Agentic AI Creates Organizational Authority Gaps That Existing Governance Frameworks Were Not Built to Handle, MIT Sloan Warns
Source
The Emerging Agentic Enterprise: How Leaders Must Navigate a New Age of AIMIT Sloan Management Review
What happened
In The Emerging Agentic Enterprise: How Leaders Must Navigate a New Age of AI, published July 5, 2026, MIT Sloan Management Review researchers examined how the proliferation of autonomous AI agents is outpacing organizational governance design. The research identifies a core dilemma: agentic systems exercise variable levels of autonomy depending on workflow context, yet most enterprises apply static, one-time approval processes that do not account for how agent authority can expand during deployment. The authors call for centralized governance infrastructure that defines and enforces authority boundaries for AI agents across business functions, mirroring the oversight structures organizations already apply to human workers. The research specifically flags the jurisdictional conflict between IT, HR, and business unit leadership as a source of organizational misalignment, with each function claiming or ceding control over agent behavior without a coordinated framework. Singapore's IMDA Model AI Governance Framework for Agentic AI represents one of the few published regulatory attempts to address exactly this gap at a national level, and the MIT Sloan findings reinforce the urgency of operationalizing similar principles inside individual enterprises.
Why it matters
- ·Regulatory exposure is rising because frameworks including the EU AI Act Implementation Timeline impose human oversight requirements on high-risk AI systems, and agentic deployments with undefined or drifting authority boundaries are unlikely to satisfy those requirements during conformity assessments.
- ·Operationally, the absence of centralized governance infrastructure means that agent autonomy levels are effectively set by whichever business unit deploys the system first, creating inconsistent risk controls and making enterprise-wide auditability of agent actions structurally impossible.
- ·Organizationally, the IT-HR-business unit authority conflict identified by MIT Sloan is a governance design failure that directly enables compliance breaches: when no single function owns agent decision rights, accountability gaps persist until an incident forces the question.
Governance controls affected
What to do now
- ☐Map every deployed or piloted AI agent against a defined autonomy tier to establish whether current authority boundaries match the level of oversight your governance program actually provides.
- ☐Convene a cross-functional working group with representation from IT, HR, Legal, and business unit leadership to negotiate and document decision rights over agent behavior before the next deployment cycle.
- ☐Update your AI governance committee charter to explicitly assign ownership of agentic system authority boundaries, including escalation paths when agents request or are granted expanded permissions mid-deployment.
- ☐Review existing human-in-the-loop gate designs against the MIT Sloan finding that static approval processes do not account for dynamic autonomy expansion, and introduce checkpoints triggered by scope changes at runtime.
- ☐Assess whether your current audit log standards capture the context and rationale for each level of autonomy exercised by deployed agents, not just the actions taken, so that post-incident review is possible.
What to watch next
Compliance teams should monitor whether the IMDA Model AI Governance Framework for Agentic AI prompts analogous guidance from other regulators, particularly in the EU and US, where agentic AI is not yet addressed with equivalent specificity in binding rules. The MIT Sloan findings are likely to influence voluntary framework updates from bodies such as NIST and ISO, and any revision to the NIST Artificial Intelligence Risk Management Framework Playbook that addresses agentic autonomy tiers should be treated as an early signal of future regulatory baseline-setting. Enforcement actions under existing high-risk AI provisions are also worth tracking: regulators applying human oversight requirements to incidents involving autonomous systems that lacked defined authority boundaries will generate case law and guidance that operationalizes what the MIT Sloan research describes in conceptual terms.
AI Governance Weekly
Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.
