industries, AI agents have moved from experimentation into core enterprise operations. They respond to customers, transfer data between systems, initiate approvals and trigger workflows that previously required human judgement. The deployment pace has been rapid. The governance infrastructure required to manage these systems responsibly has not kept up.

These systems are currently functioning within essential workflows in many organisations, where decisions are carried out without direct human review. With agents becoming more accountable for decisions that have operational and financial ramifications, the transition from assistive tools to autonomous systems has been gradual but substantial. There hasn’t been a commensurate increase in understanding of how these systems function under various circumstances to match this expansion.

The majority of businesses currently lack organised systems for monitoring, testing and verifying agent behaviour after it is deployed. Because of this, systems keep growing without a clear understanding of how choices are made, how results differ depending on the context or how risks build up over time. There is a real difference between governance and deployment. Today’s AI systems already incorporate it into their operations.

Agent failures are behavioural, not technical

Conventional software fails in traceable ways. A flaw surfaces, a dependency breaks, an input corrupts, and the chain of causation can be followed back to its origin. AI agent failures work differently. The same agent performs correctly in one context and produces a materially different outcome in another. Same system, different conditions, no obvious trigger.

A system that fails technically can be patched. A system that fails behaviourally must be understood. According to McKinsey, roughly 51% of businesses using AI report at least one negative outcome, most commonly tied to accuracy or reliability. Fewer than one in three govern and scale AI using structured practices. These are not early experiments; they are production systems operating without adequate visibility.

Standard QA is the wrong tool for non-deterministic systems

Quality assurance was designed for deterministic systems, where the same input reliably produces the same output. AI agents are context-sensitive and non-deterministic. Behaviour that holds in a test environment can shift in production in ways no test case predicted because the most consequential edge cases are the ones that were not anticipated.

Testing frameworks must be rebuilt around behavioural reliability. The practical difference is measurable. One enterprise team was manually generating 10 to 15 adversarial prompts per session over three to four hours with no observable improvement in their Copilot’s safety responses. Applying structured adversarial testing with Disseqt, the same three engineers generated more than 55,000 prompts in three days and improved safety handling by up to 97% across 15 Responsible AI categories. Same team, same intent, entirely different infrastructure.

Governance is a competitive advantage, not a compliance cost

The EU AI Act establishes requirements for how AI systems are tested, documented, monitored and corrected after deployment, creating accountability for behaviour, not just intent. In markets where enforceable frameworks are less defined, the absence of mandate should not be misread as permission to defer. The cost of retrofitting governance onto a scaled AI estate is substantially higher than building it in from the start.

The most immediate implication of the EU AI Act is that organisations will be required to demonstrate how automated decisions are tracked, validated and corrected in live environments. Similar expectations are emerging elsewhere. The National Institute of Standards and Technology has launched the AI Agent Standards Initiative to define identity and access controls for agents, while financial regulators are beginning to assess agent-driven actions under the Sarbanes-Oxley Act (SOX) framework. In India, however, the absence of enforceable structures means governance remains largely advisory, increasing the risk of inconsistent practices as adoption scales.

Conclusion

The organisations that will derive the most value from the agentic AI transition are not necessarily those that deployed earliest. They are the ones that invested in understanding how their systems actually behave in production and built the testing, observability and governance infrastructure to manage that behaviour continuously.

For AI agents operating at the centre of business operations, understanding how a system behaves is not a follow-on consideration. It is the foundation on which responsible, scalable AI adoption is built.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.