TL;DR: Governed context improved agent accuracy from 62% to 92% in a KU Leuven test, while ungoverned agents answered confidently wrong on definition-dependent questions and burned more compute, according to Collibra. The deeper issue is assumption collapse: access control and data governance models built for fixed truth sources fail when agents reason across fragmented ontologies at runtime.
At a glance
What this is: This analysis argues that AI agents need a neutral, governed context layer because fragmented enterprise definitions produce confident wrong answers, wasted compute, and regulatory risk.
Why it matters: For IAM and governance teams, the lesson is that identity is only half the control problem because agents also need trusted context, policy, and accountability across platforms.
By the numbers:
- 92% right.
- 62%.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
👉 Read Collibra's analysis of context gravity and AI agent governance
Context
AI agent governance fails when the enterprise has no single, governed place where business meaning lives. In this article, context means the definitions, lineage, and quality signals that tell an agent what customer, revenue, or active user actually mean across systems.
The problem is not limited to one catalog or one cloud. When each platform carries its own version of truth, agents inherit contradictions instead of governance, which creates wrong decisions, higher compute cost, and compliance exposure across NHI, autonomous, and human identity programmes.
That is why context cannot be treated as a local feature of a data platform. For organisations already thinking about identity as an execution layer, the missing piece is governed meaning that travels with the agent regardless of where it runs.
Key questions
Q: How should security teams govern AI agents that reason across multiple data platforms?
A: Security teams should govern the meaning layer, not just the access layer. That means defining shared business terms, lineage, and quality signals centrally, then making sure agents retrieve that context at runtime across every platform they touch. Without that control, the same agent can reach different conclusions from the same data.
Q: Why do fragmented ontologies create risk for AI agents?
A: Fragmented ontologies give agents multiple, incompatible definitions of the same business term. Humans can reconcile that conflict through discussion, but agents will combine the fragments into one answer and act on it. The result is confident error, wasted compute, and compliance exposure.
Q: What breaks when AI agents rely on platform-specific catalogs for context?
A: What breaks is enterprise consistency. A platform-specific catalog can describe data accurately inside its own environment while still leaving the rest of the estate outside its semantic boundary. Agents then reason from partial truth, which makes cross-platform workflows unreliable and difficult to audit.
Q: Who should own governed context in an AI operating model?
A: Governed context should sit with the teams responsible for enterprise data definitions, policy, and access governance, not only with the platform running the model. The control has to travel with the agent across systems, because the risk appears when reasoning crosses boundaries, not when the model is trained.
Technical breakdown
Ontology fragmentation in multi-platform AI agent environments
An ontology is the shared business vocabulary that lets systems interpret data consistently. In fragmented estates, each cloud catalog, warehouse, or SaaS platform encodes its own version of key terms such as customer, revenue, or active user. AI agents do not resolve those differences the way a human analyst might in a meeting. They retrieve, combine, and infer from whatever definition is nearest at runtime, which makes inconsistent ontologies a direct input to incorrect reasoning rather than a documentation problem.
Practical implication: treat ontology governance as runtime control, not metadata cleanup.
Why governed context changes agent answer quality
Governed context works because it supplies definitions, lineage, and quality signals at the moment a question is asked. That changes the agent’s decision path before inference begins, reducing the chance that it will anchor on the wrong column, label, or stale business term. The KU Leuven test shows the difference clearly: the same model and data produced materially better results when governed context was present. This is not about making the model smarter. It is about constraining its interpretation space.
Practical implication: measure answer quality with context enabled and disabled, not just model performance.
Context gravity and neutral control planes
Context gravity is the tendency for governed meaning to accumulate around the platform that hosts it, just as data gravity pulls workloads toward storage. If the context layer sits inside one vendor ecosystem, the enterprise inherits that vendor’s definitions and coverage limits. Neutral control planes matter because agents often operate across Databricks, Snowflake, BigQuery, SaaS applications, and on-prem systems in the same workflow. A neutral layer avoids turning enterprise meaning into another form of platform lock-in.
Practical implication: prefer a platform-agnostic context layer that spans the full estate.
NHI Mgmt Group analysis
AI agent governance fails when enterprise meaning is fragmented across platforms. The article shows that each catalog can be internally consistent while still disagreeing with the rest of the organisation. That means the governance problem is not isolated bad data, but contradictory definitions that agents will combine into one answer. For practitioners, this elevates context consistency to a first-class control objective across IAM, data governance, and agent oversight.
Governed context is an execution control, not a documentation layer. The KU Leuven experiment demonstrates that definitions, lineage, and quality signals change answer quality at the point of reasoning. That makes context part of the control plane for agent behaviour, because the same model can produce materially different outputs depending on what meaning it can retrieve. Practitioners should treat context retrieval as part of policy enforcement, not an afterthought.
