Sign in Subscribe

The Governance Gap in Agentic AI

The Governance Gap in Agentic AI

Executive Summary 

Financial institutions are entering a new phase of AI adoption. Earlier deployments centered on assistive copilots that generated outputs for human review. Increasingly, agentic AI systems independently retrieve information, invoke tools, and coordinate multi-step workflows inside live operational environments. This whitepaper examines why that shift outpaces existing model centric governance frameworks, why high-consequence financial workflows raise the stakes, and why governance is moving from pre-deployment validation toward continuous runtime control. It outlines the emerging requirement for runtime governance infrastructure and how ZeroH, Blade Labs’ runtime governance and AI safety platform, addresses it. 

  • Agentic AI is shifting governance challenges from model oversight toward runtime control.
  • High-consequence workflows such as AML, fraud detection, and underwriting increasingly require operational reconstructability and evidentiary traceability. 
  • Runtime governance infrastructure is emerging as a new control layer for regulated AI systems.

Table of Contents 

Executive Summary 
1. AI in Financial Services Is Moving Beyond the Copilot Phase
2. Existing AI Governance Frameworks Were Built for a Different Reality
3. Why High-Consequence Workflows Change the Governance Equation
4. Regulators Are Increasingly Viewing AI Through an Operational Resilience Lens 5. Runtime Governance Requires a Different Infrastructure Layer
6. The Competitive Frontier May Shift From Capability to Governability
7. Conclusion 
8. References 
9. Appendix A: Frequently Asked Questions 
10. About ZeroH & Blade Labs

1. AI in Financial Services Is Moving Beyond the Copilot Phase 

Initial enterprise AI adoption across financial services largely focused on assistive and productivity-oriented use cases. Banks deployed AI systems to support internal research, summarize reports, automate documentation workflows, augment customer servicing, and improve operational efficiency across functions. Governance frameworks evolved around that operating reality. Existing oversight models focused heavily on explainability, fairness testing, model validation, and documentation controls for systems that primarily generated outputs for human review. 

That assumption is beginning to change. 

Industry reports increasingly point toward the emergence of agentic AI systems capable not merely of assisting humans, but of independently participating in operational workflows. 

Figure 1 — AI-related supervisory reporting and surveys are used for a range of activities, including monitoring, risk assessment, research, and supervisory actions. Source: Financial Stability Board, Monitoring Adoption of Artificial Intelligence and Related Vulnerabilities in the Financial Sector, October 2025.

These systems are increasingly being designed to orchestrate multi-step processes, retrieve information, invoke tools, escalate cases, and coordinate actions across workflows such as fraud monitoring, underwriting support, customer servicing, and compliance operations. This reflects a broader transition from AI systems that primarily generate outputs for human review toward systems capable of participating more directly in operational execution environments. 

The governance implications of that shift are fundamentally different from those associated with earlier generations of enterprise AI. 

Historically, institutions governed humans supported by software systems. Agentic AI introduces systems capable of dynamically retrieving information, interacting with APIs, coordinating workflows, and influencing operational outcomes in ways that are significantly more fluid than traditional enterprise software. Once AI systems begin operating inside institutional execution environments rather than merely generating recommendations, governance itself becomes a different problem. 

2. Existing AI Governance Frameworks Were Built for a Different Reality 

Many existing AI governance frameworks remain heavily focused on model-centric risks such as explainability, fairness, transparency, bias management, validation, and human oversight. 

The NIST AI Risk Management Framework, for example, identifies characteristics of trustworthy AI including systems that are “valid and reliable,” “transparent,” “explainable and interpretable,” and “fair with harmful bias managed.” 

Figure 2 — Characteristics of trustworthy AI. Source: NIST AI Risk Management Framework, January 2023. 

Similarly, the EU AI Act places significant emphasis on technical documentation, transparency obligations, logging, and human oversight requirements for high-risk AI systems.

While these controls remain important, they were largely developed around relatively bounded AI systems operating within constrained execution environments. The emergence of increasingly agentic AI systems expands the governance perimeter beyond the model itself into areas such as orchestration, retrieval, tool invocation, runtime permissions, escalation logic, and autonomous workflow coordination. 

Institutions increasingly require visibility not only into model outputs, but into what information AI systems retrieved, which tools they accessed, what authority they exercised, which policies governed execution, and whether workflows can later be reconstructed under regulatory scrutiny. 

