Papers
Topics
Authors
Recent
Search
2000 character limit reached

Agentic AI Governance Maturity Model

Updated 5 July 2026
  • AAGMM is a staged maturity model that defines agentic AI governance through concrete controls, artifacts, and operational workflows across diverse domains.
  • The framework integrates runtime policy enforcement, auditability, and human oversight to manage transitions from isolated agents to coordinated fleets.
  • Empirical assessments in AAGMM link higher maturity levels to improved safety, cost containment, risk mitigation, and effective performance metrics.

Searching arXiv for the cited AAGMM-related papers to ground the article and citations. The Agentic AI Governance Maturity Model (AAGMM) is a family of staged governance frameworks for agentic AI systems that organizes governance capability into maturity levels and links those levels to concrete controls, artifacts, operational workflows, and, in some formulations, outcome metrics. Across the literature, AAGMM is used to structure the progression from isolated or ad hoc agents toward coordinated, policy-mediated, auditable, and in some cases optimized agent fleets. Although the term is used in multiple domain-specific ways, recurring themes include non-human identity, runtime policy enforcement, orchestration, bounded context and memory, lifecycle decommissioning, assurance evidence, and proportionate human oversight (Prakash et al., 22 Jan 2026, Koch et al., 18 Apr 2026, Acharya, 13 Mar 2026).

1. Concept and scope

In the healthcare formulation, AAGMM appears as the companion maturity model to the Unified Agent Lifecycle Management (UALM) blueprint and stages adoption “from isolated agents to coordinated, orchestrated fleets” (Prakash et al., 22 Jan 2026). In the evidence-synthesis formulation, it aligns maturity to a four-layer stack of Evaluation, Governance, Orchestration, and Assurance, with progression defined by increasing “coverage, crisp decision rights, runtime mediation, and audit-grade assurance” (Koch et al., 18 Apr 2026). In the enterprise business-operations formulation, AAGMM is a five-level framework spanning 12 governance domains and is explicitly tied to “agent sprawl” mitigation, cost containment, risk incident rates, operational efficiency, and decision quality (Acharya, 13 Mar 2026).

This variation means that AAGMM is not a single canonical standard. Rather, the literature presents a set of closely related maturity models adapted to different operational contexts, including healthcare (Prakash et al., 22 Jan 2026), enterprise operations (Acharya, 13 Mar 2026), regulated software engineering (Kang, 21 Jun 2026), public-sector oversight (Schmitz et al., 5 Jun 2025), finance (Kurshan et al., 12 Dec 2025), distributed infrastructure (Murad et al., 20 Sep 2025), cybersecurity operations (Kojukhov et al., 12 Feb 2026), decentralized governance (Han et al., 24 Oct 2025), and authorization systems for delegation and scope (Ibrahim et al., 2 Jun 2026). This suggests that “AAGMM” functions as a general governance pattern whose content is instantiated differently according to domain constraints, regulatory expectations, and technical architecture.

A common intellectual basis across these formulations is that agentic AI differs materially from single-turn generative AI because agents plan, maintain state, use tools, coordinate with other agents, and produce multi-step trajectories with external effects (Koch et al., 18 Apr 2026, Koch, 6 Apr 2026). As a result, governance cannot remain confined to model development or abstract policy statements; it must bind to identity, execution-time control points, evidence capture, and organizational accountability (Prakash et al., 22 Jan 2026, Koch et al., 18 Apr 2026).

2. Architectural foundations and governance layers

One prominent architectural expression of AAGMM is the UALM control plane, which organizes governance into five layers: “(1) an identity and persona registry, (2) orchestration and cross-domain mediation, (3) PHI-bounded context and memory, (4) runtime policy enforcement with kill-switch triggers, and (5) lifecycle management and decommissioning linked to credential revocation and audit logging” (Prakash et al., 22 Jan 2026). In that formulation, maturity is assessed by the presence and completeness of required artifacts, enforcement mechanisms at each layer, and performance on a KPI set rather than by formulas or scoring equations (Prakash et al., 22 Jan 2026).

A second recurring architecture is the four-layer stack of Evaluation, Governance, Orchestration, and Assurance. In that model, Evaluation measures trajectory-level outcomes; Governance defines obligations, approvals, thresholds, and evidence requirements; Orchestration is the execution-time control plane for routing, identity, tool permissions, state mediation, approvals, rollback, and telemetry; Assurance validates that controls worked and that evidence is sufficient for replay, audits, and compliance proofs (Koch et al., 18 Apr 2026). Closely related work distinguishes four artifact types—governance objective, technical control, runtime guardrail, and assurance evidence—and places them across governance objectives, design-time constraints, runtime mediation, and assurance feedback (Koch, 6 Apr 2026).

