Governance and Risk Management for Agentic AI in the Enterprise.
Keywords:
agentic AI, AI governance, enterprise risk management, autonomous systems, compliance frameworks, runtime governanceAbstract
Agentic artificial intelligence systems represent a paradigm shift from conventional machine learning applications, introducing autonomous, goal-directed agents capable of multi-step planning, persistent state management, and tool-augmented execution. These capabilities create novel governance challenges and risk profiles that extend beyond traditional AI oversight mechanisms. This paper examines the current landscape of agentic AI governance and risk management in enterprise contexts through systematic analysis of recent frameworks, technical architectures, and organizational models. The analysis identifies three primary governance modalities, regulatory, organizational, and technical, and maps emergent risk categories including coordination failures, cascading reliability issues, adversarial threats, and compliance gaps. The paper synthesizes best practices from recent governance frameworks, including runtime enforcement protocols, capability-centric risk mapping, and staged validation approaches. Findings indicate that effective enterprise governance requires layered architectures integrating policy-as-code enforcement, semantic telemetry, dynamic authorization, and auditable provenance mechanisms. The paper concludes with recommendations for governance-by-design principles and identifies critical gaps in standardization, benchmarking, and regulatory adaptation that require further research and cross-sector coordination.
References
1. Adabara, I., Sadiq, B. O., Shuaibu, A. N., Danjuma, Y. I., & Venkateswarlu, M. (2025). Trustworthy agentic AI systems: A cross-layer review of architectures, threat models, and governance strategies for real-world deployment. F1000Research. https://doi.org/10.12688/f1000research.169927.1
2. Andrae, S. (2025). Governance of AI agents. In Advances in Computational Intelligence and Robotics (Chapter 6). https://doi.org/10.4018/979-8-3373-1419-8.ch006
3. Chaffer, T. J., Goldston, J., Okusanya, B., & Gemach, D. A. T. A. I. (2024). On the ETHOS of AI agents: An ethical technology and holistic oversight system. arXiv preprint. https://doi.org/10.48550/arxiv.2412.17114
4. Chakraborty, S. (2025). Data stewardship co-pilot: Transforming enterprise data governance with generative AI and agentic frameworks. European Journal of Computer Science and Information Technology, 13(2), 1-14. https://doi.org/10.37745/ejcsit.2013/vol13n22114
5. Joseph, C. (2013). From fragmented compliance to integrated governance: A conceptual framework for unifying risk, security, and regulatory controls. Scholars Journal of Engineering and Technology, 1(4), 238–250.
6. Joshi, H. (2025a). Advancing U.S. competitiveness through governance tools and trustworthy frameworks for autonomous GenAI agentic systems. International Journal of Advanced Research in Science, Communication and Technology. https://doi.org/10.48175/ijarsct-29017
7. Joshi, H. (2025b). AI governance by design for agentic systems: A framework for responsible development and deployment. Preprint. https://doi.org/10.20944/preprints202504.1707.v1
8. Khan, R., Joyce, D., & Habiba, M. (2025). AGENTSAFE: A unified framework for ethical assurance and governance in agentic AI. Preprint.
9. Khoo, S. S., et al. (2025a). With great capabilities come great responsibilities: Introducing the agentic risk & capability framework for governing agentic AI systems. Preprint (govtech-responsibleai).
10. Khoo, S. S., et al. (2025b). Quantifying AI autonomy: A multidimensional framework for agentic AI governance and risk assessment. Advances in Intelligent Applications, 6(1). Retrieved from https://ojs.bonviewpress.com/index.php/AIA/article/view/6694
11. Pervez, H., Gaurav, S., Heikkonen, J., & Chaudhary, J. (2025). Governance-as-a-Service: A multi-agent framework for AI system compliance and policy enforcement. arXiv preprint. https://doi.org/10.48550/arxiv.2508.18765
12. Raza, M. M., et al. (2025). TRiSM for agentic AI: A review of trust, risk, and security management in LLM-based agentic multi-agent systems. arXiv preprint. https://doi.org/10.48550/arxiv.2506.04133
13. Reid, M., et al. (2025). Risk analysis techniques for governed LLM-based multi-agent systems. arXiv preprint. https://doi.org/10.48550/arxiv.2508.05687
14. Stovah, C. (2024, July 29). Advanced bot protection: An enhancement for fraud prevention in the fintech industry. Coinprwire.
15. Tirupathi, S., Salwala, D., Daly, E., & Vejsbjerg, I. (2025). GAF-Guard: An agentic framework for risk management and governance in large language models. arXiv preprint. https://doi.org/10.48550/arxiv.2507.02986
16. Wang, C. L., Singhal, T., Kelkar, A., & Tuo, J. (2025). MI9—Agent intelligence protocol: Runtime governance for agentic AI systems. arXiv preprint. https://doi.org/10.48550/arxiv.2508.03858
17. Joshi, H. (2025c). Framework for government policy on agentic and generative AI: Governance, regulation, and risk management. SSRN. https://doi.org/10.2139/ssrn.5511060
18. Aileni, A. R. (2025). Navigating the regulatory landscape: The emergence of AI-powered compliance agents. World Journal of Advanced Research and Reviews, 26(2), 1-14. https://doi.org/10.30574/wjarr.2025.26.2.1923
19. Hughes, L., Dwivedi, Y. K., Li, K., Appanderanda, M., & Al-Bashrawi, M. A. (2025). AI agents and agentic systems redefining global IT management. Journal of Global Information Technology Management. https://doi.org/10.1080/1097198x.2025.2524286
