Applying uniform governance to all AI agents, regardless of their autonomy level and scope, can lead to enterprise AI agent failure, according to Gartner, Inc., a business and technology insights company. Failures are most likely to occur when organizations fail to distinguish between an agent’s ability to act and the scope of access it is granted.
Gartner predicts that by 2027, 40% of enterprises will demote or decommission autonomous AI agents due to governance gaps identified only after production incidents occur.
“Enterprises are treating AI agent governance as binary, either locked down or fully trusted, and that is the root cause of failure,” said Shiva Varma, Senior Director Analyst at Gartner. “Agents operate at different autonomy levels and across different trust boundaries. When the same controls are applied indiscriminately, organizations encounter two common failure modes: over-restriction of simple agents, which slows delivery and drives shadow development, or under-restriction of more autonomous agents, which increases operational, security and compliance risk.”
To mitigate these risks, Gartner recommends applying a proportional governance approach that classifies AI agents across distinct autonomy levels, with each level representing a different trust boundary and corresponding governance requirements (see Figure 1).
Source: Gartner (May 2026)
Level 1: Observe
At Level 1, observe agents are limited to read-only access to defined data sources, with outputs visible only to the requesting user. Common use cases include document summarization, data or knowledge retrieval, and code explanation.
“At this level, governance should focus on baseline controls such as scoped data access, user authentication, usage logging, and basic functional and security testing,” said Varma. “Because risk is limited primarily to data exposure and output accuracy, controls should remain lightweight and targeted.”
Level 2: Advise
Advise agents generate recommendations, drafts or proposed actions, while humans review all outputs and execute actions manually. These agents retain read‑only access with no write access to any system and are commonly used for email drafting, report or code generation, and decision support.
Although humans execute decisions, advisory agents can anchor judgment, creating downstream risk when inaccurate outputs are trusted due to automation bias.
“Governance for advise agents should include all Level 1 controls and extend to addressing output quality and decision influence through accuracy and hallucination testing, domain-specific quality evaluations, and user training on appropriate reliance levels,” said Varma.
Level 3: Act with Approval
At Level 3, agents can execute actions such as writing data, sending communications or modifying configurations, but only after explicit human approval for every action.
“At this level, human review is effective only if it remains a meaningful control,” said Varma. “Without strong security testing, clear approval workflows with audit trails, and agent‑specific incident response procedures, approvals can degrade under time pressure or approval fatigue, creating a false sense of safety while expanding the attack surface.”
Level 4: Act Autonomously
At the highest autonomy level, agents execute actions independently within defined guardrails, with humans reviewing exceptions, audit logs and aggregated outcomes rather than individual decisions.
“When agents operate autonomously, actions are executed at a scale and speed that can outpace human oversight,” said Varma. “Because accountability for outcomes remains with the organization, this level requires the most rigorous governance, including continuous monitoring, enforced guardrails, rapid rollback mechanisms, circuit breakers that halt agent operation on threshold violations and clear ownership for agent behavior.”