These layered architectures share several concrete design commitments. First, governance is treated as a control-plane problem rather than only a policy problem. Second, the control plane must mediate action boundaries, not just produce prompts or static permissions. Third, auditability requires structured evidence of identity, decision logic, side effects, and authority. Fourth, ambiguous, values-laden, or low-determinacy decisions remain routed to human escalation rather than automated runtime enforcement (Koch et al., 18 Apr 2026, Koch, 6 Apr 2026).

A closely related strand emphasizes non-human identity and registries. UALM requires “Non-Human Identity (NHI) certificates for each agent,” “Clinical Scope of Practice definitions,” and “Liability ownership fields” in a single system of record (Prakash et al., 22 Jan 2026). The enterprise hardening checklist likewise treats “strong identities, short-lived credentials, RBAC/ABAC, least privilege” as mandatory, together with typed and versioned tool interfaces and immutable audit traces (Alenezi, 11 Feb 2026). In delegation-focused governance, agentic systems require richer authorization semantics than static token-based consent, including recursive delegation, contextual boundaries, and resource scope attenuation evaluated at check time (Ibrahim et al., 2 Jun 2026).

3. Maturity levels across the literature

The most widely recurring structural element is staged progression. However, the number of levels and the entry criteria vary by paper.

In healthcare and in the domain-agnostic version derived from UALM, the model has four levels: Level 1 Ad-hoc, Level 2 Managed, Level 3 Integrated, and Level 4 Optimized (Prakash et al., 22 Jan 2026). Level 1 consists of “single-purpose agents deployed in isolation,” with “minimal integration” and “local logs only.” Level 2 introduces shared access control, centralized logging, and registry entries with owner, scope, and capability fields. Level 3 adds orchestration, policy-based access control, PHI or sensitive-data bounded context, vector-store ACLs, and retention-bound memory. Level 4 adds a central orchestrator, precedence rules favoring safety and privacy, runtime anomaly detection, supervisor agents, kill-switch protocols, and formal decommissioning with expiration by default (Prakash et al., 22 Jan 2026).

The evidence-synthesis AAGMM begins at Level 0 rather than Level 1 and proceeds through Level 4: Level 0 Ad hoc, Level 1 Policy-declared, Level 2 Orchestration-aware, Level 3 Runtime-governed, and Level 4 Assured and auditable (Koch et al., 18 Apr 2026). This sequence emphasizes a governance-to-action closure gap: policies and standards define obligations, but mature systems must also determine where obligations bind to concrete actions and how compliance can later be proven (Koch et al., 18 Apr 2026). Level 2 introduces ODTA triage, a central control plane, approval gates, and Action-Evidence Bundle capture for critical actions. Level 3 adds deterministic mediation for runtime-eligible rules, sandboxing, rate limits, rollback, replay success tracking, and documented exception paths. Level 4 adds adaptive policy mediation, cross-system identity federation, zero-trust controls on tools, and full Action-Evidence Bundles for all state-changing actions (Koch et al., 18 Apr 2026).

The enterprise “agent sprawl” AAGMM has five levels: Level 1 Ad-hoc, Level 2 Reactive, Level 3 Defined, Level 4 Managed, and Level 5 Optimized (Acharya, 13 Mar 2026). The levels are tied to 12 governance domains and simulation-based business outcomes. Level 2 provides only a basic registry and incident-triggered governance, and the paper states that in adversarial scenarios it provides “virtually no benefit over Level 1” (Acharya, 13 Mar 2026). Level 3 is identified as the minimum viable governance standard because it introduces formal policies, RBAC, HITL, observability, audit, and risk classification (Acharya, 13 Mar 2026). Level 4 adds automated enforcement, lifecycle management, and automated sprawl detection. Level 5 adds “self-improving governance,” “predictive sprawl management,” and “governance-as-code (GaC)” (Acharya, 13 Mar 2026).

