TL;DR: Autonomous AI agents are already executing approvals, supplier negotiations, and payment changes through valid credentials, but the real governance gap is that current identity systems cannot verify human intent or preserve meaningful accountability, according to iProov. The core failure is architectural: delegation models still assume a human is the acting entity, even when machines are making consequential decisions.
NHIMG editorial — based on content published by iProov: Autonomous AI agents and the accountability vacuum
Questions worth separating out
Q: How should organisations govern autonomous AI agents that can make business decisions?
A: They should govern them as attribution problems, not just access problems.
Q: Why do strong authentication methods still fail to solve agent accountability?
A: Because authentication proves a subject was present, not that the subject intended a specific downstream action.
Q: What breaks when autonomous agents act through legitimate credentials?
A: The governance chain breaks because a valid credential no longer guarantees that a human made the consequential decision.
Practitioner guidance
- Map every agent decision path to a human owner Identify where autonomous systems can approve invoices, change payment terms, or trigger supplier workflows, then assign a named accountable human for each action class.
- Require intent-verified approval for consequential actions Do not treat authentication as approval.
- Separate policy compliance from execution authorisation Review where current workflows allow a model to follow policy language without a human confirming the business intent.
What's in the full article
iProov's full blog post covers the operational detail this post intentionally leaves for the source:
- The presentation logic for tying specific agent actions back to a verified human identity.
- The RSA Conference demo context and how the author says the approach applies to enterprise workflows.
- The consumer trust research linkage between deepfakes and enterprise AI accountability.
- The article's detailed discussion of human-in-the-loop binding and decision authorisation.
👉 Read iProov's analysis of agentic AI accountability and human authorisation →
Agentic AI accountability vacuum: what IAM teams need to fix?
Explore further
Human attribution is the broken control premise in agentic AI governance. The article shows that enterprises are delegating decisions to agents while still relying on identity systems built to confirm human presence, not human intent. That means the real failure is not just weak oversight, but the assumption that authentication equals accountability. Practitioners need to treat agent governance as an attribution problem first.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- 33% of organisations report their AI agents have accessed inappropriate or sensitive data beyond their intended scope.
A question worth separating out:
Q: Who is accountable when an AI agent commits an unwanted business action?
A: Accountability should remain with the human or organisation that delegated authority, but only if there is a clear, attributable approval chain. If the workflow lacks binding between person, context, and action, liability can become contested because the record shows execution without meaningful authorisation.
👉 Read our full editorial: Agentic AI governance depends on human attribution, not ceremonial oversight
Human attribution is the broken control premise in agentic AI governance. The article shows that enterprises are delegating decisions to agents while still relying on identity systems built to confirm human presence, not human intent. That means the real failure is not just weak oversight, but the assumption that authentication equals accountability. Practitioners need to treat agent governance as an attribution problem first.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- 33% of organisations report their AI agents have accessed inappropriate or sensitive data beyond their intended scope.
A question worth separating out:
Q: Who is accountable when an AI agent commits an unwanted business action?
A: Accountability should remain with the human or organisation that delegated authority, but only if there is a clear, attributable approval chain. If the workflow lacks binding between person, context, and action, liability can become contested because the record shows execution without meaningful authorisation.
👉 Read our full editorial: Agentic AI governance depends on human attribution, not ceremonial oversight