The AI governance crisis hiding in plain sight: You may be running AI agents you do not know exist

When a government agency deploys a new digital service, there is typically a trail involving approvals, risk assessments and change requests.

But when it comes to artificial intelligence (AI) agents, tools that can act, decide, and access data autonomously, that trail often does not exist. The agent is perhaps hosted on one cloud platform but uses another workflow tool.

In many cases, no one has a complete picture of what is out there, and let alone what it is doing.

That visibility gap is becoming one of the defining governance problems for public sector IT leaders.

Deploying AI, it turns out, is no longer the hard part. Governing it is.

“You cannot control something you don't know exists,” said Yash Khandelwal, Solution Architect, ServiceNow Practice, Fujitsu, during a webinar hosted as part of ServiceNow’s Public Sector Enablement series on May 18, titled “From digital design to digital confidence — Running government operations at scale with AI”.

The invisible AI estate

The speed of AI adoption has outpaced the infrastructure needed to manage it.

Agencies are running AI tools across multiple cloud environments often in parallel, and without a unified view of what each system is doing, what data it is touching, or whether it is operating within set boundaries.

This becomes a structural risk where an AI agent might be hosted on one cloud platform while drawing on data from another. It may have been stood up quickly for a specific use case and never formally categorised.

No single team has the full picture – not IT, not risk, not agency leadership.

The result is a genuine tension for public sector IT leaders. As Ashish Pandey, ServiceNow's Solution Sales Lead for Risk and AI Governance, puts it, AI is delivering real operational value, by automating tier-one incidents, accelerating vulnerability response, and reducing resolution times, while simultaneously introducing risks that traditional governance frameworks were never designed to handle.

“When AI is bringing a lot of value, when technology is giving you more outcomes, it also brings a lot of risk associated with it,” Pandey said.

Getting visibility into security-related challenges and risks, he noted, is now one of the top priorities for IT leadership today.

The starting point for any governance response, both speakers argued, is simply knowing what you have: an agency that cannot enumerate its AI agents cannot set boundaries for them or assign accountability when something goes wrong.

Their response is ServiceNow's AI Control Tower, which automatically discovers AI agents across an organisation's technology estate and surfaces them into a single, consolidated view regardless of where they sit.

For many agencies, the result is the first  comprehensive AI asset inventory they have ever had.

When AI crosses a line

Consider what ungoverned AI looks like in practice.

Some agents will have been formally onboarded, including built, tested, and deployed with appropriate controls.

Others operate without that governance scaffolding. In the public sector context, where a misconfigured AI agent could expose citizen data or breach regulatory requirements, that concern is not hypothetical.

The scenario Khandelwal described is plausible for any agency operating at scale: an AI agent quietly accessing data it was never authorised to use. Under traditional IT oversight, that activity might go undetected entirely.

Under a governance framework with behavioural monitoring, that access attempt becomes a logged case that is linked to the relevant regulatory frameworks, routed through existing incident management workflows, and assigned to an owner.

The shift is significant because a breach that was previously invisible now becomes an auditable event, one that can be remediated, reported, and learned from.

Beyond simply cataloguing what AI systems exist, the platform monitors their behaviour, flags anomalies, tracks what data each agent is accessing, and surfaces any activity that falls outside pre-set boundaries.

If an AI agent attempts to access data it is not authorised to use, the system logs it as a case, links it to relevant regulatory frameworks, and routes it through the agency's existing incident management workflows.

What might otherwise go undetected becomes a trackable and auditable event.

The same logic applies to access rights. Identity and access management, which is the process of controlling who can access what, has long been standard practice for human users in government. That discipline now needs to extend to AI agents on the exact same terms.

“Getting visibility of identity and access management is very key,” Pandey said.

The principle extends beyond human accounts: any AI agent holding privileges beyond what its function requires should trigger the same scrutiny as an over-privileged human user.

From adoption to accountability

The public sector’s AI conversation needs to mature.

The early phase of pilots and proof-of-concepts has served its purpose. What comes next is harder: accountability structures that can keep pace with the technology itself.

The question for agencies that have already invested in digital transformation is no longer whether AI works. It is whether they can demonstrate that it operates safely, transparently, and within defined limits, and whether, when it does not, they will know.

If you’re interested to learn more, you can check out the rest of ServiceNow’s webinar series here.