AI Code Verification and Governance Critical for Enterprises

Most enterprise AI failures won't be caused by simple model hallucinations. They will be caused by autonomous agents catching themselves in infinite loops or breaching a delegation boundary. We have rapidly moved past the era of static, prompt-response chatbots. As organizations deploy agentic workflows, the risk landscape changes completely. It is no longer just a question of whether the output is accurate. The real operational bottlenecks are now far more complex: - The Delegation Risk: Knowing exactly where an agent's authority ends and human intervention must begin. - Multi-Agent Cascade: One agent making a silent data error that compounds across three other downstream systems. - The Kill-Switch Gap: The lack of an immediate, hard stop when an autonomous workflow begins executing unauthorized API calls. If your risk strategy is still focused entirely on prompt filtering and basic data privacy, you are protecting yesterday's infrastructure. The most successful deployments in 2026 aren't just building faster agents; they are building sturdier guardrails. AI For Leaders thanks for sharing this insightful piece👍🏾

This is a great chart by AI For Leaders but it’s missing maybe the most basic element. #AI Code Risk. Verifying AI Generated code is the new major risk every organization, enterprise, and government agency need to do as AI builds are being pushed into production. Risk and Governance models and standards will not allow the same or even another LLM based model to verify it. That’s why we built The Code Registry and are launching The Code Institute along with CSharpCorner to help builders and leaders #know, #verify, and #value your code. It’s amazing with all the noise that this major category has been missed until now! Now they can AI For Leaders with #thecoderegistry EMG.AI The Code Registry

Great framework for organizations navigating AI adoption. The challenge isn’t just building AI—it’s managing the risks that come with it. Governance, security, and trust must be part of the foundation. #ResponsibleAI #Cybersecurity

This is a good overview of the issues you can encounter when using AI and become too relaxed. Just that the “1 minute a day” only suffices to become more aware. At Trinity Software Center we introduced AI in our coding and data engineering a year ago and we discuss extensively with our clients how to maintain quality. We speeded up 4x but half of that efficiency gain needs to be put into additional quality controls, security safeguards and more. Note that Gartner reports and others are signaling #technicaldebt can pile up inside your systems and it may take a while for you to find out your databases or algorithms are not right if you rely too much on #AI. Yes we still need a lot of good #softwareengineers do not sack them too easily! We are ready to come on board to help you move from the #rapidprototype you bult with an agent after dinner fo something solid. Joseph Anto Ofori Stephen Marco Schreuders Wim Hasselman

The latest report from McKinsey & Company on AI trust in 2026 prepared by Cécile Prinsen, Abby Sticha, Roger Roberts and Gabriel Morgan highlights a clear shift: AI is no longer limited by capability, but by trust. As systems move from generating outputs to taking actions - triggering workflows, accessing systems, making decisions - the nature of risk changes. It’s no longer just about accuracy, but about whether actions are authorized and accountable. This is where current approaches start to fall short. Most governance models were designed for humans or static software. They assume every action can be tied to a clearly defined actor. In agent-based setups, that assumption often breaks. Actions run through API keys, service accounts, or embedded logic, making attribution unclear. And without clear attribution, accountability weakens. That’s exactly where trust stops scaling. This explains why many organizations are still hesitant. It’s not a capability issue - it’s a control issue. What’s emerging is a more fundamental requirement: If AI systems act, they need to exist as identifiable entities with persistent agentic identity number (AIN) and the token containing the cryptographic snapshot of information at least about the manufacturer, LLM version, operator, scope and competence, permissions and certification status. Ideally the AIN should be issued by the responsible Authority like #EUAIOffice or on the sovereign level and being contained in a some sort of central registry. Without that, we are orchestrating capabilities of the human centered accounts and not accountable autonomous actors. And that’s the real bottleneck of the agentic era. Here is the full article: https://lnkd.in/efHG9GcN More about practical approach to agentic identity find in the Repo for the Registack AIR (Agentic identity registry): https://lnkd.in/dqQfmfTr

