Enterprise AI Agent Governance Moves From Written Policy To Enforceable Architecture

Most enterprise governance frameworks for AI agents still live in slide decks and policy documents. They define what agents should and should not do, but they do not enforce it. That gap becomes dangerous when autonomous agents can access sensitive data, make decisions, and act without human involvement. Written policies cannot keep pace with systems that operate inside live enterprise workflows. Trust has to be built into the architecture.

That's the stance of Gregory Baran, Deputy CIO at Tenable, the cybersecurity company known for its vulnerability management and cyber exposure platforms. He founded and chairs Tenable's AI Council, which drives enterprise-wide AI strategy, governance, and adoption across the organization. Before Tenable, he held enterprise technology leadership roles at CEB (now Gartner), Cision, and Laureate Education.

His personal experimentation with agentic AI over the past year, starting with scheduling and household finance agents and scaling to 36 production-grade personal agents, informed a five-part series he published on managing an agent workforce. The enterprise implications, he said, were immediate. "I no longer trust the AI. I trust my guardrails. The issue is not whether AI can access sensitive data. The issue is whether we have built the governance layer and the controls on how it uses that access," Baran said.

The insight came from watching his own agents fail. As one agent became three and three became ten, Baran realized the burning question was whether the controls around the agents could enforce the boundaries he needed. He built what he called a trust ladder: a structured progression where every agent earned access to production data through defined levels, each gated by identity verification, scope constraints, and behavioral monitoring.

• Architectural rules over written policy: "Governance can't just be documentation. It needs to be architectural rules that enforce it," Baran said. "That's why, through my personal experimentation, I built a trust ladder." The approach mirrors how identity and access gateways function in enterprise security: agents initially receive limited permissions and expand their scope only after demonstrating reliability within constraints.

• Onboarding agents like employees: Baran treated each agent as he would a new hire. He started with small amounts of information, limited access, and tight guardrails. As agents proved capable, he expanded their context and permissions incrementally. "We need to provide context. We need to define the intent. We need to define the constraints. We need to define for them what good looks like, just like we do for our teams, our organizations, and our families," he said.

The scaling revealed a second problem. Once Baran crossed roughly 30 agents, the orchestration overhead demanded more human governance, not less. He had seven to eight orchestrators managing 36 agents across different functions, and the coordination burden grew faster than the output gains. The pattern maps directly onto enterprise agent deployments, where organizations discovered that autonomous agents generated enough decisions, errors, and edge cases to require dedicated human oversight.

• Digital labor economics: Baran developed a framework to replace traditional ROI as the primary measure. It evaluated agents across three dimensions: capability (which new functions the agent enabled), execution velocity (how many parallel workstreams a single human could oversee), and decision density (how much actionable intelligence agents surfaced overnight for morning review). "The unit economics of AI execution just changed," he said. "Most leaders haven't noticed it yet."

• New worker, not a better tool: The distinction matters for how CIOs framed the transformation internally. "We didn't get a better tool. We got a new worker." That reframing shifts the conversation from a technology deployment to a business transformation requiring involvement from the Chief People Officer, business unit leaders, and change management functions from day one. Baran noted that the skills organizations needed were already diverging from traditional IT competencies: providing context, defining intent, and reading the room. "These are the things agents can't do," he said.

The competitive advantage, Baran argued, has already moved. It no longer goes to whoever executes fastest. It goes to whoever provides the best judgment sitting above the execution layer. As agentic AI becomes critical infrastructure across the enterprise, CIOs who still treat it as a technology rollout face a widening gap between their governance posture and what agents can actually do with the access they have been given. "These agents don't sleep," Baran said. "Your workforce already produced overnight. Now you're refining and tuning what those agents did and what they do differently going forward."