Governance around Physical AI is becoming harder as autonomous AI systems move into robots, sensors, and industrial equipment. The issue is not only whether AI agents can complete tasks. It is how their actions are tested, monitored, and stopped when they interact with real-world systems.

Industrial robotics already provides a large base for that discussion. The International Federation of Robotics said 542,000 industrial robots were installed worldwide in 2024, more than double the annual level recorded a decade earlier. It expects installations to reach 575,000 units in 2025 and pass 700,000 units by 2028.

Market researchers are also applying the Physical AI label to a wider group of systems, including robotics, edge computing, and autonomous machines. Grand View Research estimated the global Physical AI market at US$81.64 billion in 2025 and projected it to reach US$960.38 billion by 2033, though the category depends on how vendors define intelligence in physical systems.

From model output to physical action

The governance challenge is different from software-only automation because physical systems can operate around workplaces, infrastructure, and human users. They can also be connected to equipment that requires clear safety limits. A model output can become a robot movement or a machine instruction. It can also become a decision based on sensor data. That makes safety limits and escalation paths part of system design.

Google DeepMind’s robotics work is one recent example of how AI models are being adapted for this environment. The company introduced Gemini Robotics and Gemini Robotics-ER in March 2025, describing them as models built on Gemini 2.0 for robotics and embodied AI. Gemini Robotics is a vision-language-action model designed to control robots directly, while Gemini Robotics-ER focuses on embodied reasoning, including spatial understanding and task planning.

A robot using this type of model may need to identify an object, understand an instruction, and plan a sequence of movements. It also needs to assess whether the task has been completed correctly. That creates a control problem that includes both model behaviour and the mechanical limits of the system.

Google DeepMind said useful robots need generality, interactivity, and dexterity. Generality covers unfamiliar objects and environments. Interactivity relates to human input and changing conditions. Dexterity refers to physical tasks that require precise movement.

In its launch materials, Google DeepMind said Gemini Robotics could follow natural-language instructions and perform multi-step manipulation tasks. Examples included folding paper, packing items into a bag, and handling objects not seen during training.

The technical requirements for Physical AI are broader than language understanding. Systems need visual perception and spatial reasoning. They also need task planning and success detection. In robotics, success detection matters because the system must decide whether a task has been completed, whether it should retry, or whether it should stop.

Google DeepMind’s Gemini Robotics-ER 1.6, introduced in April 2026, shows how those functions are being packaged in newer models. The company describes the model as supporting spatial logic, task planning, and success detection, with the ability to reason through intermediate steps and decide whether to move forward or try again.

Google’s developer documentation says Gemini Robotics-ER 1.6 is available in preview through the Gemini API. The documentation describes it as a vision-language model that brings Gemini’s agentic capabilities to robotics. Those capabilities include visual interpretation, spatial reasoning, and planning from natural-language commands.

Google AI Studio provides a developer environment for working with Gemini models, while the Gemini API provides a route for integrating those models into applications. In the context of embodied AI, that places testing and prompting closer to the developers building agentic applications.

Safety controls move into system design

Governance becomes more complex when these systems can call tools, generate code, or trigger actions. Controls need to define what data the system can access, what tools it can use, which actions require human approval, and how activity is logged for review.

McKinsey’s 2026 AI trust research points to the same issue in enterprise AI more broadly. It found that only about one-third of organisations reported maturity levels of three or higher in strategy, governance, and agentic AI governance, even as AI systems take on more autonomous functions.

In robotics, safety also includes the physical behaviour of the machine. Google DeepMind has described robot safety as a layered problem, covering lower-level controls such as collision avoidance, force limits, and stability, as well as higher-level reasoning about whether a requested action is safe in context.

The company also introduced ASIMOV, a dataset for evaluating semantic safety in robotics and embodied AI. Google DeepMind said the dataset was designed to test whether systems can understand safety-related instructions and avoid unsafe behaviour in physical settings.

The same controls used for software agents become harder to manage when systems are connected to robots, sensors, or industrial equipment. These include access rights, audit trails, and refusal behaviour. They also include escalation paths and testing.

Governance frameworks such as the NIST AI Risk Management Framework and ISO/IEC 42001 provide structures for managing AI risks and responsibilities across the system lifecycle. In Physical AI, those controls need to account for model behaviour, connected machines, and the operating environment.

