Search

Everyone Is Asking What AI Can Do. Few Are Asking Who Is Accountable.

2 days ago
6 min read

Before Deciding What Your AI Agent Can Do, Decide Where Its Authority Ends

Everyone seems to be talking about AI agents.

Depending on who you ask, they are the next major leap in productivity. They can schedule meetings, process invoices, review contracts, answer customer enquiries, coordinate workflows, and increasingly interact with other systems with minimal human intervention. For organisations constantly trying to do more with less, the appeal is obvious. If an AI agent can handle work that previously required human involvement, why wouldn't we want to deploy it?

Most of the conversations I hear revolve around capability. How much can we automate? How many hours can we save? How much faster can we respond to customers? How much productivity can we unlock?

These are perfectly reasonable questions. In fact, they are often the first questions organisations should ask whenever a new technology emerges.

But while reading IMDA's recently released Model Governance Framework for Agentic AI, I found myself becoming increasingly interested in a different question.

Not what AI agents can do.

But what they should be allowed to do.

The distinction may sound subtle. I don't think it is.

Imagine arriving at work tomorrow morning to discover that an AI-powered claims system has just rejected a legitimate insurance claim worth a million dollars. The customer is furious. Senior management wants answers. Perhaps the regulator wants answers too.

Somewhere in the discussions, somebody asks a simple question.

"Who approved this decision?"

The answer sounds straightforward until you try to answer it.

The AI made the recommendation. The workflow was configured by a project team. The technology came from a vendor. The deployment was approved by the business. The customer experienced the outcome.

Suddenly, responsibility feels much harder to locate than anyone expected.

That is the thought that stayed with me while reading the framework. Not whether AI agents are powerful. That much is becoming increasingly obvious. Not whether they can create value. Many organisations are already proving that they can.

The question that interested me was whether we are becoming so focused on capability that we are overlooking something equally important.

Authority.

The Conversation Most Organisations Are Having

One reason I find this topic fascinating is that there is absolutely nothing wrong with the current excitement surrounding AI.

Every major technological shift begins with possibility.

When spreadsheets became mainstream, people became excited about faster calculations. When the internet emerged, people became excited about connectivity. When cloud computing became widely adopted, organisations became excited about scalability. Today, organisations are excited about automation.

That excitement is justified.

AI agents have the potential to remove repetitive work, reduce administrative burden, improve responsiveness, and free people to focus on higher-value activities. Any leader would be interested in exploring those opportunities.

The problem is not that organisations are discussing capability.

The problem is that capability tends to dominate the conversation so completely that other questions struggle to get airtime.

As AI agents become more capable, we naturally start asking what else they can do. Could they process more transactions? Handle more customer requests? Manage more workflows? Interact with more systems? The discussion quickly expands from today's possibilities to tomorrow's opportunities.

Yet every additional responsibility granted to an AI agent is, in some form, a transfer of authority.

That is where the conversation becomes more interesting.

Because authority has consequences.

The moment a system moves beyond providing information and begins taking actions on our behalf, the discussion is no longer only about productivity. It becomes a discussion about oversight, boundaries, escalation, and accountability.

Those conversations are less exciting than automation discussions. They rarely appear in product demonstrations. Vendors do not lead with them. They are unlikely to generate headlines.

Yet they may ultimately determine whether an AI deployment becomes a success story or a governance headache.

We Already Know How To Manage Authority

The irony is that organisations already know how to solve this problem.

We solve it every day with people.

Imagine hiring a new employee tomorrow.

No responsible organisation would hand that employee unrestricted access to financial systems, customer records, purchasing authority, operational decision-making, and external communications on their first day. Not because the employee lacks potential. Not because we do not trust them. But because authority without boundaries creates risk.

Instead, we establish responsibilities. We define reporting lines. We create approval limits. We decide which decisions can be made independently and which require escalation. We provide training. We monitor performance. As trust grows, authority expands.

In other words, authority and boundaries are designed together.

The more authority someone receives, the more carefully those boundaries are considered.

The more I reflected on the IMDA framework, the more I realised how different many AI discussions sound.

The first question is often:

"What can the AI do?"

At first glance, that seems perfectly reasonable.

But imagine asking the same question about a new employee.

What can they do?

Everything?

Anything?

Whatever they are capable of?

Most leaders would immediately recognise the flaw in that thinking. Capability alone has never been sufficient justification for authority.

Authority has always required context.

It has always required oversight.

It has always required accountability.

Yet many organisations appear to be approaching AI agents from the opposite direction. We begin with capability and only later start discussing governance, intervention, escalation, and responsibility.

The framework quietly challenges that sequence.

Throughout the document, there is a recurring emphasis on operating boundaries, human oversight, risk controls, intervention mechanisms, and accountability structures. The message is not anti-innovation. It is not anti-AI.

If anything, it is remarkably practical.

Before granting authority, define the boundaries within which that authority can safely operate.

That sounds obvious when applied to people.

It becomes surprisingly easy to overlook when applied to technology.

One of the most interesting aspects of the framework is that it repeatedly discusses AI agents interacting with tools, systems, services, and workflows that can influence real-world outcomes.

This is not the same as asking a chatbot to summarise a document.

This is not the same as generating an email draft.

These systems may eventually be authorised to initiate actions, make operational decisions, and interact with external systems on behalf of organisations.

That is precisely why the conversation matters.

The question is no longer whether the technology is impressive.

The question becomes whether organisations have clearly defined where authority begins, where it ends, and what happens when something unexpected occurs.

Perhaps The Question Is Not Whether AI Is Ready

Interestingly, one of the greatest risks may not emerge when AI fails.

It may emerge when AI succeeds.

When systems perform consistently well, people naturally begin trusting them. Recommendations appear sensible. Outcomes seem reasonable. Confidence grows. Over time, scrutiny decreases because the system has earned credibility.

This is not unique to AI.

Drivers trust navigation systems.

Pilots trust autopilot systems.

Investors trust automated trading platforms.

Success often creates confidence.

Confidence often reduces scrutiny.

And reduced scrutiny can sometimes create blind spots.

The challenge is not that AI systems will inevitably fail. The challenge is that successful systems can make us forget why safeguards existed in the first place.

This is why governance should not be viewed as bureaucracy. Governance is not the enemy of innovation.

It is the mechanism that allows innovation to scale responsibly. Without governance, organisations may move quickly. With governance, they are more likely to move sustainably.

The more I think about AI agents, the less I worry about whether the technology is ready.

The technology will continue to improve. Capabilities will continue to expand. New use cases will emerge. Organisations will discover new opportunities for automation.

That part feels inevitable.

What feels less certain is whether organisations will invest the same energy in defining boundaries as they do in expanding capabilities.