{"id":715535,"date":"2026-06-22T10:07:31","date_gmt":"2026-06-22T10:07:31","guid":{"rendered":"https:\/\/www.capgemini.com\/gb-en\/?p=715535&#038;preview=true&#038;preview_id=715535"},"modified":"2026-06-29T10:08:59","modified_gmt":"2026-06-29T10:08:59","slug":"building-control-foundations-for-trusted-agentic-ai","status":"publish","type":"post","link":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/","title":{"rendered":"Building control foundations for trusted agentic AI"},"content":{"rendered":"\n<header class=\"wp-block-cg-blocks-hero-blogs header-hero-blogs\"><div class=\"container\"><div class=\"hero-blogs\"><div class=\"hero-blogs-content-wrapper\"><div class=\"row\"><div class=\"col-12\"><div class=\"header-title\"><h1><a>Building control foundations for trusted agentic AI<\/a><\/h1><\/div><\/div><\/div><\/div><div class=\"hero-blogs-bottom\"><div class=\"header-author\"><div class=\"author-img\"><img decoding=\"async\" src=\"https:\/\/www.capgemini.com\/wp-content\/uploads\/2026\/03\/Thomas-Willner-headshot.jpg?w=200&amp;quality=10\" alt=\"\" loading=\"lazy\"\/><\/div><div class=\"author-name-date\"><h5 class=\"author-name\">Thomas Willner<\/h5><h5 class=\"blog-date\">Jun 22, 2026<\/h5><\/div><\/div><div class=\"brand-image\"><\/div><\/div><\/div><\/div><\/header>\n\n\n\n<section class=\"wp-block-cg-blocks-group section section--article-content\"><div class=\"article-main-content\"><div class=\"container\"><div class=\"grid-container\"><div class=\"col-12 col-md-2\"><nav class=\"article-social\"><ul class=\"social-nav\"><li class=\"ip-order-fb\"><a href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https:\/\/www.capgemini.com\/?p=1228503\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"opens in a new window\"><i aria-hidden=\"true\" class=\"icon-fb\"><\/i><span class=\"sr-only\">Facebook<\/span><\/a><\/li><li class=\"ip-order-li\"><a href=\"https:\/\/www.linkedin.com\/shareArticle?url=https:\/\/www.capgemini.com\/?p=1228503\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"opens in a new window\"><i aria-hidden=\"true\" class=\"icon-li\"><\/i><span class=\"sr-only\">Linkedin<\/span><\/a><\/li><\/ul><\/nav><\/div><div><div class=\"article-text article-quote-text\">\n<p><strong>What should enterprises do about the advances in agentic AI? How can they build the necessary governance, security, identity, and control foundations needed to scale agentic AI responsibly and effectively?<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-executive-summary\"><a>Executive summary<\/a><\/h3>\n\n\n\n<p>The first article in this series argued that agentic AI is an operating-model shift rather than a tooling upgrade. This article sets out the operating model itself. It rests on a single principle \u2013 keeping probabilistic cognition under deterministic control \u2013 and four foundations: governance, security, identity, and control. It also adds a maturity path with evidence at each level, with mapping from controls to regulatory obligations, and the ownership model required to make it work. The aim is practical: to help organisations scale autonomy that they can trust, govern, and defend.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-principle-let-the-model-reason-but-never-let-it-execute-unchecked\"><a><strong>The principle: let the model reason, but never let it execute unchecked<\/strong><\/a><\/h2>\n\n\n\n<p>Every durable agentic AI architecture rests on one idea: probabilistic cognition under deterministic control. A model is allowed to interpret, plan, and reason. It is not allowed to act unchecked. High-impact actions pass through typed interfaces, policy enforced as code, validation, approval where the impact warrants it, and rollback. Everything that follows elaborates on that principle across four foundations matching the questions leadership teams are now asking in governance, security, identity, and control.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-foundation-one-governance\"><a><strong>Foundation one: Governance<\/strong><\/a><\/h3>\n\n\n\n<p>Governance is the foundation that the others depend on, and it is largely a question of ownership. The first decision to make is to decide who owns the agentic control plane. In many organisations, responsibility is still distributed across IT, security, data, architecture, risk, and the core business. In practise, this means there is no single owner. That is a gap that leaders should close before agents reach production stage.