Google DeepMind has also worked with robotics companies as part of its embodied AI development. In March 2025, the company said it was partnering with Apptronik on humanoid robots using Gemini 2.0, and listed Agile Robots, Agility Robotics, Boston Dynamics, and Enchanted Tools among trusted testers for Gemini Robotics-ER.

The 2026 update also referenced work with Boston Dynamics involving robotics tasks such as instrument reading. That type of use case depends on visual understanding, task planning, and reliable assessment of physical conditions.

Physical AI applies to industrial inspection, manufacturing, and logistics. It also applies to facilities and warehouses. These settings require systems to interpret real-world conditions and act within defined limits. The governance question is how those limits are set before autonomous systems are allowed to make or execute decisions.

Google DeepMind and Google AI Studio are listed as hackathon technology partners for AI & Big Data Expo North America 2026, taking place on May 18–19 at the San Jose McEnery Convention Center.

(Photo by Mitchell Luo)

See also: AI agent governance takes focus as regulators flag control gaps

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.

AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.

The post Physical AI raises governance questions for autonomous systems appeared first on AI News.

Two weeks ago at Google Cloud Next ’26 in Las Vegas, Google did something the enterprise AI industry has been dancing around for the better part of two years: it made agentic AI governance a native product feature, not an afterthought.

The centrepiece announcement was the Gemini Enterprise Agent Platform, pitched as the successor to Vertex AI and described by Google as a comprehensive platform to build, scale, govern, and optimise agents. What made it notable wasn’t the model access or the TPU upgrades, significant as those are. 

It was the architecture underneath: every agent built on the platform gets a unique cryptographic identity for traceability and auditing, while Agent Gateway handles oversight of interactions between agents and enterprise data. Governance, in other words, ships with the product.

That design choice is a direct response to a problem that has quietly been undermining enterprise AI deployments across the board.

The governance gap that no one wants to talk about

A survey of 1,879 IT leaders by OutSystems, released in April, puts the numbers plainly: 97% of organisations are already exploring agentic AI strategies, and 49% describe their own capabilities as advanced or expert. Yet only 36% have a centralised approach to agentic AI governance, and just 12% use a centralised platform to maintain control over AI sprawl.

That is an 85-point gap between confidence and actual control, and it is not improving fast enough. Gartner’s 2026 Hype Cycle for Agentic AI frames the same tension differently. Only 17% of organisations have actually deployed AI agents to date, yet more than 60% expect to do so within two years, the most aggressive adoption curve Gartner has recorded for any emerging technology in the survey’s history. 

The hype cycle places agentic AI squarely at the Peak of Inflated Expectations, with governance, security, and cost-management capabilities still maturing well behind deployment intent. The production reality is considerably more sobering. Multiple independent analyses put the share of agentic AI pilots that have reached genuine production scale at somewhere between 11% and 14%. The rest, the other 86% to 89%, have stalled, been quietly shelved, or never moved beyond proof-of-concept. 

Governance breakdowns and integration complexity are consistently cited as the primary causes, ahead of any technical shortcomings in the models themselves.

What Google is actually betting on

At Cloud Next ’26, the message from Google was less about model capability and more about who owns the control plane. Bain & Company’s post-event analysis noted that Google is repositioning from model access toward a full agentic enterprise platform, one where context, identity, and security sit at the centre of the architecture, not at the edges.

The strategic logic is coherent. All three major cloud providers only announced agent registries in April 2026, which signals just how early-stage the governance tooling still is across the industry. Google’s move is the most comprehensive response so far, but it also carries a specific implication for enterprises evaluating the platform: deeper integration with Google’s stack is part of the deal.

That tension–between the genuine governance capabilities on offer and the platform commitment required to access them–is what enterprise architects are now working through. Agentic systems multiply identities and permissions at a pace that traditional human-centric identity and access management models were never built to handle. 

Once agents start acting across systems, the governance question shifts from which model is approved to what actions a given agent can take, through which identity, against which tools, and with what audit trail.

Google’s cryptographic agent identity and gateway architecture is a direct answer to that question. Whether enterprises are ready to hand Google that level of operational centrality is a different conversation.

Agent washing makes this harder

There is a compounding problem that the governance debate tends to sidestep: a large share of what is currently being marketed as agentic AI is not agentic AI. Deloitte’s research on enterprise AI trends notes that many so-called agentic initiatives are actually automation use cases in disguise: legacy workflow tools with conversational interfaces, operating on predefined rules rather than reasoning toward goals.