This is why recent industry discussions around agentic AI governance increasingly frame the challenge as a shift from validation toward runtime control. Governance can no longer remain limited to pre-deployment review, periodic assessment, or post-facto auditability once AI systems begin operating dynamically across live institutional workflows. Static governance mechanisms such as model documentation, approval committees, and periodic review cycles become increasingly insufficient when systems are capable of autonomously coordinating actions across operational environments. Governance itself increasingly becomes a runtime operational requirement. 

3. Why High-Consequence Workflows Change the Governance Equation 

The governance challenge becomes particularly acute in high-consequence financial workflows such as: 

  • AML investigations, 
  • fraud detection, 
  • sanctions escalation, 
  • customer risk assessment, and
  • credit adjudication. 

These environments already operate under significant governance expectations involving auditability, supervisory visibility, approval hierarchies, escalation procedures, and defensible decision-making. These governance requirements are often even more pronounced in highly regulated and governance-sensitive environments, including Islamic financial institutions operating under additional Shariah governance and evidentiary expectations. The introduction of increasingly autonomous AI systems into these workflows changes the operational risk profile substantially.

Historically, institutions primarily needed to explain human decisions supported by software tooling. Agentic AI introduces systems capable of independently retrieving information, coordinating actions, invoking tools, and influencing operational outcomes during execution itself. That creates a different category of governance requirement: not merely model explainability, but operational reconstructability. 

Regulators and auditors increasingly need the ability to understand: 

  • why a workflow escalated, 
  • why a customer was flagged, 
  • which systems influenced the outcome, 
  • what data was accessed, and
  • how authority was exercised during execution. 

This is one reason governance discussions are beginning to shift away from isolated model oversight toward continuous operational governance embedded directly into execution environments themselves. 

4. Regulators Are Increasingly Viewing AI Through an Operational Resilience Lens 

The Financial Stability Board’s analysis on AI adoption and vulnerabilities within financial services reflects a broader shift underway across the sector. The report identifies growing concerns around: 

  • third-party dependencies, 
  • concentration risk, 
  • governance weaknesses, 
  • operational fragility, and 
  • supervisory visibility into AI-enabled systems. 

This is significant because it signals a change in how regulators increasingly view enterprise AI adoption. For years, AI was largely treated as an innovation initiative. Increasingly, AI is beginning to resemble operational infrastructure. 

That distinction matters because operational infrastructure carries very different expectations around: 

  • resilience, 
  • accountability, 
  • recoverability,
  • auditability, and
  • operational control. 

As financial institutions increasingly converge around a relatively concentrated ecosystem of frontier models, orchestration frameworks, cloud providers, and AI infrastructure vendors, the governance challenge expands beyond whether a model performs effectively in isolation. Institutions increasingly need visibility into how autonomous systems interact across workflows, how authority is exercised during execution, and whether operational behavior remains reconstructable under supervisory scrutiny. 

This points to a significantly deeper governance challenge: 

“Can institutions maintain operational legitimacy, visibility, and control once autonomous systems become embedded into critical workflows?” 

5. Runtime Governance Requires a Different Infrastructure Layer 

The shift from model validation toward runtime control is no longer a theoretical governance discussion. As AI systems increasingly coordinate actions across live institutional workflows, governance can no longer remain a downstream review function layered onto systems after deployment. It increasingly needs to operate continuously during execution itself. 

This is the premise underlying ZeroH, Blade Labs’ runtime governance and AI safety infrastructure for agentic environments. ZeroH Disclosure forms part of the platform’s disclosure-control and proof architecture, designed to continuously enforce governance constraints across live operational workflows rather than treating oversight as a periodic audit or post-facto compliance exercise. 

At its core, ZeroH operates around a continuous Policy-to-Proof model: declared policy establishes the expected operational state, runtime governance mechanisms continuously verify execution against those constraints, and every operation emits portable evidence describing what occurred during execution. Governance therefore functions as a continuously operating runtime property rather than a seasonal review process conducted after workflows have already executed. 

As institutions move from assistive AI toward increasingly agentic operational systems, three governance problems are beginning to emerge repeatedly across regulated environments: 

  • proving what information AI systems actually accessed, 
  • reconstructing what autonomous systems did during execution, and
  • producing regulator-grade operational evidence under supervisory scrutiny. 

ZeroH is designed specifically around these emerging operational requirements. Disclosure controls govern what information AI systems are permitted to access, governance gates enforce authorization boundaries and escalation logic during execution, and continuously generated proof artifacts create reconstructable evidence trails capable of supporting auditability and supervisory review across live operational environments. 

