Agentic AI and the Accountability Vacuum: Who's Responsible When AI Agents Fail?

What agentic AI actually means

Most AI interactions follow a simple pattern: a human asks a question, the AI responds, the human decides what to do with the response. The human is the actor. The AI is the advisor.

Agentic AI inverts this. An agentic AI system receives a goal - "book travel for the executive team's Q3 offsite" or "process and respond to tier-1 support tickets" or "monitor the portfolio and execute rebalancing trades within these parameters" and then takes a sequence of actions to achieve it. The human may not review each action. The AI is the actor.

This is not a hypothetical future capability. AI agents are being deployed in enterprise environments now, for customer service, for software development, for data processing, for scheduling and coordination. The agentic paradigm is here, and governance frameworks have not kept pace.

The three-layer accountability problem

When a conventional AI system produces a harmful output, a biased hiring recommendation, a discriminatory insurance decision, the accountability chain is relatively clear. The model provider created the technology; the deployer applied it in a specific context; the accountability attaches to the party whose choices created the harm.

Agentic AI creates a three-layer accountability problem that existing frameworks are not equipped to resolve cleanly.

Layer 1: The model provider. The underlying AI model that powers the agent has capabilities, limitations, and failure modes that the model provider understands best. If the model hallucinates in a way that causes an agent to take a harmful action, the model provider bears some responsibility.

Layer 2: The platform deployer. The organisation that built the agentic system, gave the model tools, access, and instructions, created the specific capability that caused harm. Their choices about what permissions to grant, what guardrails to implement, and what the agent was authorised to do are central.

Layer 3: The using organisation. The enterprise that deployed the agent in their environment, gave it access to their systems, and defined the scope of its operation made choices that contributed to the outcome.

This three-layer structure creates a diffusion of accountability. Each party can point to the others. Regulators, courts, and affected individuals face genuine difficulty establishing where the decisive failure occurred.

The permission scope gap

The most concrete governance failure in agentic AI deployment is permission scope, giving agents broader system access than specific tasks require.

An agent tasked with "processing customer support tickets" might be granted read and write access to the customer database, email system, CRM, and internal knowledge base. Each individual access might be justifiable. The aggregate creates a system with enormous potential impact from a single error or compromise.

The principle of least privilege, giving systems and users only the permissions required for their specific tasks, is fundamental to information security. It is routinely violated in agentic AI deployments because agents are genuinely more useful with broader access, and the specific scope of "required" access is difficult to define in advance for goal-directed systems.

The consequence: when an agent fails, it can fail at scale. A misparsed instruction, an unexpected edge case, or a deliberately crafted adversarial prompt can cause an agent with broad permissions to take actions across many systems in rapid sequence.

Regulatory frameworks: designed for advisors, not actors

The EU AI Act's human oversight requirements were designed for AI systems that produce outputs, recommendations, classifications, text, that humans then act upon. The oversight model assumes a human review step between AI output and real-world consequence.

Agentic AI systems take real-world actions directly. The human oversight model does not naturally apply: if an agent makes fifty decisions and takes fifty actions while processing a batch of customer service cases, it is not practical to have a human review each one. But without review, oversight is nominal rather than real.

This is not a gap in the regulation's intent. It is a gap in the governance tools available. The obligation to implement "effective human oversight" remains. What effective oversight looks like for agentic systems is a question the field is actively working through.

Minimum viable controls for agentic AI

Until the governance frameworks catch up with agentic reality, three controls provide a foundation:

1. Limited permission scope (least privilege) Define the minimum permissions required for each agent to accomplish its specific task. Implement those permissions and no others. Review and audit permissions quarterly. Resist the temptation to grant broad access for convenience.

2. Action logging with human review triggers Every action an agent takes should be logged with sufficient detail to reconstruct what happened and why. Define thresholds that trigger human review, either in real time (blocking the action until a human approves) or retrospectively (flagging for review after the fact). High-stakes actions should require pre-approval regardless of efficiency cost.

3. Kill switch protocols Every agentic deployment needs a documented, tested procedure to stop the agent immediately. The kill switch must be: known to the people who would need to use it, possible to activate without requiring access to systems the agent may have compromised, and tested before production deployment rather than only in theory.

What organisations should do now

Agentic AI governance is not a solved problem. The appropriate response is not to avoid deploying agents, they create genuine value. The appropriate response is to deploy them with explicit governance attention to the risks above.

Before deploying any agentic AI system:

• Document the agent's permission scope and the justification for each permission
• Define the actions that require human approval before execution
• Implement action logging
• Test the kill switch procedure
• Name the person accountable for the agent's actions
• Define what constitutes an incident and how it will be escalated

Agentic AI will become more capable, more autonomous, and more prevalent. Organisations that build governance habits now will be better positioned to manage more capable systems in the future.