The distinction matters because governance frameworks designed for genuinely autonomous agents will not map cleanly onto scripted automation, and vice versa. Enterprises that conflate the two end up with governance structures that are either too restrictive for real agents or too permissive for brittle automation masquerading as intelligence.

Gartner estimates that more than 40% of agentic AI projects could be cancelled by 2027, with unclear value and weak governance cited as the leading reasons. That figure should concentrate minds. The enterprises investing now in governance architecture–audit trails, escalation paths, bounded autonomy, agent-level identity–are building the foundation that will determine whether their agentic deployments survive contact with production.

Google’s Cloud Next platform launch is, at minimum, a forcing function. The tooling for governed agentic systems now exists at scale from a major provider. What remains is the harder organisational work–deciding what agents are actually authorised to do, who is accountable when they get it wrong, and whether the platform holding all of that together is one you are prepared to build on.

See also: SAP: How enterprise AI governance secures profit margins

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information.

AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.

The post Google made agentic AI governance a product. Enterprises still have to catch up. appeared first on AI News.

According to SAP, enterprise AI governance secures profit margins by replacing statistical guesses with deterministic control.

Ask a consumer-grade model to count the words in a document, and it will often miss the mark by ten percent. Manos Raptopoulos, Global President of Customer Success Europe, APAC, Middle East & Africa at SAP, observes that the operational gap between near-perfect and perfect is absolute.

“The distance between 90% and 100% accuracy is not incremental. In our world, it is existential,” notes Raptopoulos.

As organisations push large language models into production environments, Raptopoulos emphasises that the evaluation criteria have formally transitioned toward precision, governance, scalability, and tangible business impact.

The pressing challenge facing corporate boards centres on the evolution from passive tools to active digital actors, a transition Raptopoulos identifies as the primary governance moment and will be among the topics that SAP will be focusing on at this year’s AI & Big Data Expo North America.

Agentic AI systems now possess the capability to plan, reason, orchestrate with other agents, and execute workflows autonomously. Because these systems interact directly with sensitive data and influence decisions at scale, Raptopoulos argues that failing to govern them exactly as one governs a human workforce exposes the organisation to severe operational risk. He warns that agent sprawl will mirror the shadow IT crises of the past decade, though the stakes are categorically higher.

Establishing agent lifecycle management, defining autonomy boundaries, enforcing policy, and instituting continuous performance monitoring are mandatory requirements, according to his framework.

Integrating modern vector databases (which map the semantic relationships of enterprise language) with legacy relational architectures demands immense engineering capital. Teams must actively restrict the agent’s inference loop to prevent hallucinations from corrupting financial or supply chain execution paths. Setting these strict parameters drives up computational latency and hyperscaler compute costs, altering initial P&L projections.

When an autonomous model requires constant, high-frequency database querying to maintain deterministic outputs, the associated token costs multiply quickly. Governance becomes a hard engineering constraint rather than a compliance checklist.

Raptopoulos argues that corporate boards must resolve three baseline issues before deploying agentic models: identifying who holds accountability for an agent’s error, establishing audit trails for machine decisions, and defining the exact thresholds for human escalation. Geopolitical fragmentation makes answering these questions harder.

Sovereign cloud infrastructures, AI models, and data localisation mandates are regulatory realities in major markets spanning New York, Frankfurt, Riyadh, and Singapore. Enterprises must embed deterministic control directly into probabilistic intelligence. Raptopoulos views this requirement as a C-suite mandate rather than an IT project.

Structuring relational intelligence for commercial operations

AI systems remain entirely dependent on the quality of the data and processes they operate upon, representing what Raptopoulos calls the data foundation moment.

Fragmented master data, siloed business systems, and over-customised ERP environments introduce dangerous unpredictability at the worst possible moments. Raptopoulos explains that if an autonomous agent relies on fragmented foundations to provide a recommendation affecting cash flow, customer relations, or compliance positions, the resulting operational damage scales instantly.

Extracting tangible enterprise value requires advancing beyond generic large language models trained on internet-scale text. True enterprise intelligence – as outlined by Raptopoulos – must be grounded in proprietary corporate data, including orders, invoices, supply chain records, and financial postings embedded directly into business processes. He argues that relational foundation models optimised specifically for structured business data will continually outperform generic models in forecasting, anomaly detection, and operational optimisation.

The sheer operational friction of making an over-customised ERP environment intelligible to a foundation model halts many deployments. Data engineering teams spend excessive cycles sanitising fragmented master data simply to create a baseline for the AI to ingest.