Other domain-specific models extend the concept. Governed AI-Assisted Engineering defines six levels, from “Instrumented Awareness” to “Optimized Reclassification and Continuous Improvement,” around a three-tier oversight model and an Oversight Classification Model for code generation tasks in regulated domains (Kang, 21 Jun 2026). Public-sector oversight proposes five derived levels from “Initial” to “Optimized,” organized around cross-departmental implementation, comprehensive evaluation, enhanced security, operational visibility, and systematic auditing (Schmitz et al., 5 Jun 2025). Cybersecurity operations define six levels from “Model-Centric Automation” to “Fully Governed, Reflective, Adaptive Autonomy,” centered on a meta-cognitive judgement function that calibrates autonomy under uncertainty (Kojukhov et al., 12 Feb 2026). Authorization-focused governance moves from “Static IAM” to “Fully Compositional Overlay with Formal Proofs and Auditability,” using delegation, scope, and contextual constraints as executable governance primitives (Ibrahim et al., 2 Jun 2026).

4. Core artifacts, controls, and workflows

Despite differing level structures, the literature repeatedly converges on a recognizable set of governance artifacts.

In the UALM lineage, the key artifacts are registry entries, owner and scope records, NHI credentials, authority mapping, policy-as-code repositories, policy version tags in logs, memory retention schedules, runbooks, kill-switch triggers, decommissioning evidence, decision logs, and immutable lifecycle records (Prakash et al., 22 Jan 2026). Operational workflows are explicit: intake with purpose, capability, scope, data needs, tools, and accountable owner; registry entry creation with default expiration; least-privilege setup; policy binding; pre-production checks against duplication; cross-domain orchestration with policy precedence; PHI-bounded retrieval and retention; runtime policy enforcement and kill-switch escalation; and decommissioning with credential revocation, memory freeze or purge, and immutable termination records (Prakash et al., 22 Jan 2026).

In the evidence-synthesis model, the central evidentiary artifact is the Action-Evidence Bundle, also referred to as MAEB in the source paper. Its minimum fields include delegated identity and authority scope, policy identifier and decision record, pre-action state reference, proposed action and resolved parameters, mediation outcome, external side-effect handle, trace linkage, and optional attestation (Koch et al., 18 Apr 2026). The same paper provides a runtime-placement method, ODTA, based on Observability, Decidability, Timeliness, and Attestability, to determine whether controls should be enforced at runtime, routed to human approval, placed at design time, or handled through assurance-first strategies (Koch et al., 18 Apr 2026).

The layered translation method formalizes an analogous structure with the control tuple κ=a,x,r,ϕ,δ,ϵ,o\kappa = \langle a, x, r, \phi, \delta, \epsilon, o \rangle, where aa is acting principal, xx the action class, rr the protected resource or external effect, ϕ\phi the precondition or relevant context, δ\delta the control decision, ϵ\epsilon the evidence artifact, and oo the accountable owner (Koch, 6 Apr 2026). This formulation explicitly binds runtime guardrails to observability, determinacy, time-sensitivity, reversibility, judgment load, and evidence clarity (Koch, 6 Apr 2026).

In regulated software engineering, required evidence is tier-specific and explicitly hash-linked. Across all tiers, the minimum artifact set includes OCM classification logs, generation traces, test and security scan results, deploy records, and monitoring outputs; higher tiers add RETURN_CONTROL events, signed human approvals, rationale, and enhanced monitoring records (Kang, 21 Jun 2026). The same framework requires append-only, immutable storage and a cryptographic hash chain across the lifecycle (Kang, 21 Jun 2026).

Public-sector formulations emphasize organizational rather than purely technical artifacts: agent RACIs, integration maps, data-sharing agreements, escalation matrices, evaluation protocols, telemetry schemas, audit plans, nonconformity logs, and steering committee records (Schmitz et al., 5 Jun 2025). This suggests that in bureaucratic settings, maturity depends as much on governance integration and accountability structures as on the existence of technical runtime controls.

5. Metrics, evidence, and assessment methodology

AAGMM formulations diverge sharply on whether maturity is measured qualitatively or quantitatively.

The UALM maturity model explicitly states that it “does not provide formulas or scoring equations” and instead relies on “qualitative rubrics and operational KPIs” (Prakash et al., 22 Jan 2026). Its KPI set includes:

  • “% of agents with a named accountable owner recorded in the registry”
  • “Median time to revoke agent credentials after retirement or scope change”
  • “% of tool calls with a recorded policy decision (allow/deny) and policy version”
  • “Orphan-agent count”
  • “PHI-minimization rate”
  • “Control drift rate”
  • “Agent-related incident rate” (Prakash et al., 22 Jan 2026)

The evidence-synthesis AAGMM similarly defines gateway criteria and KPIs without a single global maturity formula. It tracks metrics such as policy catalog coverage, trajectory-level safety events per 1,000 actions, approval latency, percentage of critical actions with complete Action-Evidence Bundles, replay success, guardrail proof verification rate, and auditability score framed as an “evidence sufficiency index” (Koch et al., 18 Apr 2026).

