Skip to main content
🎓 Claude Code Masterclass Learn AI-assisted development on Udemy — plus the companion book on Leanpub & Amazon. Start Learning
AI governance dashboard showing findings remediation status and agent identity controls
AI

AI Governance in Practice: Findings Remediation and Agent Identity

What separates companies that manage AI risk well from those that just publish a policy PDF: fast findings remediation and real agent identity controls.

LB
Luca Berton
· 5 min read

Most companies talking about AI governance are still stuck at the PDF stage: publish a policy once, quote a framework, hope for the best. The companies actually managing AI risk well are doing something different — they treat governance as an operating loop, not a document. Implement, monitor, live between the guardrails, and keep redefining the rules as the technology moves.

I see this across regulated industries and plenty of less-regulated ones too. The good ones form a real task force, not a committee that meets once a quarter. They ask a harder question than “are we compliant”: what are the actual problems AI exposes us to, for the business and not just for the auditors? Some of that risk is operational. A lot of it is reputational. And the uncomfortable part is that AI mistakes compound in ways people don’t expect going in — a small model error early in a pipeline can cascade into a decision nobody would have signed off on if they’d seen it directly.

Focus Beats Volume in Findings Remediation

One pattern that consistently separates mature programs from performative ones: how they handle security findings once AI systems are in production.

The weak version looks like a compliance exercise — a long list of findings, a quarterly review, slow follow-up. The strong version is much narrower: surface fewer things, but make sure every one of them gets fixed. I’ve seen a program close every critical finding within a single month, purely because the team gave each engineering group a dedicated view of exactly what needed attention — no noise, no backlog of low-priority items burying the two things that actually mattered.

The mechanism that makes this work is specificity, not tooling. Give each team a landing page scoped to their own systems. Make wins visible, not just outstanding issues. And when a critical finding shows up, connect with the team immediately instead of letting it sit in a ticket queue. The intent was never to generate more findings — it was to generate focus. A developer who gets a vague quarterly report ignores it. A developer who gets a clear, scoped, “this is what you need to fix” acts on it, often faster than you’d expect.

This matters more for AI systems than traditional software because the observability gap is wider. If you can’t see what a model or agent actually did, a finding sitting unaddressed for a quarter isn’t a minor process failure — it’s an unknown blast radius.

From Giving Answers to Taking Actions

The bigger shift happened in the last seven or eight months, and it changes the entire threat model.

Until recently, AI meant recommendations: a model returns text, a human reads it, a human decides. The failure mode was bad advice. Now AI agents are rolling directly into systems — calling APIs, holding credentials, acting on behalf of a user without a human reading the output first. The failure mode is no longer “the model said something wrong.” It’s “the model did something wrong, using a real account, with real permissions.”

That reframes identity as the core problem. An agent acting under a shared or over-privileged credential is functionally identical to a very fast, very confident impersonation attack — and unlike a phishing email, nobody has to fall for anything. The agent already has the keys.

What Real Agent Identity Controls Look Like

The practical answer isn’t exotic. It’s the same discipline that mature security teams already apply to human identity, applied consistently to non-human identities for once:

  • Unique identity per agent — not a shared service account, not a human’s personal credentials reused for automation.
  • Least-privilege, listed access — an agent gets exactly the scopes its task requires, nothing broader “just in case.”
  • Action-level authorization, not just API-level. Every tool call an agent makes is effectively its own request that needs its own boundary, the same logic covered in AI agent sandboxing.
  • Monitoring what the agent actually did, not just what it was asked to do. Intent and action diverge more often than teams expect.
  • Human oversight calibrated to risk — a human in the loop for consequential actions, not for every step, or the oversight itself becomes the bottleneck nobody respects.

None of this is new in concept. Access tokens, least privilege, and audit trails have existed for identity and access management for decades. What’s new is the pace: agents are being connected to production systems faster than most identity programs are built to absorb, and a lot of companies still don’t have visibility into what their agents are actually doing today.

The Common Thread

Findings remediation and agent identity look like separate problems, but they’re the same discipline applied at different layers: narrow the surface, make it visible, and act on it fast. Governance that stays at the policy-document level catches neither. Governance that’s built as a monitored, living loop catches both — and it’s the difference between a company that can tell you exactly what its AI systems did last week, and one that’s hoping nothing went wrong.

About the Author

I am Luca Berton, AI and Cloud Advisor. I work with enterprises on AI governance, agentic AI security, and platform engineering. Book a consultation.

Free 30-min AI & Cloud consultation

Book Now