Govern the Agent, Not the Model. Three Reports Say the Same Thing.
Okta, WGA Advisors, and Precisely/AWS published reports within 72 hours of each other. All three converge on the same structural gap: enterprises govern models, not agents.
By Springvanta
Three reports landed between June 2 and June 4, 2026. Different organizations, different populations, different questions. Same diagnosis.
Okta surveyed 292 executives and 492 knowledge workers across seven countries. WGA Advisors published a seven-layer governance operating model. Precisely convened practitioners from AWS, Northern Trust, and thredUP to talk about data readiness. Nobody coordinated. Everyone said the same thing: you are governing the wrong thing.
Most enterprises built their AI governance around models. They review vendors, assess models for bias, run responsible AI committees. That was necessary work when AI recommended and humans decided. It does not cover what is happening now that AI acts on its own.
90% of executives are confident. Half the workforce uses unapproved tools.
Okta's "AI Agents at Work 2026" survey is blunt. Ninety percent of executives say they have good visibility into AI tools in their organization. Ninety-five percent believe employees use AI responsibly. At the same time, 52% of knowledge workers admit to using AI tools without approval. A quarter do it regularly.
Fifty-eight percent of organizations experienced an AI-related security incident or close call in the past twelve months. Of those, 27% were actual breaches, data exposures, or system disruptions.
Workers who use unapproved tools share more sensitive data with them: 54% share internal messages and emails, 45% share HR information, 39% share confidential company documents. Over 20% hand over login credentials and passwords.
Why do employees bypass sanctioned tools? Eighty percent say it is easier to use their own accounts. Seventy-eight percent say their team already uses the unsanctioned tool and considers it normal. Fifty-seven percent say the official approval process is too slow.
The Okta data puts a number on what WGA Advisors calls the governance gap: enterprises have confidence in controls that were never designed for agents.
A model is a capability. An agent is an actor.
WGA Advisors, in a June 4 article by Executive Managing Director Cara Miller, draws a distinction worth sitting with. Platform governance asks: "Can we trust this vendor and this model?" Agent governance asks: "Who built this agent, what can it actually do, what systems and data does it touch, how many people does it affect, and what happens when it acts wrongly?"
A model gets certified once. An agent has to be governed across its entire working life. Its behavior depends on the tools it is given, the access it holds, and the process it runs inside.
WGA proposes a seven-layer stack: inventory your agents, tier them by blast radius, lock down credentials and access, assign business owners, calibrate human oversight, test and monitor continuously, and govern scaling. Low-risk agents get waved through quickly. Tiering, they argue, is the single biggest accelerator, because it creates a legitimate fast lane for everything that is genuinely low risk while directing scrutiny where it is warranted.
The four-tier model:
- Tier 1: Personal productivity. One user, no write access to systems of record, low-sensitivity data. Register, get basic guidance, self-service.
- Tier 2: Team workflow. Shared within a team, limited system access, moderate data sensitivity. Named owner, security review of access, defined exception handling.
- Tier 3: Departmental operating. Running core processes, writing into live systems, affecting many employees or transactions. Formal cross-functional review, validation before launch, monitoring, kill-switch.
- Tier 4: Enterprise or customer-facing. Touching customers, regulated actions, or enterprise-wide processes. Council-level approval, legal and compliance sign-off, continuous monitoring, rehearsed rollback.
The point is not to add gates. It is to remove them everywhere they are not needed.
"Accelerated garbage in, accelerated garbage out"
The Precisely webinar, also published June 4, comes at the problem from the data side. Antonio Cotroneo moderated a discussion with practitioners from AWS, Northern Trust, and thredUP. The starting statistic: 87% of data and analytics leaders say they have the data readiness needed for AI. At the same time, 43% cite data readiness as one of their biggest barriers.
That contradiction persists because pilot conditions mask production problems. Dhruv Baronia, SVP of Data and Analytics at Northern Trust, put it directly: "Pilots have limited scope. They're small, people are reviewing them while the pilot is running, and if data issues arise, they're typically addressed manually on the spot to keep the pilot running. But really, these issues start arising when you move from pilot to production."
Tamara Astakhova, Senior Partner Solutions Architect at AWS, flagged the shift from static to stateful that most governance frameworks have not caught up with. Traditional AI asks and answers. Autonomous agents maintain persistent memory across sessions. Bad information gets embedded and corrupts decisions across multiple future interactions.
Aniket Mane, VP of Data Platform at thredUP, gave the most concrete account. His team watched a knowledge graph pilot show enormous promise and then fail to scale. They saw a chatbot initiative where the team that moved fastest failed fastest. The team that took the methodical path, the one that did not win the internal hackathon, was the one that eventually reached production and outperformed a commercial alternative.
Baronia again: "Garbage in, garbage out. In the AI agent world, it's accelerated garbage in, accelerated garbage out. The risk compounds very quickly."
What the convergence means
The governance most enterprises built over the last several years governs platforms, models, vendors, data usage, privacy, and bias. It answers the question: is this technology trustworthy enough to bring into the company? That question still matters.
Agents pose a different question. The issue is whether a specific deployed worker is accountable, not just whether the underlying model is responsible.
WGA's 92/44 gap (92% of leaders say governing agents is critical, only 44% have any policy) is the structural version of Okta's 90/52 gap (90% of execs are confident in visibility, 52% of workers use unapproved tools). Precisely's 87/43 gap (87% say data is ready, 43% call it a barrier) is the same pattern on the data side.
Three surveys. Three domains. Same problem: confidence outpacing control.
What to do
WGA's 30/60/90-day plan:
- First 30 days. Build the inventory. Find every agent already running, including those business users created quietly, and classify each into a tier.
- By 60 days. Stand up tiered review and a credential baseline. Name an accountable owner for every Tier 2 and above agent.
- By 90 days. Convene the governance council and run it on live Tier 3 and Tier 4 candidates. Instrument monitoring and kill-switches. Start measuring time from idea to safely deployed agent.
The Precisely practitioners add: stage along two dimensions simultaneously, scope and risk. Start with limited users in co-pilot mode, then gradually expand to low-risk reversible autonomous actions. The team that moved fastest failed first. The team that was methodical and transparent about failures is the one still standing.
Okta's data reinforces why speed matters. The longer you wait to discover shadow agents, the more credentials proliferate, the more sensitive data flows into unapproved tools, and the harder it becomes to answer the questions that define agent governance: where are my agents, what can they connect to, and what can they do.