Context gravity creates a new form of platform lock-in at the intelligence layer. The article’s neutral-layer argument is not about preference, but about dependency. If the enterprise meaning layer lives inside one vendor’s catalog, agents will reason from that vendor’s boundaries even when the business does not. For identity programmes, that means governance must follow the agent across platforms instead of sitting inside one environment.
Access review models assume the identity layer is the hardest problem, but autonomous reasoning makes context the harder one. AI agents can have the right entitlements and still produce wrong decisions if the meaning layer is fragmented. The assumption that access alone governs risk was designed for environments where data meaning was relatively stable and human mediated. That assumption fails when the actor is an AI agent because it combines data across systems at runtime and acts on the result. The implication is that identity governance and context governance can no longer be separated.
Governed context becomes the source of permission in the agent era. The article is effectively describing a shift from system-of-record control to system-of-decision control. That means enterprise governance will increasingly be judged by whether an agent can act on a consistent, provable interpretation of data, not just whether it can reach the data. Practitioners should expect context stewardship to move closer to access governance, lineage, and policy enforcement in the operating model.
From our research:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to The 2026 Infrastructure Identity Survey.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to The 2026 Infrastructure Identity Survey.
- For a broader control-plane view, compare this with Ultimate Guide to NHIs , Why NHI Security Matters Now, which frames why non-human governance is becoming a board-level issue.
What this signals
Context governance is now part of identity governance. If an AI agent can only be judged by the permissions it holds, organisations will miss the bigger failure mode, which is that the agent is reasoning from inconsistent meaning. With 70% of organisations already granting AI systems more access than human employees for the same job, per The 2026 Infrastructure Identity Survey, the control problem is expanding from privilege to interpretation.
Context gravity: the enterprise tendency for business meaning to cluster around one platform and pull agents into its semantic boundary. That creates a new dependency for governance teams, because the agent is no longer just consuming data, it is inheriting the platform's definitions and omissions.
This is where NIST Cybersecurity Framework 2.0 is directionally useful for governance teams, because identify, protect, detect, respond, and recover all need to be applied to agent context as well as to the underlying data estate. The practical move is to treat semantic consistency as a security outcome, not just a data quality metric.
For practitioners
- Map high-value business terms across platforms Identify where customer, revenue, active user, and similar terms diverge across CRM, warehouse, SaaS, and legacy systems. Use the mapping to prioritise the definitions that cause the most agent error and compliance risk.
- Test agent output with and without governed context Run the same questions through your preferred model with governed definitions, lineage, and quality signals enabled and disabled. Compare answer accuracy, reasoning depth, and token use to expose where context is doing real governance work.
- Separate platform metadata from enterprise meaning Do not assume a cloud catalog automatically gives you a neutral enterprise ontology. Establish a governance model that can serve multiple data platforms without inheriting one vendor's semantic boundaries.
- Tie context controls to identity and policy ownership Assign ownership for definitions, lineage, and access limits to the same operating model that manages agent permissions. When AI agents span systems, the meaning layer and the identity layer must be governed together.
Key takeaways
- AI agents can be technically well-privileged and still produce wrong outcomes when enterprise definitions are fragmented across platforms.
- Governed context changes answer quality at runtime, which makes meaning a control-plane issue rather than a documentation issue.
- Security and IAM teams should align identity, policy, lineage, and business definitions so that agents act from one governed truth across the estate.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent reasoning from fragmented context creates runtime governance risk. | |
| NIST AI RMF | The article centers on governance for AI decision-making and contextual trust. | |
| NIST CSF 2.0 | GV.RR-01 | The post argues for governance ownership of context and identity across platforms. |
Define ownership for context quality, model behaviour, and accountability under the GOVERN function.
Key terms
- Governed Context: Governed context is the managed set of definitions, lineage, and quality signals that tells a system what data means before it reasons over it. In agentic environments, it prevents the model from inferring from inconsistent platform-specific labels and turns meaning into an enforceable control point.
- Ontology Fragmentation: Ontology fragmentation is the state where different systems use different definitions for the same business term. It becomes a security and governance problem when AI agents combine those fragments into one answer, because the agent cannot reconcile contradictions the way a human analyst might.
- Context Gravity: Context gravity is the tendency for governed meaning to accumulate around the platform that hosts it, pulling agent reasoning toward that platform's definitions and boundaries. The more control the vendor platform has over semantics, the more difficult it becomes to maintain enterprise-wide consistency and neutrality.
- Enterprise AI Control Plane: An enterprise AI control plane is the governance layer that sits above models and platforms to control context, policy, and accountability for AI actions. It is not a model or a catalog, but the operating layer that determines what agents can interpret and do across the estate.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Collibra: Data has gravity. Context does too. Read the original.
Published by the NHIMG editorial team on 2026-06-18.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