<\/p>\n\n\n\n<p>Practical governance includes a clear model and version strategy, with pinned versions, regression evaluations, and monitoring for behaviour drift, since the same model name can behave differently over time. It includes a defined position on provider and deployer roles, documented human oversight, and an architecture for exit from providers. In our experience with regulated organisations, the exit question is often the most revealing. Teams can describe their models and use cases in detail, yet few can describe how they would leave a provider, or where their data, prompts, and logs would go if they did. An exit that cannot be demonstrated is not yet a true exit, and regulations such as DORA require financial entities to be able to demonstrate it.<\/p>\n\n\n\n<p>This is also where digital sovereignty becomes practical rather than rhetorical. Sovereignty is the ability to keep the choice, cost, data, and audit trail under your control. The goal is not to choose between cloud and local AI, but to preserve strategic optionality: use frontier models where they create differentiated value; private or sovereign environments where sensitivity requires control; and portable governance patterns throughout.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-foundation-two-security\"><a><strong>Foundation two: Security<\/strong><\/a><\/h3>\n\n\n\n<p>Agentic AI turns language into action, so security can no longer be treated purely as content moderation. The attack surface is at an operational level. Indirect prompt injection, demonstrated repeatedly by researchers, allows instructions to be hidden in a document, an email, or a web page that an agent then reads and acts upon, without any breached credentials. Also relevant here are poisoned memory, compromised tools, subagents exceeding their scope, and workflows that loop until they cause harm.<\/p>\n\n\n\n<p>Security for agentic systems has three parts. The first affects the supply chain. Skills, tools, and the integration layer, whether implemented through MCP, a command-line tool, function calling, or an agent-to-agent protocol such as A2A, should be governed with allow-listing, scoped and short-lived credentials, sandboxing, egress control, and prompt revocation. A common pattern revealed in assessments is not a malicious component but a proof-of-concept integration running with a broad token and no egress control, later promoted to production with the same broad permissive scope.<\/p>\n\n\n\n<p>The second part is exposure management matched to AI speed. Google\u2019s Big Sleep cybersecurity project shows the defencive side necessary to meet AI\u2019s acceleration effect on enterprises: cybersecurity AI agents can be used to discover exploitable vulnerabilities before release, or before broad exploitation. Attackers have the same capability, which compresses the time available between discovery, proof, and exploitation.<\/p>\n\n\n\n<p>Monthly patch cycles struggle to keep pace, so prioritisation has to shift from assessment based on raw severity alone towards exposure. A \u201cgravity\u201d model is one practical way to do this, weighting a finding by exposure, privilege path, and blast radius rather than score alone:<\/p>\n\n\n\n<figure class=\"wp-block-table aligncenter\"><table class=\"has-fixed-layout\"><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>G0<\/strong><br>Active exploitation on internet-facing or identity infrastructure, without compensating control. Within a few hour.<\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>G1<\/strong> <br>Known exploitation on a privileged or sensitive path. Within 24 hours.<\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>G2 <\/strong><br>Proof of concept, broad deployment, lateral-movement potential. Within 72 hours.<\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>G3 <\/strong><br>Limited exposure, mitigations available. Normal cadence.<\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>G4<\/strong> <br>Low exploitability in a controlled environment. Scheduled.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The third part of this foundation is detection and response designed for autonomous actors: monitoring agent behaviour, anomaly detection, and having the ability to reconstruct what an agent did, when, and on whose authority.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-foundation-three-identity\"><a><strong>Foundation three: Identity<\/strong><\/a><\/h3>\n\n\n\n<p>Every agent requires credentials, making it a non-human identity. Recent identity-security research indicates the scale of the issue: machine identities now far outnumber human identities, and AI agents are part of that population. At the same time, many organisations still lack mature controls for ownership, scope, monitoring, and revocation.<\/p>\n\n\n\n<p>Palo Alto Networks\u2019 2026 research puts the ratio at 109 machine identities for every human identity. Excessive access remains a persistent problem across both human and machine environments.