StackAI co-founder Bernard Aceituno was recently featured in Forbes to discuss why governance is what stands between enterprises and agentic AI at scale.

Aceituno points to the gap in the numbers: 90 percent of enterprises are adopting AI agents and 79 percent expect full-scale adoption within three years, yet most deployments stall before they get there. That's because companies treat AI governance as a data privacy or model bias question when it's really a control question: who can build agents, what data they can touch, what gets released to production, and how it's all tracked once it's live.

He describes what ungoverned AI looks like in practice: shadow AI spreading across teams, no audit trail when something breaks, prototypes accidentally going live, and weak access controls exposing sensitive data. He also covers the new attack surfaces agents introduce, including prompt manipulation and poisoned retrieval sources.

The core of the article is an eight-layer governance framework Aceituno developed after working with hundreds of organizations deploying production AI: role-based access control, version control and change locking, workspace isolation, approval workflows, interface-level security, scoped data and tool access, identity management, and audit logging. He illustrates it with a construction firm using an AI agent to search OSHA standards and internal safety docs, where identity integration ensures the agent only retrieves documents the signed-in user is cleared to see.

You can read the full article on Forbes here.