Scott Wueschinski
← All articles

Insight

AI governance is not a slide deck

What real AI governance looks like in operations — auth scoping, audit trails, escalation paths, deprecation rhythms — versus the slideware most enterprises still call a strategy.

· 8 min read

Most enterprise AI governance in 2026 is still a slide deck.

The slide deck is detailed. It has principles. It names “responsible AI.” It references EU AI Act compliance. It got board approval in Q3 2024. The Chief AI Officer presents from it.

It has almost zero relationship to what’s running in production.

This article is the operational version. What real AI governance looks like in the systems that actually deploy agents — auth scoping, audit trails, escalation paths, deprecation rhythms, model-upgrade hygiene. The version that survives a security audit, not the version that survives a board meeting.

What the slide deck version does (and doesn’t do)

The slide deck version is real work. It usually includes:

  • A statement of principles (responsible AI, human-in-the-loop, fairness, transparency)
  • A vendor selection framework
  • A compliance checklist (data residency, EU AI Act, sector-specific regulations)
  • An “AI council” charter with cross-functional representation
  • A risk taxonomy

This is fine. It’s necessary. It’s not governance.

What’s missing — and what makes it slideware rather than operational — is the layer between the principles and the production agents. Specifically:

  • Auth scoping at the agent level. Which agents can read which data, write to which systems, on behalf of which users?
  • Audit trails the security team can use. Every tool call, every model invocation, every data access logged in a queryable form.
  • Escalation paths the agent actually uses. When the agent encounters a case it shouldn’t act on autonomously, what does it do?
  • Deprecation rhythms for both agents and models. When a model is upgraded or a tool surface changes, how is the change rolled out and rolled back?
  • A monitoring layer that surfaces drift. When an agent’s behavior changes — calibration, latency, output shape — who sees it, when, and how do they intervene?

A team without these five operational pieces is shipping pilot theater on a long deployment cycle. The slide deck doesn’t fix that gap; it papers over it.

What real governance looks like in production

Five components. The teams running production AI in regulated industries (financial services, healthcare, government-adjacent retail) have all five. Most enterprise teams have at most two.

1. Auth scoping at the protocol layer

The agent’s tool access flows through MCP servers. Each MCP server enforces auth at the protocol level — not at the application level — based on the requesting human’s identity. The agent never has more access than the human it’s serving.

Concretely: when a CSM agent acts on behalf of a CSM, it can only read accounts the CSM owns. When the same agent acts on behalf of an admin, it can read the full account base. The auth contract is in the MCP server’s tool description, enforced by the underlying data layer (row-level security in Supabase, equivalent in Snowflake), and audited by the security team without requiring agent-code review.

This is the foundational piece. Without it, the agent is a security incident waiting for a regulator to find it. With it, the security audit becomes routine — same shape as auditing any other application.

2. Audit trails as queryable data, not application logs

Every tool call, every model invocation, every retrieval, every decision the agent makes — logged as structured data in a queryable system (Supabase, Snowflake, BigQuery). Schema includes: timestamp, requesting human, agent identity, tool called, input shape, output shape (or hash), success/failure, model version, prompt version.

The security team should be able to answer “what did agent X do for user Y in the last 7 days” with a single SQL query. Not by reading application logs. Not by paging an engineer to grep through Cloudwatch. As data, queryable.

This is meaningfully more work the first time and meaningfully cheaper after that. Teams without this discipline retrofit it under regulatory pressure; teams with it pass audits in days, not quarters.

3. Escalation paths the agent actually uses

Real agents make decisions. Some decisions shouldn’t be autonomous. The agent needs to know which decisions to escalate, where to escalate them, and how to wait for the human response.

Concretely: a scoring agent’s prompt includes a “when to escalate” section. Edge cases the agent flags rather than acts on. The escalation goes to a Slack channel with the right human owner, the agent’s reasoning, and a structured request for adjudication. The agent waits — the workflow is paused, not failed — until the human responds.

Most teams skip this because it’s slow to design and easy to fake with “the human reviews everything.” That fake works until volume scales, at which point the human review becomes a rubber stamp and the governance is theatrical.

4. Deprecation rhythm for both agents and models

Agents change. Tools change. Models change. Without a deprecation rhythm, every change is a breaking change for every consumer.

Real governance includes:

  • Versioning at the agent level. Agent v1.4, v1.5, v2.0. Versions are visible in audit logs.
  • Deprecation periods. When an agent version is deprecated, downstream consumers get N weeks of warning before the version stops working.
  • Rollback paths. Every model upgrade has a documented rollback. Every prompt change has a documented rollback. Production agents don’t ship without one.
  • Change windows. Agent updates ship on a known cadence (e.g., Tuesday morning), not whenever an engineer pushes a commit. Stakeholders can plan around the cadence.

