AI Agent Governance: Why Centralized Approval Backfires

Mandating centralized approval for AI agents pushes them underground where governance can’t reach them. The organizations getting this right make the governed path easier than the ungoverned one.

As AI agents multiply across marketing teams, leaders face a genuine design choice. Not whether to govern agents, but how. Two models dominate the conversation, and most organizations pick one without evaluating what each produces in practice.

When the official approval process takes a week and building an agent independently takes an afternoon, teams choose speed. A marketing ops manager who needs a campaign performance agent running before next week’s leadership meeting isn’t going to wait for a governance committee to meet. They’ll build it with their own API credentials, connect it to the data sources they have access to, and have it running by Thursday. That dynamic shapes everything that follows, regardless of which governance model you choose.

The scale is already measurable. An OutSystems survey of 1,900 IT leaders found that 96% of enterprises run AI agents in production today, but only 12% have any centralized way to manage them (1. OutSystems, 2026). That 84-point gap between adoption and management tells you the governance conversation is already behind the adoption reality.

The Centralized Approval Model

Centralized approval requires every agent to be registered and approved before it runs. A governance committee reviews proposed agents. An approval queue controls what reaches production.

The model has real strengths. When something goes wrong, the approval chain shows who authorized what. Regulatory conversations are cleaner because the decision authority is documented. Executives have clear oversight over what’s deployed. For industries with strict compliance requirements, the language of centralized control maps directly onto auditor expectations. The appeal is legitimate: visible decision authority with a traceable chain.

What it produces in practice is different from what it promises on paper. When the governed path is slower than the ungoverned one, teams route around it. As Max Goss at Gartner observed, employees who can’t work in sanctioned tools “will likely go around the organization’s controls and start using shadow AI which presents far greater risks” (2. Gartner, 2026). The agents don’t disappear because someone wrote a policy. They move outside the system.

Shadow agents carry a specific risk profile that visible sprawl doesn’t. No owners. No logs. No permission boundaries. A Gravitee survey of 919 executives found that 88% of organizations reported confirmed or suspected security incidents from their AI agent fleets in the past year (3. Gravitee, 2026). When incidents involve agents that were never inventoried, the team responsible for cleanup can’t scope the exposure. They end up auditing everything the shadow agent could have touched, which in a marketing stack means CRM records, customer segments, campaign assets, and email lists.

Compliance exposure compounds the irony. Compliance requires auditability: what each agent did, who authorized it, what it accessed. An approval queue creates a bottleneck teams route around, and the agents that route around it leave no trail. The model designed to ensure oversight guarantees a population of agents that can’t be audited.

The cost isn’t that centralized approval is philosophically wrong. It’s that the gap between policy and behavior produces the risk it was designed to prevent.

The Boundary-Based Model

The alternative starts from a different premise. Instead of controlling whether agents launch, control what agents can access.

Build a shared environment where agents automatically inherit access controls, audit trails, and visibility. Define three boundaries for every agent: what data it can read, what systems it can write to, and which actions require a human to approve before execution. This is the coordination layer most stacks are missing . An agent built inside those boundaries is safe by default. The approval bottleneck disappears because the boundaries do the governing.

For a marketing team, the boundaries have clear shapes. An agent that reads campaign performance data and summarizes weekly trends is low risk. An agent that writes directly to your email platform’s segment builder or updates lead scores without review is high risk. The governance model defines which actions flow through automatically and which ones pause. Teams don’t wait for a committee. They build inside a system that enforces the rules for them.

The design logic is friction running in the right direction. When building inside the governed system is easier than building independently, teams use the system because it’s faster, and compliance becomes a side effect of good design rather than an enforcement action.

This model has its own costs. The governed system has to be genuinely good. If it’s clunky, limited, or slower than building independently, teams route around it the same way they routed around the approval mandate. Building a system that’s actually easier to use requires investment in tooling most governance programs don’t budget for. The organizations that succeed treat the governed path as a product their teams are the customers for. If it feels like a compliance checkbox with a login page, it’ll get the same adoption as the approval queue.

The model also trades executive control over individual launch decisions for organizational visibility into agent behavior. Leaders don’t approve each agent. They set the boundaries and monitor what runs inside them. For executives who want the approval chain, that trade feels like a loss of control. For organizations that want actual governance over their agent fleet, it’s the only model that scales.

The Design Decision

Both models carry real trade-offs. Centralized approval gives executives a documented decision chain and regulatory language that maps to auditor expectations. Boundary-based governance gives the organization adoption, visibility, and the compliance records that centralized approval promises but can’t deliver once shadow agents enter the picture.

The question isn’t which model is theoretically better. The question is which trade-off is more dangerous for your organization given your fleet size, regulatory exposure, and team culture. Starting with the right model while the fleet is small costs almost nothing. Gartner projects the average Fortune 500 will run over 150,000 agents by 2028, up from fewer than 15 today (2. Gartner, 2026). Retrofitting governance after sprawl is entrenched costs years. The decision architecture gap is where most of that cost accumulates. Your teams are already building agents. The remaining decision is which governance model matches the reality of how they’ll actually behave.