If you look back at the history of enterprise computing, an interesting pattern begins to emerge.
Every major technology wave creates a new thing that determines how systems behave. At first, that thing feels like an implementation detail. Then it becomes important enough that organizations start building processes around it. Eventually entire categories of infrastructure emerge to govern it.
Users followed this path. As organizations grew, it became impossible to manage access through informal processes and tribal knowledge. Identity became infrastructure. Entire industries emerged around users, groups, roles, entitlements, approvals, and lifecycle management because those things determined what systems were allowed to do.
The same thing happened with networks. Then with workloads. Then with cloud infrastructure. Every time computing introduced a new abstraction, it eventually introduced a new control problem. And every time that happened, a new control plane followed.
The reason is simple. Once something begins determining behavior, it becomes too important to leave unmanaged.I think we are watching that happen again. This time, the new control principals are being created by AI.
The workflow that nobody designed
Imagine asking an agent to prepare a quarterly business review.
The request sounds ordinary. Somewhere inside the organization there are customer conversations, planning documents, spreadsheets, support tickets, project updates, presentations, and meeting notes that will eventually contribute to the final result. Historically, somebody would have designed a workflow to collect those pieces. The workflow might have been simple or complicated, but it would have existed before execution began. The agent approaches the task differently.
It starts exploring. A customer conversation leads to a support issue. The support issue points toward a planning discussion. The planning discussion references another project. That project introduces a different set of stakeholders and documents. What began as a simple request slowly unfolds into a path that nobody explicitly designed.
Looking backward, the path feels logical. Looking forward, it would have been almost impossible to predict. That difference matters.
The most important thing the system produced was not the presentation. The most important thing it produced was the workflow itself. The plan emerged while the system was operating. The decisions that shaped the outcome were made dynamically as the agent interpreted the task, gathered information, and refined its understanding of what success looked like.
For decades, software executed workflows. Increasingly, software is constructing them. And once that happens, something subtle but profound changes. The things that determine behavior are no longer limited to identities, permissions, and applications. The interpretation of the task matters. The plan matters. The delegation decisions matter. The chain of reasoning matters. These artifacts begin shaping what the system ultimately does. Whether we realize it or not, they have become control principals.
The moment identity stops explaining behavior
A few months ago, I found myself in a discussion about an AI agent that had produced an outcome nobody wanted. The investigation initially followed a familiar path. Logs were reviewed. Permissions were checked. API calls were traced. Someone verified that the credentials were valid. Someone else confirmed that every system involved had been properly authorized.
The deeper the investigation went, the stranger it became. Nothing appeared broken. The agent was operating exactly as it had been permitted to operate. Every access-control check had succeeded. Every policy had been respected. Every action fell within approved boundaries.
And yet everyone agreed that the result was wrong. The conversation changed when someone asked a different question. Not who performed the action. Not what system was involved. But why the agent believed that action belonged inside the task at all. The room became noticeably quieter.
Not because the question was unreasonable, but because nobody had a good answer.
The systems we have spent decades building are very good at explaining actors, permissions, resources, and actions. They are far less capable of explaining how an autonomous system arrived at a decision. Somewhere between the original request and the final action, the agent had interpreted the task in a way that drifted from what the humans in the room intended.
Identity could explain who acted. It could not explain how the system arrived there.That distinction is becoming increasingly important.
Why AI governance feels unsatisfying
One reason so many conversations about AI governance feel incomplete is that the industry keeps applying old control models to new control principals.
Most governance systems were designed around deterministic software. The workflow existed before execution. The software carried it out. If something went wrong, the investigation focused on permissions, ownership, access, or execution.
Agentic systems create a different challenge. The behavior itself is often the result of a sequence of interpretations. A request becomes an objective. The objective becomes a plan. The plan evolves as new information appears. Tasks are delegated. Assumptions accumulate. Eventually the system arrives at an action.
The critical decisions frequently occur before execution. By the time an API call appears in a log, much of the story has already happened.
This is why traditional approaches often feel as though they are observing the consequences rather than governing the process. They are looking at the final chapter while the interesting decisions were made much earlier.
As plans, reasoning paths, delegation chains, and execution lineage become the things that actually determine behavior, governing only the final action becomes increasingly insufficient.
The challenge is no longer simply controlling what software does. The challenge is controlling how software decides what to do next.
The temptation to use AI to govern AI
The industry’s first instinct has been predictable. If AI systems are creating new control problems, why not use more AI to solve them?
The idea appears everywhere. Models evaluate other models. Agents supervise other agents. AI systems generate policies for AI systems. Reasoning systems critique reasoning systems. The logic feels attractive because it allows the control layer to evolve at the same pace as the workload.
The problem is that uncertainty does not disappear simply because another model has been inserted into the loop. A simple piece of arithmetic illustrates the issue.
If a system is correct 90% of the time, and a second system that is also correct 90% of the time is responsible for governing it, the resulting system does not magically become deterministic. The uncertainty remains. In many situations, it compounds.
The exact numbers are less important than the intuition. A stochastic controller remains stochastic. The control layer inherits many of the same properties and failure modes as the system it is attempting to govern.
This is not a criticism of AI. It is a property of control.
Throughout the history of computing, durable control planes emerged only when they stood outside the thing they were governing. We do not ask applications to enforce operating-system security. We do not ask workloads to define cloud isolation. We do not ask user code to establish the security boundary.
Eventually, the controller and the controlled separate. AI is following the same pattern.
Why ArmorIQ exists
At ArmorIQ, we believe AI is creating a new generation of control principals.
Purpose determines behavior.
Intent determines behavior.
Plans determine behavior.
Delegation determines behavior.
Execution lineage determines behavior.
Those artifacts increasingly influence what a system becomes long before any action reaches an API, a database, an MCP server, or an operating system.
The more we studied agentic systems, the more obvious it became that the important failures were occurring at these layers. Sometimes a plan drifted away from the original objective while remaining internally consistent. Sometimes authority expanded during refinement even though every individual action remained authorized. Sometimes execution faithfully followed a plan that should never have been accepted in the first place.
The common theme was that the system remained technically correct while becoming behaviorally wrong. That realization led us toward a different conclusion. The future of AI does not require deterministic models. It requires deterministic control.
The objective is not to eliminate uncertainty from reasoning. Uncertainty is what makes these systems adaptive and useful. The objective is to ensure that uncertainty remains bounded. Plans may evolve, but they should not expand beyond their authorized scope. Delegated tasks may continue, but they should not acquire authority that was never granted. Actions may execute, but they should remain connected to the purpose that originally justified them.
In other words, the control plane must exist independently of the stochastic system it governs.
The next generation of infrastructure
Every major wave of computing eventually teaches the industry the same lesson. Once something becomes important enough to determine behavior, it eventually becomes important enough to govern.
Users became governed. Networks became governed. Workloads became governed. AI is creating the next generation of control principals.
Not because human intent is perfectly knowable. Not because plans are infallible. Not because reasoning can be reduced to a set of rules. But because these artifacts increasingly shape what systems do in the world.
For decades, the defining question of enterprise security was straightforward: Who is allowed to do what?
That question remains essential. But agents are forcing another question into existence: What is determining what happens next?
And the systems that learn how to govern these new control principals will define the next generation of enterprise infrastructure.