When a relational model needs to accurately interpret complex, proprietary supply chain records alongside raw invoice data, the underlying data pipelines must operate with zero latency. If the data ingest fails, the model’s predictive capabilities degrade instantly, rendering the agent functionally dangerous to the business.

Integrating legacy architecture with modern relational AI requires overhauling deeply entrenched data pipelines. Engineering teams face indexing decades of poorly classified planning data so that embedding models can generate accurate vector representations. Following Raptopoulos’s logic, boards must evaluate whether their current data estate is genuinely prepared, rather than simply layering probabilistic intelligence over disjointed foundations.

Designing intent-based interfaces

Enterprise application interaction is transitioning from static interfaces to generative user experiences, a development Raptopoulos flags as the employee interaction moment.

Instead of manually navigating complex software ecosystems, employees will express their intent to the system. Raptopoulos offers the example of a user instructing the software to prepare a briefing for their highest-revenue customer visit that week. The AI agents then orchestrate the necessary workflows, assemble the surrounding context, and surface recommended actions.

However, Raptopoulos stresses that adoption among the workforce remains conditional upon trust. Employees will only embrace these digital teammates when they feel confident that the system’s outputs respect established governance boundaries, reflect authentic business rules, and deliver demonstrable productivity gains.

Engineering these systems demands role-specific AI personas tailored for positions such as the CFO, the CHRO, or the head of supply chain. Raptopoulos observes that these personas must be built upon trusted data and embedded within familiar corporate workflows to successfully close the adoption gap.

Achieving this level of integration is a design decision carrying heavy consequences. Organisations willing to invest capital into AI-native architecture accelerate their return on investment, while enterprises attempting to bolt probabilistic models onto legacy interfaces struggle heavily with trust, usability, and scale.

Technology leaders trying to force modern AI orchestration onto monolithic software applications often encounter severe integration delays. The routing of probabilistic API calls through outdated enterprise middleware causes user interfaces to lag, destroying the intent-based workflow. Designing role-specific personas requires more than prompt engineering; it demands mapping complex access controls, permissions, and business logic into the model’s active memory.

Engineering competitive defense

The financial return on AI surfaces fastest during customer interactions. Raptopoulos notes that training models on proprietary records, internal rules, and historical logs creates a layer of customer-specific intelligence that rivals cannot easily copy. This setup performs best in exception-heavy workflows like dispute resolution, claims, returns, and service routing.

Deploying autonomous agents capable of classifying cases, surfacing relevant documentation, and recommending policy-aligned resolutions converts these high-cost processes into distinct competitive differentiation.

These models adapt based on the results of each interaction. Raptopoulos points out that corporate buyers prioritise reliable, relevant, and responsive service rather than technological gimmicks. Companies that deploy AI to handle heavy workloads – while maintaining strict oversight of the final outputs – construct barriers to entry that generic tools fail to penetrate

Deploying corporate intelligence requires the C-suite to orchestrate three distinct layers in parallel, which Raptopoulos defines as the strategy moment.

The initial layer involves embedded functionality, where persona-driven productivity gains are integrated directly into core applications for fast returns. The second layer demands agentic orchestration, facilitating multi-agent coordination across cross-system workflows. The final layer focuses on industry-specific intelligence, featuring deeply specialised applications co-developed to address the highest-value challenges specific to a particular sector.

A trap awaits leaders who fall victim to false sequencing. Concentrating solely on embedded tools leaves massive financial value uncaptured, while jumping aggressively toward deep industry applications without first achieving proper governance and data maturity multiplies corporate risk. 

Raptopoulos advises that scaling these models requires matching corporate ambition to actual technical readiness. Leadership teams need to fund clean core architectures, update data pipelines, and enforce cross-functional ownership to move past the pilot phase. The most profitable deployments treat AI as a central operating layer that requires the same governance as human staff.

The financial gap between 90 percent accuracy and full certainty dictates where true enterprise value lives. Governance decisions made in the coming months will dictate whether specific AI deployments become a powerful source of durable advantage, or an expensive lesson.

See also: AI agent governance takes focus as regulators flag control gaps

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information.

AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.

The post SAP: How enterprise AI governance secures profit margins appeared first on AI News.

As of 1st June 2026, GitHub Copilot will charge its users on the basis of the tokens they use, rather than a flat rate subscription model.