Figure 3 — Three recurring governance problems in regulated finance and the corresponding ZeroH controls: cryptographic non-disclosure proof, verifiable agent action trails, and regulator-grade proof packs. 

The platform is designed around structural separation between execution and governance layers. AI systems may coordinate workflows, retrieve information, or invoke tools, but authorization boundaries, retrieval permissions, escalation rules, and disclosure controls are independently enforced through runtime governance gates. This prevents agentic systems from autonomously expanding authority beyond institutionally declared constraints. 

Critically, the platform also addresses one of the central governance requirements emerging around agentic AI systems: operational reconstructability. Each operation becomes “Born Reportable,” automatically producing attributable evidence describing what information was retrieved, which tools were invoked, what authority was exercised, which policies governed execution, and how workflows propagated across operational environments. These records compose into portable Proof Packs capable of supporting supervisory review, auditability, and evidentiary reconstruction without requiring institutions to reverse-engineer operational behavior after the fact. 

The platform further incorporates bounded autonomy and selective disclosure controls directly into execution workflows. Exceptions become explicit, governed decisions rather than silent deviations from policy, while selective disclosure mechanisms allow institutions to preserve supervisory visibility and operational traceability without unnecessarily exposing underlying sensitive data across trust boundaries. 

As financial institutions increasingly operationalize agentic AI systems inside regulated environments, the governance challenge is no longer limited to explaining model outputs. It increasingly involves maintaining visibility, control, reconstructability, and operational accountability across dynamic execution environments. ZeroH is designed around the view that governance for agentic systems must itself become continuously operating infrastructure rather than a static documentation exercise completed before deployment. 

6. The Competitive Frontier May Shift From Capability to Governability 

Much of the current AI market still competes primarily around: 

  • reasoning capability, 
  • benchmark performance, 
  • multimodal sophistication, and
  • model scale. 

Those capabilities matter. However, regulated institutions operate under constraints extending far beyond model performance alone. Financial institutions must preserve: 

  • supervisory confidence, 
  • evidentiary defensibility, 
  • operational accountability, and
  • institutional legitimacy. 

As AI systems become increasingly operational inside regulated environments, governance maturity itself may become a strategic differentiator. The institutions most capable of scaling AI successfully may not necessarily be those deploying the largest models first, but those capable of operationalizing AI within resilient governance environments that preserve visibility, control, reconstructability, and accountability under real-world operational conditions. 

The financial sector is no longer simply experimenting with AI-generated outputs. It is increasingly moving toward AI-enabled operational execution. That changes the governance equation fundamentally. 

The emerging challenge is increasingly about building systems that institutions can safely delegate operational authority to without compromising accountability, resilience, supervisory visibility, or operational control. 

As agentic AI systems continue evolving from advisory tools into operational actors, governance itself may increasingly need to evolve from static documentation into continuously operating runtime infrastructure. 

7. Conclusion 

The transition from assistive copilots to agentic AI marks a structural change in how financial institutions must govern intelligent systems. Model-centric controls - explainability, fairness testing, validation, and documentation, remain necessary, but they were designed for bounded systems that produced outputs for human review. They do not, on their own, answer what an autonomous system retrieved, which tools it invoked, or how authority was exercised during live execution. 

Closing the governance gap requires treating governance as runtime infrastructure: continuously enforced during execution, structurally separated from the systems it governs, and capable of producing reconstructable, regulator-grade evidence by default. Institutions that build this capability will be positioned not only to deploy agentic AI, but to delegate operational authority to it without compromising accountability, resilience, or supervisory visibility. In a regulated sector, governability — not raw model capability alone — is likely to determine which institutions scale AI successfully.

8. References 

1. Financial Stability Board (2025). Monitoring Adoption of Artificial Intelligence and Related Vulnerabilities in the Financial Sector. October 2025. https://www.fsb.org/uploads/P101025.pdf 

2. National Institute of Standards and Technology (2023). Artificial Intelligence Risk Management Framework (AI RMF 1.0). NIST AI 100-1, January 2023. 

https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf 

3. European Union (2024). Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). https://eur-lex.europa.eu/legal-content/EN/TXT/? uri=CELEX%3A32024R1689

9. Appendix A: Frequently Asked Questions 

What is agentic AI governance? 

