Article by Vanessa Lyon et al: “…Because agentic systems can plan, decide, and act across workflows with limited human intervention, they alter how data is accessed, combined, stored, and propagated across the enterprise.
Autonomous execution allows agents to modify records and trigger transactions in real time. Cross-system orchestration moves data across platforms, APIs, and third-party environments as part of multistep tasks. Instructions or errors can cascade beyond their original scope. At the same time, contextual memory layers such as prompts and vector stores may retain sensitive information. Agent-generated outputs can inherit the sensitivity of underlying data while escaping established classification models.
Agentic AI also expands exposure; it can involve integration with third-party systems, data providers, and external tools. As agents execute workflows, they interact with APIs, partner platforms, and external models, operating beyond enterprise-controlled environments. This reduces control, creates dependency on external governance, and diffuses accountability.
As agents execute workflows across systems, data can expand exposure and make unintended changes harder to contain. These dynamics are most visible in five risk categories:
- Propagation Risks. Data moves beyond its intended boundaries, spreading exposure across systems and third-party environments and increasing the chance that errors or unauthorized changes will cascade.
- Persistence Risks. Sensitive information remains in prompts, embeddings, caches, or logs beyond its intended lifetime, creating long-term leakage and compliance challenges.
- Autonomy Risks. Agents act or decide beyond their mandate, modifying records or triggering downstream processes without human oversight.
- Emergence Risks. Interactions among multiple agents or components produce compounded behaviors or unexpected outcomes, amplifying harm.
- Third-party Risks. Reliance on external systems introduces dependency, inconsistent control enforcement, and reduced clear accountability.
These categories help represent concrete failure modes that policies, controls, and architecture must address. In parallel, data quality emerges as a foundational risk vector in agentic environments. Unlike traditional settings where poor data quality might result in inaccurate reporting, agentic systems can act on flawed data in real time, triggering decisions and downstream processes before human intervention is possible. This elevates data quality to a governance priority as completeness, timeliness, and semantic consistency directly shape the safety of autonomous actions…(More)”.
