Agentic AI needs guardrails before it needs more intelligence

If your AI is falling at the first hurdle, you’re probably not asking the right questions. Shalini Sivasamy writes about her compliance-aware RAG framework for regulated enterprise AI

Add bookmark

Shalini Sivasamy
06/29/2026

Every agentic AI demo I have sat through follows the same script. Look how smart it is. Look how many steps it can plan. Listen to how natural it sounds. And honestly, those things matter.

But in my experience, none of them are the question that decides whether a real deployment succeeds or falls apart. That question is simpler and a lot less exciting: what is this agent actually allowed to do, and who decided that?

I build RAG and agentic AI systems for large banks and insurance companies. That work led me to develop CA-RAG, a compliance-aware RAG framework for regulated enterprise AI. One thing you pick up fast in banking is that the model is almost never where the trouble starts. The trouble comes from what the system is allowed to do, whether you can explain its decisions after the fact, and what your plan is when it gets something wrong.

I think that is just as true for any AI-first customer journey today, not only in financial services. Governance gets treated like the boring bit you bolt on at the end. In reality, it is the thing that decides whether your customers trust the agent at all.

When AI starts taking actions, mistakes get expensive

In 2024, a Canadian tribunal ruled against Air Canada after its chatbot invented a bereavement discount that did not exist. And that was just a wrong answer.

No action taken, no transaction processed. Now think about what happens when an agent can issue a refund, change a booking, or file a claim on someone's behalf. A wrong answer becomes a wrong action. And wrong actions are a lot harder to walk back.

CX Network's own research puts AI-first customer journeys at the top of the CX practitioner's priority list through 2030. That same research also found the number one customer behavior this year is the awareness of how AI works and handles customer data. They will use your agent. But the moment it does something wrong, they are not calling out the model or the vendor. They are calling out your brand.

A smarter model would not have saved us

Here is something I learned the hard way. On one project at a large US bank, everything looked solid in testing. A few weeks after go-live, the system started returning answers that matched its source documents but were wrong for the real world.

The model had not changed. The problem was that a policy document had been updated and nobody had refreshed the knowledge base. A smarter model would not have caught that. It was a process failure, not an intelligence failure.

This is why I push back whenever a team wants to solve a trust problem by upgrading to a better model. A more capable agent does not reduce risk on its own. It just has more capability to make mistakes at scale. Without the right controls in place, you are not improving things. You are accelerating them in the wrong direction.

4 Guardrails I build into every agent

There are four things I always ensure every agent has built in:

1. Permission boundaries: The agent handles low-risk tasks on its own, like checking a balance or tracking a shipment. For anything medium risk, like changing account details, it pauses and asks the customer to confirm. For high-risk situations like disputes, complaints, or vulnerable customers, it hands off to a human, every time, no exceptions. I call this graduated autonomy. What surprises most teams is that customers respond well to it. When the agent is clear about what it will and won't do, people read that as confidence, not as a limitation.

2. Audit trails: If a regulator, or just an unhappy customer, came to you tomorrow and asked why the agent did what it did last Tuesday, could you actually show them?

Every action needs a record: which document the agent used, which version it was, and what it decided based on that. On one modernization project, we had two independent reviewers go through 187 automated field mappings before we let the system touch anything downstream. It felt like overkill at the time. It's also the reason the system still holds up.

3. Knowing when to hand off: The best systems I have built are designed to say "I'm not sure about this one, let me get a person" when confidence drops. Teams push back on this initially because it looks like the deflection rate is going up.

But a confident wrong action is far more expensive than a clean handoff. And when the case lands with a human agent who has the full context in front of them, it stops feeling like a gap in the journey. It becomes part of the journey. It also changes what the human's job looks like.

Handling AI escalations is higher-judgment work, and the organizations doing this well are starting to recognize and pay for that.

4. Post-launch compliance checks: This is the one teams most often skip; keeping compliance checks running after launch. Most teams test hard before go-live and then move on. That is exactly when the real issues start. The knowledge base goes stale. The retrieval surface picks up terms from the wrong product. The agent starts doing things the customer never actually agreed to.

Frameworks like the NIST AI Risk Management Framework and the EU AI Act are both pointing at the same thing: monitor continuously, keep your decision trails, and be upfront with customers when they are talking to AI. In my view, this should be woven into how the journey is designed from the start, not buried in a legal document that nobody reads.

Where to start with agentic AI guardrails

If you are planning an agentic AI rollout in 2026, I would start here: write down every action your agent could take. Then sort that list by risk.

Which ones can it handle alone?
Which ones need a confirmation step?
Which ones should always go to a person?

Once you have that sorted, make sure every action leaves a record you could show to someone later. That single exercise will do more for customer trust than any model upgrade you are considering.

The organizations winning with agentic AI right now are not the ones with the most sophisticated models. They are the ones whose customers never have to stop and wonder what the agent is actually allowed to do.