governance

Model revenue is not customer return. The economic and risk unit is the harness that turns model output into accountable work.

Ken Griffin watched PhD-level finance work compress from months to days. The interesting question is whether bank AI controls are designed for the layer where the work now lives.

Fast repair is useful, but it does not prove that a system remains understandable.

AI governance needs domain knowledge where technical behaviour changes route, evidence, controls, and monitoring.

Finance agents are evidence custody systems before they are model systems.

An agent is not autonomous because it can try a task. It is autonomous when the system can tell whether the task worked.

Proportionate AI governance only works when the lighter path is earned by evidence, not granted by missing concerns.

AI cannot help an enterprise that cannot describe itself, and governance failure surfaces faster than optimisation failure.

Vercel was breached through a third-party AI tool's OAuth token. The lesson is not about Vercel's security — it is about how every AI tool you onboard extends your attack surface in ways your governance framework does not track.

If you can replace 'agent' with 'application' and the principle still reads fine, it was never about agents.

Risk teams know risk. The open problem is designing controls for systems that are non-deterministic, probabilistic, and attackable in natural language.

Six cell biology mechanisms that reveal what the networking 'control plane' metaphor misses about governing AI agents.

Every other agentic AI risk has an engineering answer. Prompt injection doesn't. That changes everything about how you design controls.

Four interactions between agentic properties create risks that manual governance cannot address. The category boundary is not AI versus traditional — it is systems that act versus systems that advise.

Compliance-first governance produces paperwork. Design-first governance produces systems you can actually explain to a regulator.

The governance patterns for autonomous AI agents are the same ones good managers already use: cadence reviews for normal flow, escalation channels for urgent anomalies, and human judgment only where it has maximum information value.

When AI agent calls approach zero cost, the natural rate-limiter on decision volume disappears — and oversight frameworks designed for prediction models break.

HKMA's new strategic review circular bundles AI inference risk and smart contract risk into one workstream — a governance design flaw that will cause banks to under-govern both.

SR 11-7 assumes models are tools that produce outputs for human review. AI agents are actors that take actions autonomously. Every assumption breaks.

List-based and process-based approaches to AI risk classification both fail in predictable ways. The failure mode depends on which you chose.

Every AI governance framework demands human-in-the-loop. Nobody does the maths on what that means at enterprise scale.

Most AI maker-checker implementations capture the correction but not the reason. That's a feedback loop with no signal.

When your model's labels come from human decisions rather than reality, you're not measuring what you think you're measuring.

Governance isn't about catching every failure — it's about proving your process was reasonable when one happens. The real skill is knowing what to deliberately not monitor.

Agentic AI isn't a future governance problem — it arrived ungoverned, and this week saw the first enforcement action.

The cognitive offloading problem is real. The governance response mostly isn't. There's a specific mechanism at work, and it has a specific fix.

Ask for bugs and you'll get bugs — whether they exist or not. Sycophancy is a design feature, and the fix isn't better prompting.