We spent a week reading AI-governance posts. Everyone is circling the same missing gate.

At a Glance We built a listening system to find the people writing about AI governance on LinkedIn, then joined about twenty of their conversations instead of pitching at them. After reading close to a hundred posts, the pattern was hard to miss: advisors, founders, and even direct competitors are all independently reaching for the same two things their own audit trails can't give them. A named human who owns the outcome above the loop, and a rights check on the data before and after the agent acts. That convergence is the strongest evidence we have that "Governed Autonomy" named a real gap, because we didn't have to argue the gap into existence. The field walked up to it on its own.

Key Takeaways

• The discourse has already won the first argument. Almost nobody serious still thinks a policy PDF is governance. The live debate has moved to evidence, provenance, and execution records.
• But evidence is where everyone stops, and their commenters keep saying so. "Provenance without an owner protects no one." "Who ultimately owned the outcome?" "What determined the action was admissible in the first place?" Those are three people describing the same hole.
• Governed Autonomy fills it with two things tracking can't: a Release Owner who answers for the result above the loop, and two data-rights gates, a right to use before the agent ingests and a right to release before it emits.
• The piece nobody else is building is the audit of the oversight itself. If you don't measure the override rate and the response time, "a human reviewed it" quietly becomes a signature at 400 decisions an hour.
• We engaged by citing people, not pitching them. The paper is the contribution; the product stays out of the comment.

We just ran a small experiment in public, and it told us something about where the market actually is on AI governance. So here's the field report, including the part where the people we were reading kept describing our own thesis back to us without knowing it.

What we were actually doing

The boring version: we wanted to talk to the people thinking hardest about agentic-AI governance, in the rooms where they already are, without being the guy who shows up to every thread selling something.

So we built a method instead of a list. We took everything we've published, our own answer library and a whitepaper called Governed Autonomy: Human Accountability Above the Loop in Agentic AI, and turned it into a fingerprint of the ideas we actually have something to say about. Then we ran that fingerprint two ways. One pass searched by person, the voices an audience study had already flagged. The other searched by content, scraping recent posts on AI governance, the EU AI Act, agent oversight, and provenance, and scoring each one for how tightly it circled the gap our work addresses.

The rule for engagement was simple and it's the whole reason this didn't feel gross to do: comment to add something, cite the person's own work or our paper, never name the product. If their post mapped to a question we'd already answered, we said so and linked the answer. If it didn't, we asked a sharper question and left. About twenty conversations, zero pitches.

The content search alone returned seventy-two posts in one pass. We read close to a hundred across the week. That's a big enough sample to stop being anecdote and start being a signal.

The first argument is over

Here's the good news for anyone who's been saying it: the "governance is not a PDF" fight is basically won among the people who post about this for a living.

Usman Naim laid out eight layers of governance infrastructure and called the policy document what it is, a thing that documents ungoverned activity beautifully. Soham Trivedi drew the line between observability, which tells you what happened inside your system, and provenance, which proves how an AI-driven action came to exist in a form you can hand a regulator. Dani Danwin's banner was "compliance fails in behaviour, not documents." Three different people, same week, all past the policy-PDF stage and arguing about evidence.

That's real progress, and it's worth saying out loud before the next part, which is the criticism.

Where the whole field stops

Everyone gets to evidence and then stops at evidence. And their own commenters won't let them.

Under Soham's post, a strategist named Shadab pushed back with the line that became the theme of the entire week: "provenance alone doesn't create accountability; someone still needs to own the decision path the record reveals." Under Dani's, Paul O'Brien listed what evidence still doesn't answer, "what authority it had, what required human approval, who ultimately owned the outcome." On a post by Paul Knowles, the CEO of a governance startup, the framing was almost a definition: "Provenance is evidence. Governance is authority." His own phrase for the missing piece was a "named consequence-bearer."

It kept happening. Chris C. on one thread called it "admissibility," the question of what determined an action was allowed in the first place. Javier, an enterprise architect, called it "the prior declaration, what each system was permitted to do, under whose authority, before it ran." Keisha Williams built a whole concept she calls Decision Custody around the idea that provenance and human-in-the-loop review are "necessary but not sufficient unless bound to a non-delegable custody chain before action is taken."

Read those back to back. A named consequence-bearer. Who owned the outcome. Admissibility before execution. The prior declaration. A non-delegable custody chain. Those aren't five ideas. That's five smart people standing around the same hole, each naming a different edge of it, none of them quite closing it.

What Governed Autonomy actually adds

The hole has a shape, and the shape is two specific things that tracking, by definition, cannot give you. We drew it as a flow before we ever ran this campaign.

The first is a human who owns the outcome above the loop, not in it. In the loop, a person reviews each step, which doesn't scale and decays into rubber-stamping the moment volume rises. Above the loop, one named Release Owner sets which decisions the machine is allowed to make on its own and answers for the result regardless of how much of the work the machine did. The accountability never gets automated, even when the labor does. That's the "named consequence-bearer" Paul Knowles was reaching for, given a job description and a signature.