<\/p>\n\n\n\n<p>Many agents today are provisioned poorly: they borrow human access, lack clear ownership, hold more privilege than they use, and have no expiry. The response is to treat agents as first-class identities within a Zero Trust model. Each agent should have a unique name, a defined owner, and a stated purpose. It should operate with least privilege, use scoped and short-lived credentials, and rely on just-in-time access. Controls must include full logging, continuous evaluation against policy, and a revocation path that works under pressure.<\/p>\n\n\n\n<p>The starting point is usually an inventory, since in many assessments organisations often cannot produce a current list of their non-human identities, let alone the owner and expiry for each. You cannot govern what you cannot name.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-foundation-four-control\"><a><strong>Foundation four: Control<\/strong><\/a><\/h3>\n\n\n\n<p>Control is where the principle above becomes operational: it is the rails and guardrails between an agent\u2019s reasoning and its actions. Deterministic rails ensure that agents\u2019 high-impact execution passes through typed interfaces, policy as code, and validation. Guardrails, in turn, apply across reasoning, tools, execution, memory, skills, delegation, identity, economics, and browsing.<\/p>\n\n\n\n<p>The practical distinction is reversibility. Low-impact, reversible actions may be suitable for human-in-the-loop supervision, where the agent operates under monitoring with the option for intervention. High-impact or irreversible actions, such as privilege changes, production deployment, regulated-data movement, payment initiation, or external commitments, require stronger controls and, in many cases, explicit human approval before execution.<\/p>\n\n\n\n<p>The 2012 Knight Capital incident, in which financial trading automation caused a $440 million loss in minutes before it could be halted, illustrates why a reliable stop control and clear intervention path matter, even for deterministic systems. The same failure mode is more consequential for a reasoning, tool-using agent. Control also includes economic guardrails, because agents loop, retry, and call tools, and cost can accumulate before a person notices.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-a-maturity-model-for-trusted-autonomy\"><a><strong>A maturity model for trusted autonomy<\/strong><\/a><\/h3>\n\n\n\n<p>A simple maturity path helps an organisation evaluate its level of trust and plan the next steps for improvement. Evidence matters more than intent, so each level of autonomy is defined by what can be shown.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Level 0 \u2013 Ungoverned:<\/strong> agentic pilots in business units, with no central ownership, no inventory, and human-borrowed credentials.<\/li>\n\n\n\n<li><strong>Level 1 \u2013 Visible<\/strong>: an agent inventory, named owners, and basic logging, with high-impact actions requiring approval.<\/li>\n\n\n\n<li><strong>Level 2 \u2013 Governed:<\/strong> scoped agent identities, deterministic rails on high-impact actions, and tool allow-listing, supported by exposure-based vulnerability prioritisation.<\/li>\n\n\n\n<li><strong>Level 3 \u2013 Resilient:<\/strong>: tested stop controls, anomaly detection for agent behaviour, and regression evaluations, mapped to AI Act, DORA, and NIS2 obligations.<\/li>\n\n\n\n<li><strong>Level 4 \u2013 Trusted autonomy at scale:<\/strong> demonstrable exit plan, independent verification, and regulator-ready evidence of controls, with multi-provider portability.<\/li>\n<\/ul>\n\n\n\n<p>Many organisations today sit between Level 0 and Level 1. There is measurable value in moving up this scale deliberately.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-mapping-the-foundations-to-regulation\"><a><strong>Mapping the foundations to regulation<\/strong><\/a><\/h3>\n\n\n\n<p>The four foundations are not only good practise. Each supports obligations that are already in force or imminent. The mapping below is indicative only and should be confirmed by legal specialists for the relevant sector and jurisdiction.