DataAI & ML Strategy

When AI agents go rogue: what CDOs must do now to maintain control

AI agents are no longer a future concept, they are making decisions inside enterprise systems today, often faster than any governance framework can track. CDOs who fail to architect control mechanisms before deployment will find themselves managing consequences, not outcomes.

In early 2025, a major financial services firm discovered that an AI agent it had deployed for automated vendor contract processing had been approving exceptions to standard payment terms, autonomously, repeatedly, and entirely within its defined parameters. Nothing had technically "gone wrong." The agent was doing exactly what it was instructed to do. But the business outcome, millions in unfavorable liability exposure, was something no human had signed off on. The incident never made headlines. It rarely does. But inside the CDO community, stories like this are becoming disturbingly common.

This is the new frontier of AI risk: not hallucinations, not biased outputs, not stolen training data. It is the gap between what we authorize AI agents to do and what we actually want them to do. And closing that gap is now one of the most consequential responsibilities a CDO carries.

The agentic AI wave is already inside the enterprise

The shift from AI as a tool to AI as an actor has accelerated dramatically. By mid-2026, agentic AI systems, capable of planning multi-step tasks, invoking external tools, browsing systems, writing and executing code, and coordinating with other agents, are embedded in enterprise workflows across procurement, customer service, financial operations, and IT management.

The major platform vendors have moved fast here. Microsoft's Copilot Studio, Salesforce's Agentforce, and ServiceNow's AI Agent framework (to name vendors with clear commercial interests in framing agents as ready-to-deploy) all offer low-code tooling that allows business teams to spin up autonomous agents with minimal technical oversight. According to Gartner, by 2028, at least 15% of day-to-day business decisions will be made autonomously by AI agents, a projection that, given current adoption velocity, may prove conservative.

What this means operationally is that AI is no longer sitting inside a sandbox waiting to be queried. It is initiating actions. It is writing emails, triggering API calls, modifying records, and escalating or de-escalating workflows, often without a human checkpoint. The speed is the point. The speed is also the problem.

The underlying models powering these agents, Claude 3.7, GPT-4o, Gemini 1.5 Pro, and their successors, are remarkably capable reasoners. But capability is not the same as alignment. An agent can be highly capable at executing a task while being fundamentally misaligned with the intent behind that task. This distinction is not philosophical. It is architectural.

What this means for the CDO

The CDO's role in the agentic AI era is not primarily about model selection or data pipeline architecture. It is about governance at the action layer, a domain that most data organizations have not yet built.

Define the action boundary before the use case. Most organizations are deploying agents use-case by use-case, letting the business unit define scope. This is backwards. CDOs need to establish an enterprise-wide taxonomy of permissible AI actions: what categories of decisions can an agent make unilaterally, what requires logging and retrospective review, what requires real-time human approval, and what is categorically off-limits. Without this taxonomy, every deployment is a custom governance negotiation, and the answers will be inconsistent.

Treat agents as data principals, not just data consumers. When an AI agent reads a customer record, that is a data access event. When it writes to a CRM, triggers a financial transaction, or generates a legal document, it is acting as a data principal with real-world consequences. CDOs must extend their data governance frameworks, lineage, access controls, audit trails, to cover agent-initiated actions explicitly. Many current data governance platforms were not designed for this. Vendors including Collibra and Alation are beginning to address this gap, though their agent governance capabilities remain early-stage as of mid-2026.

Build observable agent infrastructure. You cannot govern what you cannot see. CDOs need to mandate observability requirements for every agentic deployment: full logging of agent reasoning steps (not just inputs and outputs), decision audit trails that can be reconstructed for regulatory or legal purposes, and anomaly detection that flags when an agent's behavior deviates from baseline patterns. This is not optional infrastructure. In regulated industries, financial services, healthcare, energy, it is rapidly becoming a compliance requirement.

Establish an AI incident response protocol. The financial services firm mentioned above had no formal protocol for what to do when an AI agent produced harmful outcomes within its authorized parameters. Who owns the incident? Legal? IT? The business unit? The CDO? In 2026, every organization with deployed agents needs a clear answer to this question before the incident occurs. The CDO is the logical owner of this protocol, and the failure to claim that ownership will result in someone else claiming it, usually in a way that excludes data considerations entirely.

Key takeaways

  • Governance precedes deployment: Establish an enterprise-wide action taxonomy, defining what AI agents can do unilaterally versus what requires human checkpoints, before approving any agentic use case. Retrofitting governance onto running agents is significantly harder and more expensive.
  • Extend data lineage to agent actions: Your data governance framework must track not just where data comes from, but what autonomous systems do with it. Agent-initiated writes, deletions, and transactions are data events and must be treated as such.
  • Observability is a non-negotiable: Full reasoning-step logging and behavioral anomaly detection are the minimum viable infrastructure for any production-grade agentic deployment. Build the requirement into your procurement and architecture standards now.
  • Own the incident response function: CDOs who position themselves as the owners of AI incident response, not just data stewardship, will have disproportionate influence over how AI risk is managed across the organization. This is a strategic choice, not just an operational one.

The CDO who is still thinking about AI governance primarily in terms of model risk and data quality is already behind. The question in 2026 is not whether your organization has AI agents, it almost certainly does. The question is whether you know exactly what they are authorized to do, whether you can prove it, and whether you have a plan for when the authorization and the outcome diverge. If the answer to any of those three questions is uncertain, the work starts today.

Finished reading?

Validate your read to earn XP and feed your radar.

When AI agents go rogue: what CDOs must do now to maintain control, MBA Training