This sounds like ops hygiene. It is. AI governance that doesn’t include ops hygiene isn’t governance — it’s principles.

5. Drift monitoring with named owners

Agents drift. Calibration changes when the underlying data changes. Latency degrades when the underlying tools change. Output shape can change when the model upgrades.

Real governance includes a monitoring layer that surfaces drift in production, with named owners who respond. Three signals minimum:

  • Calibration drift (precision/recall on held-out cohort, weekly)
  • Latency drift (P95/P99 of decision time, daily)
  • Output-shape drift (schema-validation failures, in real time)

Each has a Slack channel, a named human owner, and an SLA on response time. Drift without an owner isn’t monitored; it’s instrumented.

The diagnostic: slideware or operational?

Three questions to surface where your team’s governance actually lives:

1. Can you answer “what did agent X do for user Y last week” in under 10 minutes, with data? If the answer requires paging an engineer to read logs, you’re in slideware. If it’s a SQL query against an audit table, operational.

2. When the model upgraded last quarter, did anything in production break? If yes, did you have a rollback? If no, did you know in advance? Operational governance has a deprecation rhythm. Slideware governance has surprises.

3. When was the last time an agent escalated a case to a human, and how did the human know? If the answer is “agents don’t really escalate,” your escalation paths are theatrical. If it’s “yesterday, via Slack channel #ai-escalations, owned by [named person],” operational.

Failing all three is the slideware-only pattern at full strength. Failing two is the most common middle state. Passing all three is rare in 2026 enterprise — and it’s the gap the regulated cohort is going to enforce on the rest of the market over the next 18 months.

Why this matters in 2026 specifically

Three forces converging:

1. Regulator attention is sharpening. EU AI Act enforcement starts producing real consequences in 2026. Sector-specific regulators (healthcare, financial services, ad targeting) are publishing operational guidance that requires evidence of governance, not principles.

2. Insurance underwriting is starting to ask. Cyber insurance renewals in 2026 are starting to include AI-governance questionnaires. The questions are operational — “show me your audit trail schema” — not principles. Teams without operational governance pay higher premiums or get exclusions.

3. Enterprise buyers are starting to require it. Procurement processes for AI-touched workflows include security reviews that ask for the operational evidence. Vendors and internal teams without it lose deals or get bumped to a longer review cycle.

The cost of slideware governance, which was zero in 2024, is becoming real in 2026. Real money, real friction, real deal slippage.

What to do about it

If your team is in slideware-only mode, the operational fix is bounded but real. Roughly:

Quarter 1: build the audit trail. Choose the data layer (Supabase / Snowflake), define the schema, instrument every production agent to write to it. The schema work is the most consequential decision; once it’s set, instrumenting agents is mechanical.

Quarter 2: retrofit auth scoping. Every MCP server gets an auth model tied to the requesting human. Every tool description documents the auth scope. Security review becomes a routine activity, not a fire drill.

Quarter 3: ship the escalation + deprecation rhythms. Each production agent gets a “when to escalate” section in its prompt + a Slack channel with a named owner. Each agent has versioning. Each model upgrade has a documented rollback.

Quarter 4: drift monitoring and SLA. Calibration, latency, output-shape, all monitored. Each has an owner with a response SLA.

A year of focused work. Bounded scope. By Q1 2027, the team can answer the three diagnostic questions affirmatively, can pass enterprise procurement security reviews, can defend cyber insurance underwriting, and can absorb regulator attention without scrambling.

The CODN angle

The CODN of slideware-only AI governance in 2026:

  • Lost enterprise deals as procurement security reviews fail.
  • Higher insurance premiums as underwriters require operational evidence.
  • Regulator risk as enforcement actions begin.
  • Senior AI engineering talent flight as the candidates who care about governance choose teams where governance is operational.
  • Compounding retrofit cost as every quarter of slideware adds to the eventual operational build.

The CODN at enterprise scale is conservatively 18 months of compounding governance debt — and the cost of closing that debt rises every quarter.

The bottom line

AI governance is not a slide deck.

If your team’s governance lives in PowerPoint and the audit trail lives in application logs, you’re in slideware mode. The slideware mode worked through 2024-2025 because nothing tested it. 2026 starts testing it — through regulators, through insurance, through enterprise procurement.

The five operational components — auth scoping, queryable audit trails, real escalation paths, deprecation rhythm, drift monitoring with named owners — are the answer. The slide deck is the cover.

Build the operational version before the test arrives. Don’t, and the test arrives anyway, and the slide deck doesn’t help.