The model that’s seeing the shutters closed on it is, or rather was, simple to understand and use. Users were given a set number of ‘Premium Requests’ according to their subscription tier. A complex coding task that may have taken many hours to complete used one premium request. Posing a relatively trivial question also counted as a single premium request.

However, the change which is soon to affect GitHub Copilot users aligns the pricing models with those of API charges to large language models, more common among business plans. On the new GitHub Copilot pricing scheme, most requests will be measured according to the tokens used by, input to, and output from the LLM at the heart of Copilot.

The post Per-token AI charges come to GitHub Copilot appeared first on AI News.

LG is currently engaged in exploratory discussions with NVIDIA concerning physical AI, data centres, and mobility.

Following a meeting in Seoul between LG CEO Ryu Jae-cheol and Madison Huang, Senior Director of Product Marketing for Omniverse and Robotics at NVIDIA, the core operational dependencies required to run complex automated systems are becoming apparent.

While the companies have not formalised investment amounts or timelines, their intersecting hardware and processing priorities highlight the massive capital expenditure required to bring autonomous systems out of simulation.

The densification of compute clusters required for complex machine learning models creates an unavoidable physics problem. NVIDIA’s data centre business generates record revenues, but operating these high-density server racks pushes conventional cooling infrastructure past safe operating limits.

At CES 2026, LG positioned its commercial divisions to supply high-efficiency HVAC and thermal management solutions engineered for AI data centres. As power density explodes in relevance, traditional air cooling is simply inadequate.

When server farm temperatures exceed safe thresholds, compute nodes throttle performance, destroying the return on investment for high-end silicon. Integrating LG’s thermal hardware directly into NVIDIA’s infrastructure ecosystem addresses this margin drain. It allows facility operators to pack more processing power into smaller square footage without burning out the underlying hardware.

For LG, this positions them as an infrastructure supplier inside a lucrative technology ecosystem, generating recurring enterprise revenue by complementing the compute layer rather than competing against it. Underscoring this broader push into connected enterprise systems, LG subsidiary LG CNS is a sponsor of this year’s IoT Tech Expo North America, signaling the company’s aggressive expansion across smart infrastructure.

Hardware actuation and edge inference friction

Beyond server infrastructure, the discussions attempt to solve the computational latency inherent in autonomous consumer hardware. LG’s future growth thesis relies heavily on automating household manual and cognitive workloads.

LG recently unveiled CLOiD, a home robot featuring two arms with seven degrees of freedom and five individually-actuated fingers per hand. This hardware runs on LG’s ‘Affectionate Intelligence’ platform, built for contextual awareness and continuous environmental learning.

Translating a computational command into physical movement requires a flawless zero-latency inference pipeline. When an articulated robot reaches for a glass, the system must process real-time visual data, query local vector databases to identify the object’s properties, and calculate the exact required grip force. Any miscalculation within this inference pipeline risks physical damage to the user’s home.

LG currently lacks the digital twin infrastructure, pre-trained manipulation models, and simulation environments necessary to compress this deployment pipeline securely. NVIDIA provides this architecture through its Omniverse and Isaac robotics stack, which are optimised for real-time physical AI inference.

By adopting NVIDIA’s edge-compute capabilities, LG can process complex spatial variables locally, heavily reducing the cloud compute costs associated with continuous spatial mapping and video ingestion. This proven pipeline compresses the time required to move from prototype to full commercial production.

Mass market ingestion and simulation environments

NVIDIA is concurrently validating its robotics stack, having wrapped a two-week Siemens factory trial in January 2026 that was just announced at Hannover Messe in April.

During this trial, a Humanoid HMND 01 Alpha executed live logistics operations over an eight-hour period. Yet, factory floors in Erlangen are highly structured and regulated. Consumer living rooms contain extreme variability, changing lighting, and unpredictable human interference.

Accessing LG’s ThinQ ecosystem and its mass-market distribution provides NVIDIA with a data-rich training environment. Bringing robots into homes requires training models on actual domestic variability rather than sterile simulations.

Moving beyond industrial settings into consumer electronics gives NVIDIA’s Omniverse platform the potential to become the universal development infrastructure for real-world autonomy, mirroring how its GPU architecture captured cloud processing.

The final alignment point covers automotive integration. LG’s automotive components division represents one of its fastest-growing segments, manufacturing in-vehicle infotainment, EV components, and in-cabin generative platforms that include gaze-tracking and adaptive displays. Simultaneously, NVIDIA’s DRIVE platform commands massive deployment share in autonomous and semi-autonomous vehicle computing.