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Foundation<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>What it delivers<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>EU AI Act<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>DORA<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>NIS2<\/strong><\/td><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Governance<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Ownership, documentation, model lifecycle, exit architecture<\/td><td class=\"has-text-align-center\" data-align=\"center\">Risk management, technical documentation, provider and deployer duties<\/td><td class=\"has-text-align-center\" data-align=\"center\">ICT governance, third-party and concentration risk, exit strategies<\/td><td class=\"has-text-align-center\" data-align=\"center\">Management accountability for cyber risk<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Security<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Supply-chain control, exposure management, detection and response<\/td><td class=\"has-text-align-center\" data-align=\"center\">Robustness, accuracy, and cybersecurity for high-risk systems<\/td><td class=\"has-text-align-center\" data-align=\"center\">Resilience testing, incident reporting<\/td><td class=\"has-text-align-center\" data-align=\"center\">Risk-management measures, incident reporting<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Identity<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Agents as governed non-human identities<\/td><td class=\"has-text-align-center\" data-align=\"center\">Logging and traceability<\/td><td class=\"has-text-align-center\" data-align=\"center\">ICT access control<\/td><td class=\"has-text-align-center\" data-align=\"center\">Access control, asset management<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Control<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Deterministic rails, human oversight, stop controls<\/td><td class=\"has-text-align-center\" data-align=\"center\">Human oversight, post-market monitoring<\/td><td class=\"has-text-align-center\" data-align=\"center\">Operational continuity<\/td><td class=\"has-text-align-center\" data-align=\"center\">Business continuity and crisis management<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-agentic-ai-who-owns-it\"><a>Agentic AI \u2013 who owns it?<\/a><\/h3>\n\n\n\n<p>Trusted autonomy is a shared responsibility with a single accountable owner. The control plane benefits from an executive owner, which is increasingly a partnership between a company\u2019s CISO and the head of AI or data. The security pillar is accountable for identity and guardrails, architecture for the rails and integration standards, data for retrieval and provenance, withrisk and legal taking on regulatory mapping. Use cases and their impact classification are held by the business. The pattern for failure is usually the inverse: a programme that touches governance, security, and identity but reports to none of them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-from-experimentation-to-trusted-autonomy\"><a>From experimentation to trusted autonomy<\/a><\/h3>\n\n\n\n<p>The agentic AI phase rewards a different capability from the generative phase. It is less about experimenting quickly and more about scaling autonomy \u00a0based on sound principles and foundations. That is the practical meaning of digital sovereignty., and it is the journey from agentic experiments to trusted autonomy at enterprise scale. An essential first step is small but clarifying: name the agents, assign their owners, and put the organisation on the maturity path. The rest builds from there.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-questions-executives-should-ask-now\"><a>Questions executives should ask now<\/a><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do we have an inventory of agents and non-human identities, with named owners?<\/li>\n\n\n\n<li>Can we classify agent actions by impact and reversibility of process?<\/li>\n\n\n\n<li>Do high-impact or irreversible actions pass through deterministic controls?<\/li>\n\n\n\n<li>Can we exit critical AI providers and retain the audit trail?<\/li>\n\n\n\n<li>Do AI, cybersecurity, data, legal, risk, and business teams share one operating model?<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-how-capgemini-helps\"><a>How Capgemini helps<\/a><\/h3>\n\n\n\n<p>Capgemini helps organisations move from agentic experimentation to trusted autonomy. We do this by first assessing maturity, defining the control-plane operating model, securing agent identities and integrations, and mapping controls to regulatory obligations. This is our basis for designing scalable architectures that balance innovation, sovereignty, and resilience.