Deloitte Warns AI Agents Are Outpacing Safety Frameworks

Deloitte has stated there has been an increase in businesses deploying AI agents, which raises issues regarding security, accountability, and data management, especially since the necessary safety procedures are not in place yet.

The warning comes as AI systems quickly transition from pilot programs to full-time operations. From the most recent report of Deloitte, the risk and control models of today are ill-equipped to deal with fully autonomous systems.

Only 21% of the businesses surveyed have applied AI Agents in addition to implementing firm control and oversight, despite the rapid AI Agent adoption. 23% of companies are currently using AI, and Deloitte believes this will rise to 74% in the next 2 years.

Deloitte has stated that most of the risk regarding the technology itself is in the insufficient governance and the lack of appropriate controls. AI agents run opaque with insufficient controls, and as such can make decisions that are hard to audit, oversee, manage, or insure.

“Well-designed agents with clear boundaries, policies, and definitions—managed like any enterprise worker—can move fast on low-risk work while escalating to humans when risk thresholds are crossed.”

Ali Sarrafi is the CEO and Founder of Kovant. He remarked,

“With detailed action logs, observability, and human gatekeeping for high-impact decisions, agents become systems you can inspect, audit, and trust.”

Deloitte noted the gap between tight control and frictionless systems when it comes to real-world business environments, which Sarrafi characterized as a gap between the potential and the risk:

“An agent with too much contextual scope at any given time runs the risk of hallucination and behaving erratically.”

The report state’s identity, access, action, and oversight controls are the most important safety measures.

Deloitte’s Cyber AI Blueprints suggest a tiered autonomy framework with embedded governance, coupled with workforce training to ensure safety.

Deloitte said organisations that prioritise visibility and control, not speed, will be better positioned as AI agent adoption accelerates. Further guidance is expected as standards continue to evolve.