AI and Accountability Are No Longer Optional 🤖📊 APRA has made one thing clear. Artificial intelligence is now a core governance issue, not just a technology conversation. Through a GRC lens this latest communication signals a shift from experimentation to responsibility. Boards and risk leaders are now expected to actively understand, oversee and challenge how AI is being used across their organisations. What does this mean in practice: • Risk frameworks need to evolve to capture AI specific risks such as bias, explainability and model drift • Governance structures must ensure clear accountability for AI decisions and outcomes • Compliance now requires ongoing monitoring and assurance over AI systems • Culture matters as ethical AI becomes central to trust How can organisations prepare for AI governance: • Embed AI into existing GRC frameworks rather than treating it as separate • Define clear ownership and accountability across business and technology teams • Establish model risk management and validation processes • Improve transparency through documentation and explainability practices • Upskill boards and leadership teams to confidently oversee AI risks This is less about slowing innovation and more about strengthening it with the right guardrails. The organisations that get this balance right will not just meet regulatory expectations. They will build lasting trust with customers and regulators alike✅ Read the full APRA letter here 👉 https://lnkd.in/gfiHvJfg Are your current GRC frameworks truly ready to manage the risks and opportunities that AI is introducing at scale 🤔 #GRC #RiskManagement #AITrust #APRA #Governance #Compliance #ArtificialIntelligence

Hype around AI: What I am trying to articulate is something a lot of experienced risk, audit, and compliance people are quietly thinking but are hesitant to say publicly. The pattern feels very familiar to anyone who lived through Sarbanes–Oxley Act implementation waves. Back then, SOX became the centre of the universe. Suddenly every process needed documenting, every control needed testing, and every meeting became “high priority.” Consultants, software vendors, auditors, regulators, and senior management all amplified the urgency. Massive budgets were approved because nobody wanted to be the executive accused later of “not doing enough.” What you are seeing now with AI governance and AI risk has many of the same characteristics: *Endless frameworks *New committees *AI principles *AI inventories *AI risk taxonomies *AI controls libraries *AI assurance models *AI monitoring tools *AI maturity assessments And behind all of it is a massive commercial ecosystem making money from fear, uncertainty, and executive pressure. The irony is that many organizations still struggle with basics: *weak data governance, *inconsistent controls, *poor third-party oversight, *fragmented systems, *manual processes, and lack of accountability. Yet suddenly everyone is talking as if plugging in “AI modules” will transform the enterprise overnight. My point is “people really do not know the impact” is important. A lot of executives currently do not want to appear behind the curve. So organizations are buying AI capability first and figuring out the real business value later. That creates exactly the kind of operational stress I have mentioned above described during SOX: *overloaded teams, *unrealistic timelines, *unclear expectations, *duplicated work, *and constant escalation culture. The experienced people, especially those from audit, operational risk, compliance, and regulatory backgrounds usually end up being the adults in the room because they have already seen these cycles before. That does not mean AI is hype only. Unlike some past trends, AI will absolutely have lasting impact in: *automation, *customer service, *fraud detection, *surveillance, *analytics, *coding, *document review, *and operational efficiency. But the “AI everything” phase will likely calm down. Over time, the market usually separates: real use cases that genuinely improve productivity, from expensive theatre created to satisfy boards, regulators, consultants, and industry trends. What often survives after the noise fades are the practical, common-sense implementations I used throughout my career: *don’t boil the ocean, *understand the actual risk, *apply proportionate controls, *and focus on what materially matters. That mindset is usually far more sustainable than reacting to every new regulatory or industry panic cycle. Good Luck!

On Thursday APRA wrote to every APRA-regulated board in the country and said, in plainer English than they normally use, that AI risk controls aren't keeping up with AI adoption. Whilst asset managers are not directly APRA regulated the same guidance applies. After 30 years sitting in those rooms, I can tell you what "not keeping up" actually looks like. It looks like a board paper that says "we are exploring AI" with no inventory of where AI is already being used. It looks like analysts pasting client positions into ChatGPT to summarise a memo, and nobody at the executive table knowing. It looks like a single vendor demo deciding the AI strategy because the people asked to challenge it don't have the technical literacy yet to push back. APRA called all of this out by name. Vendor over-reliance. Boards still building literacy. AI being treated as "just another technology" when the risk profile is genuinely different. The hard part isn't the regulation. The hard part is that most asset managers I talk to don't have an honest map of where AI is already in their workflow, who's accountable for it, what data it touches, and whether anyone is logging the prompts. You can't govern what you can't see. What's your firm doing to get a real handle on AI usage? Genuinely curious - happy to compare notes in DMs. https://lnkd.in/gk_-8wME

Generative AI and agentic AI offer meaningful productivity gains while introducing new risks that traditional IT and governance models were not designed to address. Beginning with a risk-focused review helps organizations build governance that aligns with real-world workflows, supports responsible AI use and reduces the likelihood of data exposure or operational surprises. #RiskManagement #DataSecurity #AI