The biggest AI risk in your organisation isn't a model failure. It's a governance decision that hasn't been made yet. When an agent processes a document it shouldn't, the question regulators ask isn't whether the AI misbehaved — it's whether your organisation had controls in place.
Picture this.
Your team deployed an expense receipt processor three weeks ago. It works. Your finance exec is impressed.
Then someone accidentally uploads a salary benchmarking spreadsheet into the shared receipts folder. The agent processes it. Extracts names, figures, job grades. Saves the output to a shared drive that four departments can read.
By Friday afternoon, someone in procurement has seen data that was never meant to leave HR.
The agent did exactly what it was designed to do: process documents. Nobody told it not to process that document. Nobody defined what that folder was off-limits. Nobody put a review gate before the output went live.
This is the governance gap — and it is your liability, not the model's. It's also Mistake #2 in why AI deployments fail.
Why Prompts Don't Protect You
When something goes wrong, "I told the AI not to do that" is not a defence your boss will accept.
Prompts are suggestions. A model follows a prompt when it is convenient — until context length, an ambiguous instruction, or an edge case overrides it. There is no audit trail. There is no version history. There is no escalation path.
A prompt is what you hope the agent does. A manifest is what the agent is contractually bound to do.
| Prompt | Agent Manifest RULES | |
|---|---|---|
| Format | Natural language | Structured, versioned document |
| Persistence | Rewritten every session | Permanent until deliberately changed |
| Scope | What the AI should do | What the AI can and cannot do |
| Edge cases | Model's judgement | Your explicit rules |
| Audit trail | None | Full — the manifest is the audit trail |
| Authority | Anyone typing | Process owner with sign-off |
The difference is the difference between telling an intern to "handle something" and giving that intern a documented SOP, clear authority limits, and an escalation path.
The 4 Governance Gaps That Create Real Problems
Gap 1: No Data Boundaries
Your agent will process whatever is accessible to it. If you have not defined what it can and cannot touch, it will touch everything.
In Singapore, Malaysia and across SEA, data protection obligations under PDPA, PDPO and MAS guidelines mean that uncontrolled data access isn't just an operational risk — it's a compliance exposure.
The fix: Define permitted file types, excluded folders, and sensitive data actions in the agent's rules — before deployment, not after the incident.
Gap 2: No Escalation Path
Humans escalate when they're uncertain. Without explicit instructions, agents don't — they guess.
A customer inquiry agent might approve a refund it has no authority to issue. A recruitment agent might filter candidates using criteria it inferred, not criteria you approved.
The fix: Define escalation conditions: amount thresholds, confidence scores, keyword triggers. The agent doesn't decide whether to escalate. The rules decide when.
Gap 3: No Output Governance
Who reviews your agent's output before it reaches a client, a candidate, or a regulator?
In most deployments the answer is nobody. The output flows directly from model to destination. Email sent. Spreadsheet updated. Report filed. No checkpoint.
The fix: Add review gates. The agent drafts. A human sends. The 30 seconds a human spends approving the output is what keeps accountability in the right place.
Gap 4: No Version Control
Your agent's behaviour changed. When? Why? Who approved the change?
With prompts, there's no history. Someone on the team edited the system prompt two weeks ago. Now the agent responds differently and nobody can explain why.
The fix: Version your agent manifests. Every change is documented, attributed, and reversible. When your MD asks "why did the system do that?", a versioned manifest gives you an exact answer. A prompt gives you a guess.
Think of the Manifest as Three Documents in One
| What You Already Have | Manifest Equivalent | What It Governs |
|---|---|---|
| Job Description | Agent identity + capabilities | What the agent does; its role and scope |
| Code of Conduct | RULES section | Boundaries, data access, escalation triggers |
| SOP | WORKFLOW section | Step-by-step process, output format, review gates |
When you write a manifest, you are not programming an AI. You are documenting a role — with the same rigour you would apply to any new hire who has access to sensitive systems. (This is also how your existing SOPs become agent blueprints.)
Your 7-Question Governance Checklist
Before you deploy any AI agent, answer these:
- What data can it access? Define permitted file types, folders, and sources.
- What is explicitly off-limits? Name the folders, fields, and data classifications it must never touch.
- When does it escalate? Define the conditions that require human review before action.
- Who approves the output? Name a specific person or role — not "the team."
- Can it communicate externally? Decide whether it can email, post, or transmit data outside your organisation.
- Who can change the rules? Restrict manifest edit access to the process owner.
- How do you roll it back? Confirm the manifest is versioned and previous versions are retrievable.
Governance Is Not a Phase. It's the Foundation.
The temptation is to treat governance as something you add after the agent is working — after the pilot succeeds, after the team is comfortable.
That is like installing seatbelts after the car is on the highway.
RULES before WORKFLOW. Escalation paths before first input. Data boundaries before first document. That is what separates agentic AI a department head can stand behind from agentic AI that gets cancelled after the first incident. And it's why learning AI is not like learning software — your team needs to think in systems, not features.
→ Describe your bottleneck. See it deconstructed — with governance built in.
Frequently Asked Questions
What is AI agent governance?
The policies, rules, escalation paths, and approval mechanisms that define what an AI agent is and is not permitted to do autonomously. Without governance, there is no accountability — only exposure.
How is an agent manifest different from a prompt?
A manifest is a permanent, versioned document. A prompt is a per-session instruction the model may override. The manifest functions as an operational contract; the prompt does not.
Do I need technical expertise to define governance rules?
No. Governance rules are written in plain English. If you can write a policy for a human employee, you can write governance rules for an AI agent.
How does this help with PDPA compliance?
A versioned manifest with explicit data boundaries, a defined escalation path, and an output review gate provides documented evidence of controls — which regulators and auditors look for when assessing AI deployments. It doesn't replace legal counsel, but it gives you something concrete to show.