Automotive manufacturers frequently struggle when attempting to bridge legacy infotainment systems with advanced autonomous compute nodes. Because LG and NVIDIA already operate in adjacent layers of the same vehicle, a formal collaboration would unite LG’s interior experience layer with NVIDIA’s underlying compute platform. This unification allows fleet operators to standardise their reference architectures, reducing the engineering hours wasted on custom API integrations and securing a unified pathway for over-the-air machine learning updates.

These exploratory talks between LG and NVIDIA define the precise hardware and processing requirements necessary to execute physical AI reliably.

See also: Kakao Mobility details Level 4 autonomous driving roadmap for physical AI

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information.

AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.

The post What LG and NVIDIA’s talks reveal about the future of physical AI appeared first on AI News.

APIs and MCPs are often mentioned in the same breath as ways that systems can exchange information, but they are designed differently and have different purposes. This article hopes to explain the differences and how software developers and users should approach interaction with each.

An API is mainly found in software applications, while an MCP (Model Context Protocol), is used by large language models. APIs let one application talk to another, and an MCP lets an AI model use data and tools in structured ways. The difference comes about because LLMs, responding to user requests, need to choose which tools and information it thinks it needs to achieve an outcome.

The post A guide to APIs, MCPs, and MCP Gateways appeared first on AI News.

Australia’s financial regulator has warned financial firms that AI agent governance and assurance practices are poorly governed. The warning comes as banks and superannuation trustees expand AI in internal and customer-facing operations.

The Australian Prudential Regulation Authority said it conducted a targeted review of selected large regulated entities in late 2025 to assess AI adoption and related prudential risks. It found that AI was being used in all entities reviewed, but maturity varied in risk management and operational resilience. APRA said boards showed strong interest in AI for productivity and customer experience. However, it found that many were still building management of AI risks.

The regulator also raised concerns about reliance on vendor presentations and summaries. It said boards were not always giving enough scrutiny to risks like unpredictable model behaviour and the effect of AI failures on critical operations.

APRA said boards should develop a better understanding of AI in order to set strategy and oversight coherently. It said AI strategy should align with an institution’s risk appetite and include monitoring and defined procedures that should be taken in the event of errors.

APRA noted regulated entities were trialling or introducing AI in software engineering, claims triage, and loan application processing. Other use cases cited included fraud and scam disruption and customer interaction.

Some entities were treating AI risk in the same terms as that of other technologies, but that approach doesn’t account for models’ behaviour and bias.

It identified gaps in model behaviour monitoring, change management, and decommissioning, and stated a need for inventories of AI tools and named-person ownership of AI instances. It also pointed out the requirement for human involvement in high-risk decisions.

Cybersecurity was another area of concern. APRA said AI adoption was changing the threat environment by adding additional attack pathways such as prompt injection and insecure integrations.

Identity and access management practices had not adjusted in some instances to non-human elements such as AI agents. The volume of AI-assisted software development was placing pressure on change and release controls.

APRA said entities should apply controls on agentic and autonomous workflows which included privileged access management, configuration, and patching. It also called for security testing of AI-generated code.

Some institutions had become dependent on a single provider for many of their AI instances, ARPA noted, and only a few had been able to show an exit plan or substitution strategy for AI suppliers.

APRA said AI can be present in upstream dependencies, which entities may not be aware of.

Identity and access

The focus on identity and permission controls is also reflected in new standards work by the FIDO Alliance. The group has formed an Agentic Authentication Technical Working Group and is developing specifications for agent-initiated commerce.

FIDO said some existing authentication and authorisation models were designed for human interaction, not delegated actions performed by software. It said service providers need ways to verify who or what authorises actions and under what conditions.

Vendors have presented their solutions to FIDO for review, including Google’s Agent Payments Protocol and Mastercard’s Verifiable Intent framework. The Centre for Internet Security, a non-profit funded largely by the Department for Homeland Security, has published AI security companion guides that map CIS Controls v8.1 to large language models, AI agents, and Model Context Protocol environments.

Its LLM guide covers prompt and sensitive-data issues, and an MCP guide focuses on secure access by software tools, non-human identities, and network interactions.

(Photo by julien Tromeur)

See also: Google warns malicious web pages are poisoning AI agents

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information.

AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.

The post AI agent governance takes focus as regulators flag control gaps appeared first on AI News.