AI agents have moved from research demos to production deployments faster than the infrastructure to govern them. Companies are racing to deploy agents for support, sales, research, and engineering tasks, often without answering the basic governance questions that determine whether the deployment will be a quiet success or a public failure. The questions below are not technical — they're operational and structural. Most failed agent deployments fail because the company couldn't answer one or more of them, not because the underlying model was inadequate.
If you're considering an AI agent deployment, work through this list with the actual stakeholders before any production traffic touches the agent. The cost of answering the questions in advance is hours. The cost of discovering them in production is incident, retraction, and lost trust.
1. What is the agent allowed to do without human review?
This is the single most important question and the one most often handwaved. "The agent will help with X" is not an answer. The answer must enumerate specific actions: this agent can read documents, draft responses, send messages, modify records, execute transactions. Each action has a different risk profile and a different review requirement. An agent that can draft responses is much lower risk than one that can send them. The deployment plan needs to be specific about which authorities the agent has.
2. Who is accountable when the agent makes a mistake?
Not "the AI team" — a specific named person. When the agent confuses two customer accounts and refunds the wrong one, who is the human accountable for that error? Without a clear answer, the agent operates in an accountability vacuum, and mistakes accumulate because no one feels responsible for catching them. The accountability needs to map to someone with the authority to pause the agent if necessary.
3. What does the agent's audit trail look like?
Every action the agent takes should be logged in a way that's reviewable after the fact. Not "the agent did things in the customer system" but a specific record: this prompt produced this action with this rationale at this time. Without an audit trail, you can't investigate failures or improve the agent. The audit trail is infrastructure, not a nice-to-have, and it should be built before the agent ships.
4. How will you detect when the agent is wrong?
Agents fail in ways that are often invisible — confidently producing wrong answers, taking actions that look correct but aren't, drifting in quality over time. You need detection mechanisms: customer feedback channels, sample reviews, ground-truth comparisons. Without detection, the agent's failures accumulate silently and surface only as broad customer dissatisfaction.
5. What human work does the agent replace, and what happens to those humans?
If the agent is automating work currently done by humans, the deployment has a workforce dimension. Are those humans being reassigned, retrained, or let go? How is the transition managed? This isn't a moral side question — it's an operational one. Agents that displace humans without a clear transition plan produce internal resistance that often dooms the deployment regardless of technical quality.
Put a context layer under your distributed team.
StandIn gives engineers a 60-second wrap at the end of every shift. The next shift wakes up knowing exactly what to pick up — no standup required.
Request early access6. What does the agent do when it doesn't know the answer?
The most expensive failure mode of AI agents is confident wrongness. The agent must have an explicit "I don't know" pathway — handing off to a human, declining to act, asking for clarification. If the agent never says "I don't know," it's not because it always knows; it's because it's hallucinating with confidence. The deployment should test and verify the agent's behavior in genuinely uncertain situations.
7. How is sensitive data scoped for the agent?
What data does the agent have access to? What can it write? What can it expose? Most agent failures involving data are scope failures — the agent had access to more than it needed and used it inappropriately. Minimum necessary access, enforced at the infrastructure level rather than the prompt level, is the only reliable defense.
8. What is the cost ceiling per interaction?
Agents that can call other tools (including other agents) can produce runaway cost behavior. A misconfigured agent can spend thousands of dollars on a single customer interaction by looping through expensive operations. You need explicit cost ceilings and the infrastructure to enforce them.
9. How will you update the agent without breaking trust?
Agents are not static. They get updated as models improve and prompts evolve. Each update changes the agent's behavior, sometimes subtly. Users (internal and external) develop expectations about what the agent does and how. Update cadence and communication strategy matter. Surprising users with behavior changes is a fast way to lose their trust in the agent permanently.
10. What recourse does a user have when the agent gets it wrong?
A specific path: how does a user escalate, who reviews, what's the SLA for resolution? "Contact support" is insufficient if the agent is the front-line interaction. The recourse path must be more direct than the original interaction was, or users will conclude the agent is a customer-deflection mechanism dressed as automation.
11. How will the agent integrate with existing decision authority?
Most companies have decision authority structures (formal or implicit) that govern who can make what kinds of decisions. The agent's authority needs to fit within these structures. An agent that effectively grants itself authority by acting in domains that should be human-decided creates internal conflict and external risk.
12. What's the rollback plan?
If the agent produces a class of failures that wasn't anticipated, how do you stop it quickly? A kill switch isn't optional — it's a basic operational requirement. The kill switch needs to be operable by someone other than the team that built the agent (because that team may not be available during the incident).
13. How will you handle agent disagreements with humans?
An agent recommends action A; a human prefers action B. Whose call wins? In most cases the answer should be the human — but if the agent is consistently right and the human is consistently overriding, you need a path to revisit the authority balance. The decision rule needs to be explicit, not implicit.
14. What does success look like — quantitatively?
"The agent will help with X" is not a success criterion. "The agent will resolve 60% of tier-1 support tickets without escalation, with customer satisfaction equal to or better than the human baseline" is. Without quantitative success criteria, the deployment can drift indefinitely without anyone being willing to call it a failure or a success.
15. What did the pilot show?
No agent should go to broad production without a pilot — small scope, defined success criteria, defined duration. If you haven't piloted, you don't know what you don't know. The pilot reveals failure modes, surfaces edge cases, and tests the operational infrastructure you've built around the agent. Skipping the pilot is the most common origin of high-profile agent failures.
The pattern
The fifteen questions share a structure: most of them are governance and operational questions, not technical ones. The agent's underlying model is increasingly a commodity. What differentiates a successful deployment from a failed one is the infrastructure around the agent — authority scoping, audit trails, escalation paths, accountability assignments. Companies that focus on getting the model right and skip the infrastructure consistently fail. Companies that build the infrastructure carefully consistently succeed, even with adequately-rather-than-excellent models.
Frequently asked questions
Can a small company deploy AI agents responsibly without enterprise governance infrastructure?
Yes, but with proportional scope. A small company doesn't need a formal governance committee, but it does need a clear answer to each of the fifteen questions. The answers can be lightweight — a one-page operational doc rather than a multi-stakeholder policy — but they need to exist. Deploying without answers is the failure pattern, regardless of company size.
How do you handle agent governance when agents are deployed by individual teams rather than centrally?
Establish a minimum standard that every team-deployed agent must meet, and a lightweight registry of what's been deployed. Without this, the company ends up with a sprawl of agents nobody knows about, each with different governance, and the first incident exposes the gap publicly. The registry doesn't need to be heavyweight — a shared doc with the fifteen questions answered per agent is sufficient.
What's the most common gap in agent governance?
Question 3 — the audit trail. Teams build agents that work in production for months without complete logging of what the agent did and why. When something goes wrong, they can't reconstruct the failure, which means they can't fix it, which means it recurs. The audit trail is the foundation; everything else depends on it.
Get async handoff insights in your inbox
One email per week. No spam. Unsubscribe anytime.
Ready to eliminate your daily standup?
Distributed teams use StandIn to start every shift with full context — no standup required. Engineers post a 60-second wrap. The next shift wakes up knowing exactly what to work on.