AI governance is quickly becoming the deciding factor in whether agentic AI creates real business value—or quietly introduces new operational and reputational risk. As enterprises scale AI agents beyond pilots, the core question shifts from “Can this agent do the task?” to “Who is in charge, and how is this controlled?”
In a conversation on The Peggy Smedley Show, Andreas Welsch—an AI leadership expert and Chief Human Agentic AI Officer at Intelligence Briefings—outlined what leaders should understand about AI agent control planes, lifecycle management, and the guardrails required to scale responsibly.
Original source:
The Peggy Smedley Show
The discussion is especially relevant for CEOs, CIOs, CTOs, and CHROs facing board-level pressure to define an AI strategy—while also ensuring agentic AI does not become a “free-for-all” of tools, access permissions, and invisible failure points.
Executive Summary
- AI governance becomes critical as enterprises scale agentic AI beyond pilots.
- A control plane provides visibility into what agents exist and what they can do.
- Agents require lifecycle management: creation, monitoring, maintenance, and retirement.
- Guardrails must reduce risk without stifling innovation.
- Training, sandboxes, and close monitoring reduce “bad call” impact.
Key Takeaways
- Welsch emphasizes that the enterprise challenge is control, not capability.
- Leaders need visibility into agents, access rights, ownership, and performance.
- Without guardrails, deploying agents resembles “inviting any stranger from the street” into the office.
- Agent governance should include identity, verification, and clarity on read/write access.
- Agent lifecycle management is not “once-and-done”; knowledge and policies change.
- Many agents will be retired or subsumed into larger constructs within months.
- Cross-functional collaboration is essential; AI is not just an IT problem.
What is AI governance?
AI governance is the set of leadership practices and operational controls that determine how AI systems are introduced, managed, monitored, and updated inside an organization. In the context of agentic AI, governance clarifies which agents exist, what systems and data they can access, who is responsible for them, and how performance and risk are managed over time.
As Welsch describes it, governance is how leaders maintain visibility and guardrails while still enabling innovation—especially when multiple agents interact across workflows and failures can compound from one step to the next.
AI Governance Starts with a Control Plane Leaders Can Understand
Welsch explains an AI agent control plane in practical business terms: it is the mechanism that gives leaders visibility into which agents exist, who built them, what they are allowed to do, what systems they can access, and how well they are working.
This visibility matters beyond IT. As the C-suite pushes AI into business functions—and boards ask CEOs about AI strategy—leaders need a way to answer basic governance questions: Which agents are active? Are they reading or writing data? Are they producing trustworthy results?
Key Insight: Welsch positions the control plane as executive visibility: what agents exist across functions, what access they have, and whether outcomes can be trusted—so scaling agentic AI does not create unmanaged risk.
In the conversation, Welsch points to IBM’s Watsonx Orchestrate (discussed at IBM Think) as an example of how vendors are positioning orchestration platforms as a control plane for agent ecosystems.
Agents Are Software—But the HR Analogy Helps Operationalize Governance
Welsch makes an explicit distinction: agents are software—components, code, algorithms—not humans. Yet, he argues the HR analogy is still useful to shorten the governance learning curve.
In The Human Agentic AI Edge, Welsch describes organizations as “inviting new digital workers” into the workplace. Without guardrails, he compares it to letting a stranger into the office without ID, background checks, or role-based permissions.
Key Insight: Welsch recommends borrowing familiar “hire to retire” thinking to structure agent governance—defining roles, access, and ownership—while still acknowledging agents are software, not employees.
That analogy leads to practical governance requirements: identity, verification, and role clarity for what an agent is trusted to do, especially in regulated or high-risk business processes.
The AI Agent Lifecycle: From Creation to Retirement
Welsch frames agent deployment as a lifecycle—creation through retirement—and argues risks appear at every stage. He suggests mapping lifecycle steps to a well-understood enterprise process model: identify the business need, build with stakeholders, deploy with controls, maintain and review, then retire and replace when appropriate.
He highlights that agents can handle variation better than strict rule-based systems, making them suitable for processes that are repetitive but still have complexity and variance.
Example used in the discussion: an agent that supports HR operations such as reporting or candidate scheduling, with explicit decisions on what information it can read or write.