By contrast, the enterprise sprawl AAGMM introduces an explicitly quantified simulation-based business validation. Its metrics include Sprawl Index, Risk Incident Rate, Effective Task Completion Rate, Delegation Safety Rate, Governance Cost Ratio, and a composite Net Business Value (Acharya, 13 Mar 2026). The reported results show statistically significant differences between all maturity levels, with “Level 4-5 organizations achieving 94.3% lower sprawl indices, 96.4% fewer risk incidents, and 32.6% higher effective task completion rates compared to Level 1” (Acharya, 13 Mar 2026). The same paper reports pairwise differences at p<0.001p < 0.001 with large effect sizes d>2.0d > 2.0 across all governance maturity levels (Acharya, 13 Mar 2026). Because those figures are specific to that simulation study, they should not be generalized to all AAGMM variants.

Other formulations provide domain-specific metrics. The regulated engineering model defines Oversight Intensity Index, Time-to-Compliance, Defect Escape Rate, Rollback Success Rate, Change Failure Rate, Audit Readiness Score, Customer-Impact Severity Index, Data Sensitivity Breach Risk, Velocity Preservation, Governance Exception Rate, and Reviewer Calibration Index (Kang, 21 Jun 2026). The public-sector model derives weighted dimension scores and a risk-adjusted maturity score across five dimensions (Schmitz et al., 5 Jun 2025). The governance-of-governance pipeline for protocol standards uses Gini coefficients, modularity, giant component ratio, congruence density, entropy, HHI, and topic divergence to assess participation equity, fragmentation, thematic convergence, and transparency (Wang et al., 24 Jun 2026).

A plausible implication is that AAGMM should be understood less as a single metric and more as a measurement regime whose indicators are selected according to domain harms: PHI exposure in healthcare, approval traceability in procurement, deployment evidence in regulated engineering, sprawl and cost containment in enterprise operations, or participation inequality in protocol governance.

6. Domain-specific instantiations

Healthcare

Healthcare AAGMM tightens governance around patient safety, privacy, and PHI. It rephrases Level 2 around NHI, HIPAA audit controls, and approved PHI endpoints; Level 3 around PHI segmentation, “vectorized PHI sharding,” “temporal memory,” and policy precedence in which patient safety outranks administrative optimization; and Level 4 around supervisor agents, clinical kill-switch protocols, automatic credential revocation, and a “clinical safety and security governance council” monitoring KPIs (Prakash et al., 22 Jan 2026). The model is aligned to the HIPAA Security Rule, NIST AI RMF and its GenAI Profile, the EU AI Act, and AI TRiSM, while also addressing OWASP LLM risks such as prompt injection, insecure output handling, tool misuse, and privilege abuse (Prakash et al., 22 Jan 2026).

Enterprise business operations

The enterprise sprawl formulation centers on five specific pathologies: “functional duplication, shadow agents, orphaned agents, permission creep, and unmonitored delegation chains” (Acharya, 13 Mar 2026). It ties these patterns to cost components and portfolio-level governance domains. The paper identifies Level 3 as the threshold at which material business benefits begin, Level 4 automated sprawl detection as the highest-leverage control, and Level 5 as the point where predictive analytics and governance-as-code produce an “automation dividend” through lower governance cost ratio together with better outcomes (Acharya, 13 Mar 2026).

Regulated software engineering

In governed AI-assisted engineering, AAGMM is coupled to GAIE’s three oversight tiers: human-in-the-loop for strategic functions, human-over-the-loop for customer-impacting changes, and automated-with-monitoring for internal, low-risk changes (Kang, 21 Jun 2026). The Oversight Classification Model routes tasks using four risk dimensions—regulatory impact, customer proximity, reversibility, and data sensitivity—together with dependency distance to strategic functions and classification confidence (Kang, 21 Jun 2026). This is not a general fleet-governance model; it is a pipeline governance model for agentic code generation, but it uses maturity stages to institutionalize proportionate human oversight.

