By Sandeep Joshi, Founder and Managing Director, Massivue
Enterprises spent 2025 racing to put artificial intelligence (AI) agents into production. In 2026, a growing number are quietly taking them back out. The agents were capable. What failed was the way they were governed.
This matters because the rollback is no longer anecdotal. It is showing up in independent analyst forecasts, and the common thread is not the technology. It is a leadership decision that most organizations are making too late, or not at all.
Adoption is outrunning control
The momentum is real. Gartner predicts that 40 percent of enterprise applications will include task-specific AI agents by the end of 2026, up from under 5 percent in 2025. That is a fast move from pilot to default.
The same momentum has a second number attached to it. Gartner also expects that more than 40 percent of agentic AI projects will be canceled by the end of 2027, citing escalating costs, unclear business value, and inadequate risk controls. Gartner notes that many of these efforts are early-stage experiments and proofs of concept that were pushed forward on hype and applied to problems they were never suited for.
These are two different figures measuring two different things: how many applications will adopt agents, and how many agentic projects will be shut down. Read together, they describe an enterprise that is deploying faster than it is learning to control.
The real failure mode is one-size-fits-all governance
The most pointed signal arrived in May 2026. Gartner predicts that by 2027, 40 percent of enterprises will demote or decommission autonomous AI agents because of governance gaps that only became visible after a production incident. This is a third, distinct 40 percent, and it is the one that should concern any leader.
Gartner's diagnosis is specific. Applying a single, uniform governance standard across every agent is itself a cause of failure. Most organizations treat agent governance as binary: an agent is either locked down to the point of being useless, or trusted to the point of being dangerous. Neither setting survives contact with real operations.
Reporting by CIO Dive on the same forecast sharpens the point. Teams routinely fail to separate two different questions: what an agent is able to do, and what an agent is allowed to reach. An agent can be technically capable of an action while its scope of access should be tightly bounded. Consider a customer service agent. It might be fully capable of issuing a refund, yet whether it is allowed to move money without a human check is a separate decision, and that is the line most rollbacks fail to draw. Collapse those two questions into one and you get either paralysis or the incident that triggers the rollback.
Governance is a leadership decision, not a control added later
Risk awareness has improved. According to McKinsey's State of AI research, organizations now actively work to mitigate roughly four categories of AI risk, up from about two in 2022. The problem is the gap between awareness and action. Many organizations recognize the risks while fewer than half are taking concrete steps to manage them, and only about a third have scaled AI across the enterprise rather than leaving it stuck in pilots.
What separates the organizations that scale is not a better model. It is governance owned at the top, with senior leaders treating oversight of AI as their responsibility rather than delegating it to a technical team after the fact. As I have put it to the leaders we work with, AI is not a technical problem to be solved, it is a leadership challenge to be embraced.
Regulation is tightening the same screw. Under the European Union AI Act, core obligations and enforcement begin in August 2026, according to the European Commission. A proposed package known as the Digital Omnibus could push some high-risk deadlines later, but that proposal is not yet law and should be treated as a moving target. For organizations across the Asia Pacific region, the practical point holds regardless of jurisdiction: governance expectations for autonomous systems are rising, and they are arriving faster than most internal controls.
What graduated, agent-scoped governance looks like
The alternative to binary control is graduated control, scoped to what each agent actually does. In practice that means sorting agents by the consequences of their actions, not treating them as one undifferentiated category.
Read-only and advisory agents that summarize, retrieve, or recommend can operate under light oversight. Workflow agents that take routine actions need scoped permissions, full logging, and human review on exceptions. High-stakes agents that move money, make commitments to customers, or touch regulated decisions need tighter controls and explicit human authorization before they act. The level of governance should match the level of risk, not the calendar on which the agent happened to ship.
This is the design question that Protum is built to answer: how multiple agents coordinate, what each one is permitted to reach, and what happens when two agents disagree. Rather than a single approval committee gating every action, the model lets the value and risk of a decision determine the level of oversight it receives. We describe how this plays out, including how conflicts between agents are resolved, on our AI operating model page, and we set out the wider thinking in Protum: the new standard for AI coordination. For teams trying to move from isolated pilots to production-ready agentic systems, our AI transformation practice is built around exactly this transition.
Before any agent goes into production, three questions settle most of the risk. Who is accountable for the outcome if the agent acts wrongly. What systems and data it is permitted to reach. And at what point a human must give approval. Teams that answer these in writing before deployment are far less likely to end up in the decommission statistic.
The takeaway
The enterprises that keep their agents in production will be the ones that decided, before deployment, who is accountable for each agent and what it is allowed to touch. The ones writing decommission tickets in 2027 will mostly be the ones that deferred that decision until an incident forced it.
A fair caveat: these are forecasts, not certainties, and the exact percentages will move as the market matures and the regulatory calendar settles. What is consistent across these independent sources is the direction. Agentic AI is scaling. Governance, for now, is not keeping pace, and closing that gap is a leadership task before it is a technical one.
Frequently asked questions
What is agentic AI governance?
Agentic AI governance is the set of controls that decide what an autonomous AI agent is allowed to do and which systems and data it can reach. Effective governance scopes those permissions to the consequences of the agent's actions, rather than applying one uniform standard to every agent.
Why are enterprises decommissioning AI agents?
Gartner predicts that by 2027, 40 percent of enterprises will demote or decommission autonomous AI agents because of governance gaps that surfaced only after a production incident. The agents are usually capable. What fails is governance that was either too restrictive to be useful or too permissive to be safe.
What is graduated, agent-scoped governance?
It is governance matched to risk. Read-only and advisory agents operate under light oversight. Agents that take routine actions need scoped permissions and human review on exceptions. High-stakes agents that move money or touch regulated decisions need tighter controls and explicit human authorization before they act.
When does the EU AI Act apply to AI agents?
According to the European Commission, core obligations and enforcement under the European Union AI Act begin in August 2026. A proposed package known as the Digital Omnibus could move some high-risk deadlines later, but that proposal is not yet law and should be treated as a moving target.
Who should own AI agent governance?
Senior leadership. McKinsey's research links scaled, durable AI to oversight owned at the top rather than delegated to a technical team after deployment. Governance is a decision about accountability and access, made before an agent goes live, not a control added after an incident.
Filed under AI and Enterprise Strategy. Published 15 June 2026. Tags: Agentic AI, AI Governance, AI Risk, Enterprise AI, Protum, AI Operating Model.