Key Insight: Welsch stresses that lifecycle governance must include maintenance: policies, data, and decisions change, so agent performance and recommendations must be reviewed and updated—rather than treated as a one-time software deployment.
On retirement, Welsch shares a concrete observation from a conversation with an AI and automation leader at a large communications firm: at least half the agents built over 12 months no longer existed, having been retired or subsumed into larger constructs.
Guardrails Before Scale: Register, Manage, and Assign Responsibility
Welsch argues governance must be established before scaling an agentic AI program. If agent building becomes a “free-for-all,” reintegrating teams and enforcing standards later becomes significantly harder.
Importantly, he does not call for heavy bureaucracy. The goal is not a “50-page document and rule book,” but clear guidelines that make governance operational: what agents are expected to do, how they are registered, how they are brought under management, and who owns them.
Key Insight: Welsch’s governance principle is lightweight structure early: define standards, registration, and ownership up front so organizations can scale agentic AI with clarity and fewer operational headaches.
When an Agent Makes a Bad Call: Training, Sandboxes, and Monitoring
A central concern raised in the conversation: what happens when an agent makes a bad call or an expensive mistake, and who is accountable? Welsch’s response focuses on practical risk reduction rather than abstract debate.
First, he recommends not starting with the highest-risk use cases (for example, workflows that initiate payments). Instead, organizations should build competence gradually through training and enablement, particularly if citizen development is encouraged.
Second, Welsch recommends sandboxes where agents can be developed against dummy or test data. That allows teams to observe failures without harming real systems.
Third, when moving to production with real systems and data, Welsch emphasizes close monitoring—especially in the first weeks—using a more “human in the loop” posture to review, confirm, and correct outputs until confidence increases.
Key Insight: Welsch’s operational approach to accountability is staged trust: train builders and users, test in sandboxes, then monitor tightly in early production—so human review catches errors before agents gain broader autonomy.
He likens this maturity path to onboarding an intern: responsibility grows only after demonstrated competence and repeated observation of how the work is performed.
Managing Multi-Agent Complexity and Blind Spots
As agents proliferate, Welsch warns that complexity grows exponentially—not linearly—because multiple agents interact across workflows, access different data sources, and pass outputs from one “hop” to the next.
This matters for governance because failures can compound. A weak recommendation at one step becomes an input at the next step, creating blind spots that are difficult to detect without visibility, monitoring, and clear ownership.
In this context, Welsch’s control-plane framing becomes essential: leaders need an operational view of what agents are doing, what they have access to, and where risk accumulates across a workflow.
Certifying Agent “Skills”: Identity, Trust, and Verification
Welsch notes an emerging idea discussed at IBM Think: verifying and certifying agent capabilities. He references Pearson’s CTO Dave Ted, who described work on certifying agent skills using digital badges and credentialing tools (including Credly, which Pearson owns).
In Welsch’s framing, this is a governance step toward making agents “trusted” and “verified” with clearly defined capabilities and access boundaries—so organizations can make informed decisions about deploying agents into workflows.
Key Insight: Welsch highlights certification as a trust mechanism: testing and verifying agent capabilities and access can help organizations decide which agents are safe to introduce into critical workflows.
Why Cross-Functional Collaboration Is Non-Negotiable
The conversation repeatedly returns to one theme: enterprise AI cannot be solved inside a single function. Welsch says it was encouraging to hear leaders describe working across functional silos, with an AI leadership role coordinating threads across HR, finance, supply chain, sales, and other departments.
He also ties this to his earlier work in The AI Leadership Handbook, which reflects insights gathered from conversations with more than 60 AI leaders. The consistent message: AI is not just a tech problem; it becomes an everyone problem that requires coordination and shared standards.
Within the broader IBM Think event context, the show referenced examples about data and organizational collaboration (including mentions of Andre Agassi, Cleveland Clinic, and Ramco), reinforcing the enterprise reality: value emerges when data, workflows, and teams connect.
Leadership Implications
- Stand up AI governance early. Establish lightweight guardrails, standards, and registration before agent sprawl occurs.
- Demand control-plane visibility. Ensure leaders can see which agents exist, ownership, access rights, and performance.
- Operationalize lifecycle management. Plan for continuous maintenance, review, and retirement—not one-time deployment.