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/section>\n\n\n\n<section class=\" section section--expert-slider wrapper-people-slider wp-block-cg-blocks-wrapper-people-slider\"><div class=\"container\"><div class=\"row\"><div class=\"content-title col-12 col-md-8\"><h2 data-maxlength=\"34\" class=\"people-heading-title\">About the Author<\/h2><\/div><\/div><\/div><div class=\"slider slider-boxed\"><div class=\"container\"><div class=\"slider-window\"><div class=\"slider-list\">\t\t<div class=\"slide\">\n\t\t\t<div class=\"box\">\n\t\t\t\t<div class=\"row\">\n\t\t\t\t\t<div class=\"col-md-6 col-lg-4 box-img-wrapper\">\n\t\t\t\t\t\t<img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/03\/Thomas-Willner-headshot.jpg\" alt=\"Thomas Willner\"\/>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div class=\"col-md-6 col-lg-8 box-inner\">\n\t\t\t\t\t\t<div class=\"row title-social-media-header\">\n\t\t\t\t\t\t\t<div class=\"col-md-12 col-lg-6 mbl-social-icon\">\n\t\t\t\t\t\t\t\t<ul class=\"social-nav\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"col-md-12 col-lg-6 box-container\">\n\t\t\t\t\t\t\t\t<div class=\"box-title\">\n\t\t\t\t\t\t\t\t\t<h3 class=\"people-profile-title\">Thomas Willner<\/h3>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span>Head of Identity &amp; Access Management, Capgemini Germany<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"col-md-12 col-lg-6 social-box-container dkt-social-icon\">\n\t\t\t\t\t\t\t\t<ul class=\"social-nav\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"people-info\">Thomas Willner is a cybersecurity leader with an Executive MBA and extensive experience in Identity and Access Management. As Head of IAM Germany at Capgemini, he leads enterprise-scale identity transformation programs across cloud, hybrid, and legacy environments. His expertise spans privileged access management, Microsoft Entra ID, and converged IGA\/PAM architectures.\nHe has delivered high-complexity IAM programs for global organizations across automotive, financial services, and critical infrastructure sectors.<\/div>\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div><\/div><\/div><div class=\"slider-nav\"><button class=\"slider-prev inactive\" aria-label=\"Slider-previous\" tabindex=\"-1\"><\/button><ul class=\"slider-paginator\"><\/ul><button class=\"slider-next\" aria-label=\"Slider-next\"><\/button><\/div><\/div><\/section>\n","protected":false},"excerpt":{"rendered":"<p>What should enterprises do about the advances in agentic AI? How can they build the necessary governance, security, identity, and control foundations needed to scale agentic AI responsibly and effectively?<\/p>\n","protected":false},"author":12549,"featured_media":715536,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"cg_dt_proposed_to":[],"cg_seo_hreflang_relations":"[]","cg_seo_canonical_relation":"","cg_seo_hreflang_x_default_relation":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"cg_dt_approved_content":true,"cg_dt_mandatory_content":false,"cg_dt_notes":"","cg_dg_source_changed":false,"cg_dt_link_disabled":false,"_yoast_wpseo_primary_brand":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","featured_focal_points":"","jetpack_post_was_ever_published":false},"categories":[1],"tags":[],"brand":[],"service":[352],"industry":[],"partners":[],"blog-topic":[149],"content-group":[],"class_list":["post-715535","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","service-cloud","blog-topic-cloud"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.8 (Yoast SEO v22.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Building control foundations for trusted agentic AI - Capgemini UK<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Building control foundations for trusted agentic AI\" \/>\n<meta property=\"og:description\" content=\"What should enterprises do about the advances in agentic AI? How can they build the necessary governance, security, identity, and control foundations needed to scale agentic AI responsibly and effectively?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/\" \/>\n<meta property=\"og:site_name\" content=\"Capgemini UK\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-22T10:07:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-29T10:08:59+00:00\" \/>\n<meta name=\"author\" content=\"Thomas Willner\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"tanujadey\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/\",\"url\":\"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/\",\"name\":\"Building control foundations for trusted agentic AI - Capgemini UK\",\"isPartOf\":{\"@id\":\"https:\/\/www.capgemini.com\/gb-en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg\",\"datePublished\":\"2026-06-22T10:07:31+00:00\",\"dateModified\":\"2026-06-29T10:08:59+00:00\",\"author\":{\"@id\":\"https:\/\/www.capgemini.com\/gb-en\/#\/schema\/person\/14c4f55893c68c201e6b3f82558198b7\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/#primaryimage\",\"url\":\"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg\",\"contentUrl\":\"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg\",\"width\":2880,\"height\":1800},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.capgemini.com\/gb-en\/#website\",\"url\":\"https:\/\/www.capgemini.com\/gb-en\/\",\"name\":\"Capgemini