A recent Gravitee survey reported a startling number: 82% of U.S. companies say they have seen AI agents “go rogue” in the last 12 months. It sounds dramatic, but for teams using agentic AI in production workflows, the finding rings true. From unexpected API calls to unauthorized data access, agents are behaving in ways that surprise even the teams who deployed them. But here’s the deeper truth: AI agents aren’t going rogue; they’re operating without a verifiable notion of intent.
The KRON4 article frames this as an API governance failure, and while that’s part of the story, the real root cause is more fundamental. Enterprises today are giving AI agents identity and permissions, but not giving them an enforceable understanding of what they are supposed to do. Identity tells us who is acting. Permissions tell us what they could access. Zero Trust tells us where they are acting from.
But none of these systems tell us why an agent is taking an action, or whether that action is still aligned with the task it was assigned.
That gap is precisely what enterprises are experiencing as “rogue behavior.” It looks like an agent calling APIs not scoped to the task, tools being chained unexpectedly, data being accessed because it was contextually relevant, or actions being taken because the model inferred a step that no one approved.
These aren’t bugs in the agents, they’re symptoms of a system where intent is invisible. Once an agent starts reasoning autonomously, the platform has no way to verify that each step matches the user’s purpose. This is why traditional identity and API gateways cannot keep agents contained. They only validate permission, not intent. If the agent has the credential, the system assumes the action is valid. For AI agents, that assumption breaks down immediately.
The solution is not to slow down adoption. It’s to introduce a missing layer:
A control plane that governs what the agent intended to do, not just who it is.