- Invest in workforce enablement. Train users expected to build or operate agents; do not assume intuitive competence.
- Stage trust to reduce risk. Use sandboxes, then tightly monitored production rollouts with human review until performance is proven.
Why This Conversation Matters
This discussion took place on The Peggy Smedley Show, a business and technology program focused on the connected world and responsible innovation. The audience—executives and technology leaders—matches the core stakeholder group now accountable for scaling agentic AI responsibly.
Welsch’s perspective connects AI leadership and workforce transformation to day-to-day operating decisions: visibility, access management, training, monitoring, and ongoing maintenance. Rather than centering on model hype, the conversation centers on AI governance as the practical discipline that keeps agentic AI valuable, safe, and aligned to business outcomes.
FAQs: AI Governance and Agentic AI in the Enterprise
What is an AI agent control plane?
An AI agent control plane is a management layer that provides visibility into enterprise agents, including what agents exist, who built them, what systems they can access, and how well they perform. It supports AI governance by making agents observable and controllable.
In the conversation, Andreas Welsch describes this as valuable for leaders beyond IT, because it clarifies permissions (read vs. write), ownership, and trust.
Why should CEOs and boards care about AI governance for agents?
CEOs and boards should care because scaling agentic AI shifts risk from isolated tools to enterprise workflows, where mistakes can become expensive and difficult to detect. AI governance ensures leaders know which agents operate, what access they have, and who is accountable.
Welsch frames the core challenge as control, not capability—especially as agents become more autonomous.
Are AI agents “digital workers” or just software?
AI agents are software—code, components, algorithms—and should not be treated as humans. However, Andreas Welsch says HR analogies still help operationalize AI governance by clarifying identity, permissions, and lifecycle steps, similar to how organizations manage employees.
This framing helps leaders set guardrails without overstating what agents are.
What does the AI agent lifecycle look like in practice?
The AI agent lifecycle runs from identifying a business need, to building and deploying an agent, to maintaining it as data and policies change, and finally to retiring or replacing it. Welsch emphasizes lifecycle management as a core AI governance requirement for agentic AI.
He notes many agents may be retired within a year as processes and capabilities evolve.
What guardrails should be in place before scaling agentic AI?
Before scaling, guardrails should define what agents are meant to do, how they are registered, how they are brought under management, and who is responsible. Welsch advises lightweight structure early rather than a heavy rulebook, enabling AI governance without slowing innovation.
These basics prevent “free-for-all” agent sprawl that is hard to control later.
Who is accountable when an AI agent makes a bad decision?
Accountability depends on process risk and how the agent is deployed, but Welsch emphasizes reducing bad decisions through staged trust. Training, sandbox testing, close early monitoring, and human review in production help organizations manage accountability as part of AI governance.
He recommends not starting with high-risk actions like initiating payments.
How can organizations prevent blind spots in multi-agent workflows?
Organizations prevent blind spots by maintaining visibility into what each agent does, what data it accesses, and how outputs flow across workflow steps. Welsch warns failures can compound across agent “hops,” making a control plane and monitoring essential elements of AI governance.
This is especially important as agent ecosystems scale across the enterprise.
Why is training and upskilling essential for AI adoption with agents?
Training is essential because many organizations expect business users to build or operate agents through copilots and similar tools, which increases operational risk without enablement. Welsch says upskilling and user education are foundational to responsible AI adoption and effective AI governance.
This is particularly relevant when agent-building is democratized via citizen development approaches.
Why does cross-functional collaboration matter for AI governance?
Cross-functional collaboration matters because agentic AI spans HR, finance, supply chain, sales, and IT—so isolated governance fails. Welsch notes organizations succeed when an AI leadership role coordinates standards and workflows across functions, reflecting that AI is “an everyone problem.”
This collaboration helps prevent siloed deployments and conflicting practices.
Conclusion
As agentic AI moves from experimentation to enterprise-scale deployment, AI governance becomes the real differentiator. Andreas Welsch’s message is practical: establish guardrails early, create control-plane visibility, manage the full lifecycle, and build staged trust through training, sandboxes, and monitoring.
Done well, governance enables innovation without letting risk accumulate unnoticed across multi-agent workflows—keeping agentic AI aligned to business outcomes and workforce transformation.