The second is the data axis, and it's the half almost no one in these threads has reached yet. Authority to act and right to the data are different failures. So Governed Autonomy puts a gate on each end of the action. A right-to-use gate before the agent ingests, asking whether the license, the terms, the opt-out signals, and the lawful basis actually permit this input. A right-to-release gate before the agent emits, asking whether the output stays inside the input's terms, carries the attribution, and leaks no protected data. Eric Yehle, a security founder, got one edge of this exactly right when he said "the model was instructed not to" is not an enforceable access control. That's the right-to-use gate. The right-to-release gate is its mirror, and the pair is what makes an agent's authority attach to a right to act, not just an identity.

Then there's the piece that turns the whole thing from a diagram into a discipline, and it's the one nobody else is building. You have to audit the oversight itself. Solomon Legesse named the failure mode perfectly: he calls it Accountability Theatre, the Human Override Illusion, a reviewer approving 400 decisions an hour where the meaningful review rate is zero and the signature is legal cover, not oversight. The answer isn't to assert that a human is in the loop. It's to measure the signing. Track the override rate and the response time on every high-stakes gate, and a gate that's signed every time, instantly, lights up as asleep. A signature you don't audit is a signature that rots.

The honest part

Here's the edge, because a post that only flatters its own framework is doing the exact polish move we warn about.

We didn't invent this convergence and we can't take credit for it. These people got to the edge of the same idea on their own, often with sharper language for individual pieces than we use. Keisha's "non-delegable custody chain" is a better phrase than half of ours. Solomon's "Accountability Theatre" should be in everyone's vocabulary. What we did was draw the whole shape at once and put citations under it, the named owner and the two data gates and the audited oversight as one model instead of five separate good instincts. The paper's contribution isn't a single new idea. It's the assembly.

And the campaign itself was a governed-autonomy artifact, which is the part that made it worth writing up. A system found the posts and drafted the comments. A named human read every one and signed it before it went out, and caught the system trying to post under the wrong identity once. The machine did the labor. The accountability stayed above the loop. That's not a metaphor we reached for after the fact. It's just how the work has to run if you believe the thing you published.

Sources

The conversations, in the order we read them. These are public posts; go argue with the people in them, they're worth it.

• Soham Trivedi, on observability versus provenance: linkedin.com/posts/sohamtrivedi-techalchemy
• Usman Naim, "eight layers of governance infrastructure": linkedin.com/posts/usmannaim
• Paul Knowles, "Provenance is evidence. Governance is authority.": linkedin.com/posts/semanticnerd
• Solomon Legesse, "Accountability Theatre" and the Human Override Illusion: linkedin.com/posts/solomon-legesse
• Keisha J. Williams, "Decision Custody" and the non-delegable custody chain: linkedin.com/posts/keishajwilliams
• Kaivalya Powale, the "Agent Decision Record" and authorizing intent: linkedin.com/posts/kaivalya-powale
• Eric Yehle, on enforceable access control for agents: linkedin.com/posts/eric-yehle
• Andy Dé, "someone's name needs to be on what the AI does": linkedin.com/posts/andyde
• Cassie Kozyrkov, "'the LLM decided' is not an explanation": linkedin.com/posts/kozyrkov
• Morgan Templar, "every AI agent should have a job description": linkedin.com/posts/morgantemplar
• Alice Xiang, "Are we entering the age of data nihilism?" (TIME op-ed)
• Arnaud Perret (AgentRail), Junaid Ali Khalid (ComplyAI), and Dani Danwin (TrustLayers), on agent-governance and execution-evidence platforms.

The formal backbone, for the parts that aren't opinion.

• Cougias, D. (2026). Governed Autonomy: Human Accountability Above the Loop in Agentic AI. CC BY 4.0, DOI 10.13140/RG.2.2.33030.74565. Full essay: thefrontierfounder.com/essays/governed-autonomy-human-accountability-above-the-loop-in-agentic-ai.
• NIST (2023). Artificial Intelligence Risk Management Framework (AI RMF 1.0), NIST AI 100-1. DOI 10.6028/NIST.AI.100-1. The GOVERN / MAP / MEASURE / MANAGE functions our gates operationalize.
• EU AI Act (Regulation 2024/1689), Article 12 (record-keeping / logging) and Article 50 (transparency), the legal weight under "keep the trace" and "carry the provenance."
• GDPR Articles 6 and 22 (lawful basis; automated decisions), and the EU DSM Directive Article 4 (the text-and-data-mining opt-out), which the right-to-use gate reads.
• hiQ Labs v. LinkedIn and Van Buren v. United States, the access cases that make "authorized to act" a legal question, not a preference.
• Xiang et al. (2025). FHIBE, the first consensually collected fairness benchmark, Nature, the clearest example of getting consent at collection instead of reconstructing it after the fact.

The whitepaper lays all of this out with the full argument and the complete citation list. This post is the field report from taking it out into the conversation.