Agentic AI Governance

Current understanding

The corpus treats agentic AI as a step-change in governance, not a continuation of LLM compliance. Governing Agentic AI - some thoughts on best practice makes the framing explicit: agentic systems don't wait for prompts — they anticipate, plan, and act. Existing AI governance was built on a request-response mental model that no longer fits. The Icarus Directive: Fly, But Not Too High! argues the failure mode is altitude: agents promise escape from process labyrinths but the question is who is checking how high they fly. AI Governance: Ethics, Agents & the Human Question surfaces a striking consensus across roles (GC, enterprise AI lead, Big Law partner) on what matters — primarily auditability and human oversight points. The most concrete contribution comes from OpenMandate: Governing AI Agents by Authority, Not Instruction , which proposes runtime enforcement of agent authority — governance by *what an agent is allowed to do*, not by what it was told to do. This is a fundamentally different stance: instead of trusting the prompt, you bound the action surface. How To Train Your Agent looks at the Skills standard as a related move toward declarative agent capability. Permissionless paints the broader picture: when agents work, the world reshapes around them in ways most lawyers aren't watching for. There's a sub-theme on agent risk that overlaps with security: AI Security & Agentic Risk with Rok Popov Ledinski frames this as a discipline of its own — what enterprise security teams need to understand about agent attack surfaces.

Tensions

• Prompt-time vs runtime governance: do you constrain what agents are told, or what they can do? OpenMandate argues the latter; most governance frameworks still focus on the former.
• Auditability of agent decisions vs the natural opacity of LLM reasoning. How much explanation is enough for legal accountability?
• Who governs agents that interact with other agents? Cross-organizational agent traffic is barely discussed yet.
• Most agentic governance writing comes from vendors and consultants. Practising in-house teams are largely silent — possibly because they haven't deployed enough agents to have informed opinions yet.

Mino relevance

Mino's small-focused-agents-one-task-each architecture is *itself* a governance pattern: each agent has narrow scope, limited blast radius, and a verifiable purpose. This is a Mino-native answer to the agentic governance problem and worth saying loudly in messaging — "governance through scope, not through prompts." When selling to firms with mature governance functions, this becomes the lead. Adjacent product opportunity: a per-agent capability manifest (in the OpenMandate spirit) that compliance teams can review before enabling.

• The Defensibility Question
  Law What's Next · May 19, 2026
• AI Security & Agentic Risk with Rok Popov Ledinski
  Law What's Next · Mar 6, 2026
• OpenMandate: Governing AI Agents by Authority, Not Instruction
  Law What's Next · Mar 2, 2026
• AI Governance: Ethics, Agents & the Human Question
  Law What's Next · Feb 25, 2026
• The Icarus Directive: Fly, But Not Too High!
  Law What's Next · Feb 23, 2026
• Governing Agentic AI - some thoughts on best practice
  Law What's Next · Feb 20, 2026
• How To Train Your Agent
  Law What's Next · Feb 9, 2026
• When will legal vibe like code?
  Law What's Next · Feb 3, 2026
• Permissionless
  Law What's Next · Dec 16, 2025