Why enterprises need clearer accountability for AI agents

• AI agents need clear ownership before acting across systems.
• Fragmented data makes agentic AI harder to govern.

“Accountability should not sit with the model alone,” Hardman said. The business or application owner should be responsible for the use case and the decisions the agent is allowed to support. Data owners should manage what information the agent can access and what policies apply to it.

Clear ownership for agent actions

Infrastructure, security, and IT teams also have a role in setting controls around access. These include monitoring, audit trails, resilience planning, and recovery.

“The risk is when AI agents fall into a grey area: they have enough access to act, but not enough governance to make clear who is responsible when something goes wrong,” Hardman said.

If an agent accesses a system, changes data, or triggers a workflow, enterprises should be able to identify who authorised the action. They should also be able to see what data was used, what action was taken, and whether the process can be traced or reversed.

Data visibility becomes a control issue

Fragmented data environments make that harder to manage. Many companies still manage data across cloud platforms, on-premises infrastructure, SaaS tools, and legacy systems. That setup can limit visibility into data ownership and sensitivity. It can also make it harder to track how data moves across systems.

Hardman said AI agents make these gaps more difficult to manage because they do not only retrieve information. They can also make recommendations, update records, trigger workflows, or act across connected systems.

An agent may be authorised to access a system even when the organisation does not fully understand the sensitivity, lineage, or business context of the data being used. That can create control issues when actions are taken across multiple environments.

“AI agents do not create the data visibility problem, but they expose and accelerate it,” Hardman said.

Poorly governed agents can trigger several actions across connected systems in a short period. A human employee may make one error in one system, while an AI agent can act across several systems if controls are not clearly defined.

Enterprises need to understand their data estate before giving agents broader autonomy, Hardman said. That includes classifying critical information, mapping system dependencies, and applying access policies consistently across hybrid environments.

Audit logs need more context

Logging also needs to be more detailed than standard audit records. Traditional logs may show that a user or system accessed a file, changed a record, or triggered an action, but agentic AI requires more context.

Enterprises should be able to log which agent acted, who or what authorised it, and what data it accessed. They should also record what permissions were used, what instruction or workflow triggered the action, and which systems were affected.

Higher-risk use cases require additional records. Hardman said organisations should capture enough context to reconstruct why an agent acted. That record should include the policy, prompt, approval step, or business rule behind the action. Data lineage is also important when an agent uses information from multiple sources.

“Auditability is not only about compliance after the fact,” Hardman said. “It is also about operational control if something needs to be contained, reversed or remediated.”

AI agents need their own identities

Identity and access management also needs to change when the “user” is an AI agent. Hardman said enterprises should treat agents as identities in their own right.

Each agent should have a defined purpose, scope, and permission set. Organisations should also know who the agent is acting on behalf of and when its permissions should expire or be revoked.

Agents should not inherit broad human permissions or operate through shared credentials. That approach can make it harder to trace actions, enforce policy, or contain a problem when something goes wrong.

“The principle of least privilege becomes even more important with agentic AI,” Hardman said.

Agents should only access the data and systems required for a specific task. Higher-impact actions should require additional controls or human approval.

Recovery has to go beyond backups

Recovery planning also needs to extend beyond backup and disaster recovery. If an agent changes the wrong data or triggers an unintended workflow, the organisation first needs to understand the full chain of action.

That includes identifying which agent acted, what data it used, which systems it touched, whether downstream processes were triggered, and whether approval controls were bypassed or misapplied.

Containment may involve suspending the agent, revoking permissions, isolating affected systems, restoring trusted data states, and reversing or remediating affected workflows where possible.

Hardman said resilience planning for agentic AI should include versioning, data lineage, and rollback processes. Incident playbooks and kill-switch mechanisms are also needed for higher-risk systems.

Backup and disaster recovery remain necessary. However, they do not address the full operational impact of an agent acting across enterprise workflows.

APAC firms face fragmented data environments

Organisations in APAC and Southeast Asia face an added challenge because many are still modernising hybrid infrastructure, legacy systems, and siloed data environments while adopting AI.

Hardman said the practical first step is to use bounded cases where data sources, permissions, actions, and escalation points are clearly defined. Organisations should also map and classify critical data. That means understanding where sensitive information sits, who owns it, and which systems depend on it.

Least-privilege access should be applied from the start. Logging and recovery planning should also be strengthened before agents are deployed into more critical workflows.

Hitachi Vantara’s recent research into financial institutions found that data growth is the top storage priority among respondents, but only 10% prioritise AI-ready storage and data platforms. The same research found that 9% prioritise centralised data hubs for governance, reporting, AI/ML, and reuse.

Hardman said organisations should strengthen data infrastructure, governance, and resilience before expanding agent access to critical workflows.

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology eventsclick here for more information.