Agentic AI Is in Production — And 88% of Companies Already Have an Incident They Can't See
AI agents are quietly running tasks across UK businesses, often with no identity, no access controls and no audit trail. Here's the governance blind spot most SMEs are walking into — and a practical checklist to close it.
A finance assistant at a mid-sized firm asks an AI agent to reconcile last month's invoices. The agent logs into the accounting system, pulls supplier records, cross-checks a few against email threads, flags three discrepancies and drafts chase emails. It does all of this in about ninety seconds. Nobody approved each step. Nobody watched it happen. And when the auditor later asks who accessed the supplier bank details on the 14th, there's no clean answer — because the agent used a shared service account that three other systems also use.
That's not a hypothetical. It's the shape of how AI agents are already working inside UK businesses, and it's exactly the gap that's catching people out. A widely cited industry figure puts it bluntly: around 88% of organisations running agentic AI have already had an incident involving an agent that they couldn't properly see or trace. Not a breach in the headline sense — a misfired action, an over-broad permission, a decision nobody can reconstruct. The agents are in production. The governance isn't.
What 'agentic' actually means here
Most people met AI through chatbots. You type a question, it types an answer, the transaction ends there. An agent is different in one important way: it acts. It doesn't just suggest you reset a password — it can reset the password. It doesn't draft an email for you to send — it sends it. It chains tasks together, calls other tools, and makes its own choices about how to reach a goal you set.
That capability is genuinely useful. A support agent that can read a ticket, check the order system, issue a refund and update the CRM saves real hours. But the moment software can take actions in your systems, it stops being a tool and starts behaving like a member of staff. And you wouldn't give a new starter a master key, an admin login shared with four colleagues, and no record of what they did all day. Yet that's precisely how a lot of AI agents get deployed.
Why the visibility gap is so easy to fall into
The problem isn't that businesses are reckless. It's that agents slip into production through the side door.
Someone in operations signs up for a tool that 'automates' part of their workflow. To work, it needs access to email, or the CRM, or a shared drive. They connect it using their own credentials or a generic account, because that's the path of least resistance. It works. Word spreads. Within a few months there are five or six of these running, each with access granted ad hoc, none of them on anyone's asset register, and no single person who can tell you what they're all allowed to touch.
Three things make this worse than ordinary shadow IT:
- Agents act fast and at scale. A human making a mistake affects one record. An agent making the same mistake can process hundreds before anyone notices.
- They borrow human identities. When an agent uses a person's login or a shared service account, your logs show the human, not the agent. The audit trail lies to you.
- Their reasoning is opaque. Even when an action is logged, the why often isn't. You can see the refund was issued. You can't always see what made the agent decide to issue it.
Put those together and you get the incident nobody can see: something happened, it shouldn't have, and the records can't tell you who or what was responsible.
Treat the agent as an identity, not a feature
The single most useful shift in thinking is this: an AI agent is an identity-bearing entity. It deserves its own account, its own permissions, and its own audit trail — the same way a person or a service does.
This isn't a new discipline invented for AI. It's how mature IT teams already handle service accounts and machine identities. The mistake is failing to apply that existing discipline to agents because they arrived wearing a friendly chat interface rather than a server configuration file.
When an agent has its own identity, the picture changes completely. You can see exactly what it accessed, scope its permissions to the minimum it needs, revoke them instantly if something goes wrong, and prove to an auditor that the supplier bank details were touched by the reconciliation agent at 14:03 — not by a confused finance assistant.
A pre-deployment governance checklist
Before any agent goes live in your business, work through these questions. If you can't answer them, the agent isn't ready.
1. Does the agent have its own identity? No shared logins. No borrowing a staff member's credentials. Each agent gets a dedicated, named account so its actions are attributable.
2. What is the smallest set of permissions it needs? Start from zero and add only what the task requires. An agent that drafts emails doesn't need to delete files. An agent that reads orders doesn't need to change prices. Scope tightly, then review.
3. Is everything it does logged — and can you read those logs? A log nobody reviews is a false comfort. You need a record of what the agent accessed and what it did, and a routine for actually looking at it.
4. Where are the hard stops? Decide which actions require human approval before they execute. Issuing refunds above a threshold, sending external communications, changing financial records — these should pause for a person, not run automatically.
5. How do you switch it off? If the agent misbehaves at 2am on a Saturday, who can disable it, and how quickly? You want a single, obvious kill switch, not a frantic hunt through admin panels.
6. What data does it touch, and does that create a compliance obligation? If an agent processes personal data, GDPR applies to it just as it applies to staff. Map the data flows before deployment, not after a subject access request lands.
7. Who owns it? Every agent needs a named human owner responsible for its behaviour, its permissions and its retirement. Orphaned agents are how the visibility gap grows.
This is solvable, and worth solving now
The encouraging part is that none of this requires exotic technology. The controls that govern AI agents are the same ones good IT teams already use for identity, access and logging. The work is in applying them deliberately rather than discovering, after an incident, that you skipped them.
The businesses that get burned won't be the ones using AI agents. They'll be the ones using AI agents the way they'd never let a person work — with a master key, a shared login and no record of what happened. The fix is to give every agent a name, a narrow set of permissions, a visible trail and an off switch, before it does anything that matters.
If you're already running agents and can't confidently answer the seven questions above, that's the gap to close this quarter. We help Nottingham and East Midlands businesses bring AI agents under proper identity and access governance — turning an invisible risk into something you can see, control and audit. Get in touch and we'll start with what you've actually got running today.