Public-sector organizations

The public-sector variant emphasizes that agent oversight intensifies existing administrative challenges of continuous oversight, governance–operations integration, and interdepartmental coordination (Schmitz et al., 5 Jun 2025). Its five essential dimensions are “cross-departmental implementation, comprehensive evaluation, enhanced security protocols, operational visibility, and systematic auditing” (Schmitz et al., 5 Jun 2025). The proposed maturity levels are derived rather than formally defined by the source paper, which is an important limitation (Schmitz et al., 5 Jun 2025).

Finance and market governance

In finance, maturity is grounded in a layered regulatory architecture of “self-regulation modules,” “firm-level governance blocks,” “regulator-hosted agents,” and “independent audit blocks” (Kurshan et al., 12 Dec 2025). The derived maturity sequence progresses from local self-regulation to enterprise integration, sector-aware oversight, decentralized redundant assurance, and co-evolving policy-programmable governance (Kurshan et al., 12 Dec 2025). A related institutional-governance approach frames agentic alignment as a mechanism design problem using runtime governance graphs, sanction functions, detection probabilities, capability restrictions, and constrained MDPs (Osmond, 20 Feb 2026).

7. Debates, limitations, and future directions

A recurring limitation is that many AAGMM formulations are design frameworks rather than empirically validated standards. The healthcare paper states that it offers “qualitative stage definitions and a concrete KPI set” without numeric scoring formulas (Prakash et al., 22 Jan 2026). The runtime-governance evidence synthesis is explicitly “not a pooled meta-analysis,” and its framework is presented as bounded evidence synthesis rather than benchmarked deployment evidence (Koch et al., 18 Apr 2026). The layered translation method likewise describes itself as “a design-oriented interpretive framework rather than an empirical benchmark or a clause-by-clause compliance mapping” (Koch, 6 Apr 2026).

There is also tension between centralized control and local innovation. The healthcare paper notes that centralized control can add latency, create single points of failure, and, if too rigid, stifle agent autonomy and local innovation (Prakash et al., 22 Jan 2026). The enterprise architecture literature similarly observes trade-offs between gateway-first control, sovereignty, and interoperability (Alenezi, 11 Feb 2026). Distributed-governance work under Byzantine adversaries extends this concern by showing that the Provider in centralized identity and access control can itself be compromised, motivating BFT, monitoring, auditing, and hybrid architectures with different security–performance trade-offs (Laws et al., 12 May 2026).

Another unresolved issue concerns what belongs at runtime versus design time. The ODTA framework and the runtime-enforceability rubric both argue that only controls that are observable, determinate, and time-sensitive should become runtime guardrails; contested, values-laden, or weakly observable constraints should route to human judgment, architecture, or assurance-first mechanisms (Koch et al., 18 Apr 2026, Koch, 6 Apr 2026). This is a direct response to findings that text-level alignment does not reliably transfer to safe tool use, and that path-dependent behavior cannot be governed with prompts or static permissions alone (Koch et al., 18 Apr 2026).

Finally, empirical comparability remains limited. Some models are simulation-based and quantify business outcomes (Acharya, 13 Mar 2026). Others are evidence syntheses (Koch et al., 18 Apr 2026). Others are practice-derived design blueprints (Prakash et al., 22 Jan 2026). Others are domain-specific derivations from broader theories of coordination, institutional design, or authorization (Dignum et al., 21 Nov 2025, Ibrahim et al., 2 Jun 2026). This suggests that future work will likely focus on inter-rater consistency of maturity assessments, benchmark evolution for trajectory compliance and mediation quality, validation of assurance metrics, empirical studies of governance-performance trade-offs, and stronger standardization of policy, identity, and evidence schemas (Koch et al., 18 Apr 2026, Prakash et al., 22 Jan 2026).

In sum, AAGMM denotes a maturing research program that translates agentic AI governance from abstract principle into staged operational capability. Across formulations, higher maturity consistently means that agent identity is explicit, authority is bounded, tool use is mediated, memory and state are governed, runtime actions are tied to policy and evidence, human escalation is structured, and retirement or revocation is as important as deployment (Prakash et al., 22 Jan 2026, Koch et al., 18 Apr 2026, Acharya, 13 Mar 2026).

Definition Search Book Streamline Icon: https://streamlinehq.com
References (16)
16.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Agentic AI Governance Maturity Model (AAGMM).