Agentic AI governance refers to the operational oversight of AI systems capable of autonomously retrieving information, invoking tools, escalating cases, and coordinating multi-step workflows rather than simply generating outputs for human review. Unlike traditional model governance, which focuses primarily on explainability, fairness, and validation before deployment, agentic AI governance must address what a system actually does during execution across live operational environments. 

What is runtime governance, and how does it differ from model validation? 

Runtime governance refers to oversight mechanisms that operate continuously while AI systems execute rather than relying solely on pre-deployment review or periodic audit processes. Model validation focuses on whether a model is accurate, fair, and appropriately documented before deployment. Runtime governance focuses on whether autonomous systems remain within authorized operational boundaries during execution itself. As AI systems increasingly move from advisory tools toward operational actors, validation alone becomes insufficient. 

What is operational reconstructability? 

Operational reconstructability is the ability to fully reconstruct how an AI-driven workflow executed across operational environments, including what information was retrieved, which tools were invoked, what authority was exercised, which approvals or escalations occurred, and which policies governed execution. It extends beyond traditional model explainability by addressing the broader operational behavior of autonomous systems during live execution. 

What does “Born Reportable” mean? 

“Born Reportable” is ZeroH’s architectural principle that operational evidence should be generated automatically during execution itself rather than reconstructed after the fact. Each operation emits attributable records describing the data accessed, tools invoked, authority exercised, and policies applied, making evidentiary traceability an inherent property of execution rather than a downstream compliance process. 

The concept aligns with broader governance expectations around operational traceability, logging, auditability, and evidentiary reconstruction reflected across frameworks such as the NIST AI Risk Management Framework and the EU AI Act.

What is a Proof Pack? 

A Proof Pack is ZeroH’s portable evidentiary package for reconstructing AI-driven operational workflows. It compiles attributable records describing what information was accessed, which tools were invoked, what approvals or escalations occurred, which policies governed execution, and how actions propagated across operational environments. 

The purpose is to support supervisory review, auditability, and operational reconstructability without requiring institutions to reverse-engineer system behavior after execution has already occurred. 

What is Selective Disclosure in AI governance? 

Selective Disclosure refers to the ability to expose only the minimum information necessary for a specific operational task, workflow, or supervisory requirement rather than granting unrestricted access to underlying data. In agentic AI environments, selective disclosure helps institutions maintain governance boundaries across retrieval, orchestration, and execution workflows by limiting unnecessary exposure of sensitive operational, customer, or institutional information. 

ZeroH incorporates selective disclosure controls into operational execution environments so institutions can preserve supervisory visibility and evidentiary traceability without unnecessarily exposing confidential underlying data across trust boundaries. 

What is the Policy-to-Proof model? 

Policy-to-Proof is ZeroH’s operating model in which declared policy defines the expected operational state, governance mechanisms continuously verify execution against those constraints, and every operation emits attributable evidence describing what occurred during execution. 

The model allows governance constraints, execution behavior, and operational evidence to remain continuously linked across live workflows rather than being reviewed only after execution has already occurred. 

How does runtime governance support regulatory compliance? 

Frameworks such as the EU AI Act and the NIST AI Risk Management Framework increasingly emphasize logging, traceability, human oversight, operational accountability, and technical documentation for high-risk AI systems. 

Runtime governance helps institutions support these expectations by generating continuous, attributable evidence describing how autonomous systems behaved during execution, creating the operational traceability increasingly expected within regulated environments.

How does runtime governance apply to Islamic financial institutions? 

Islamic financial institutions operate under additional Shariah governance and evidentiary expectations alongside conventional regulatory requirements. Runtime governance and Selective Disclosure allow these institutions to demonstrate that AI-driven workflows remained within both regulatory and Shariah-governed operational boundaries while preserving attributable evidence capable of supporting Shariah audit, supervisory review, and operational accountability.

10. About ZeroH & Blade Labs 

ZeroH is Blade Labs’ runtime governance and AI safety infrastructure for agentic environments. Built around a continuous Policy-to-Proof model, ZeroH embeds governance directly into the operational execution layer — enforcing authorization boundaries, disclosure controls, and escalation logic at runtime, and producing Born Reportable evidence and portable Proof Packs that make AI-driven workflows reconstructable under supervisory scrutiny. ZeroH Disclosure forms part of the platform’s disclosure-control and proof architecture. 

Financial institutions exploring runtime governance infrastructure for agentic AI systems can learn more about ZeroH at zeroh.io/products/zeroh-disclosure and Blade Labs’ work on operational AI governance, disclosure control, and regulator-grade proof infrastructure at bladelabs.io.

Read more