UK\",\"description\":\"Get the future you want\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.capgemini.com\/gb-en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.capgemini.com\/gb-en\/#\/schema\/person\/14c4f55893c68c201e6b3f82558198b7\",\"name\":\"tanujadey\",\"url\":\"https:\/\/www.capgemini.com\/gb-en\/author\/tanujadey\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Building control foundations for trusted agentic AI - Capgemini UK","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/","og_locale":"en_GB","og_type":"article","og_title":"Building control foundations for trusted agentic AI","og_description":"What should enterprises do about the advances in agentic AI? How can they build the necessary governance, security, identity, and control foundations needed to scale agentic AI responsibly and effectively?","og_url":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/","og_site_name":"Capgemini UK","article_published_time":"2026-06-22T10:07:31+00:00","article_modified_time":"2026-06-29T10:08:59+00:00","author":"Thomas Willner","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg","twitter_misc":{"Written by":"tanujadey","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/","url":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/","name":"Building control foundations for trusted agentic AI - Capgemini UK","isPartOf":{"@id":"https:\/\/www.capgemini.com\/gb-en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/#primaryimage"},"image":{"@id":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/#primaryimage"},"thumbnailUrl":"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg","datePublished":"2026-06-22T10:07:31+00:00","dateModified":"2026-06-29T10:08:59+00:00","author":{"@id":"https:\/\/www.capgemini.com\/gb-en\/#\/schema\/person\/14c4f55893c68c201e6b3f82558198b7"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/#primaryimage","url":"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg","contentUrl":"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg","width":2880,"height":1800},{"@type":"WebSite","@id":"https:\/\/www.capgemini.com\/gb-en\/#website","url":"https:\/\/www.capgemini.com\/gb-en\/","name":"Capgemini UK","description":"Get the future you want","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.capgemini.com\/gb-en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.capgemini.com\/gb-en\/#\/schema\/person\/14c4f55893c68c201e6b3f82558198b7","name":"tanujadey","url":"https:\/\/www.capgemini.com\/gb-en\/author\/tanujadey\/"}]}},"blog_topic_info":[{"id":149,"name":"Cloud"}],"taxonomy_info":{"category":[{"id":1,"name":"Uncategorized","slug":"uncategorized"}],"service":[{"id":352,"name":"Cloud","slug":"cloud"}],"blog-topic":[{"id":149,"name":"Cloud","slug":"cloud"}]},"parsely":{"version":"1.1.0","canonical_url":"https:\/\/capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/","smart_links":{"inbound":0,"outbound":0},"traffic_boost_suggestions_count":0,"meta":{"@context":"https:\/\/schema.org","@type":"NewsArticle","headline":"Building control foundations for trusted agentic AI","url":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/","mainEntityOfPage":{"@type":"WebPage","@id":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/"},"thumbnailUrl":"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg?w=150&h=150&crop=1","image":{"@type":"ImageObject","url":"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg"},"articleSection":"Uncategorized","author":[],"creator":[],"publisher":{"@type":"Organization","name":"Capgemini UK","logo":""},"keywords":[],"dateCreated":"2026-06-22T10:07:31Z","datePublished":"2026-06-22T10:07:31Z","dateModified":"2026-06-29T10:08:59Z"},"rendered":"<meta name=\"parsely-title\" content=\"Building control foundations for trusted agentic AI\" \/>\n<meta name=\"parsely-link\" content=\"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/building-control-foundations-for-trusted-agentic-ai\/\" \/>\n<meta name=\"parsely-type\" content=\"post\" \/>\n<meta name=\"parsely-image-url\" content=\"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg?w=150&amp;h=150&amp;crop=1\" \/>\n<meta name=\"parsely-pub-date\" content=\"2026-06-22T10:07:31Z\" \/>\n<meta name=\"parsely-section\" content=\"Uncategorized\" \/>","tracker_url":"https:\/\/cdn.parsely.com\/keys\/capgemini.com\/p.js"},"jetpack_featured_media_url":"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg","archive_status":false,"featured_image_src":"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg","featured_image_alt":"","jetpack-related-posts":[{"id":701570,"url":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/agentic-ai-data-public-services\/","url_meta":{"origin":715535,"position":0},"title":"From ambition to impact: How agentic AI and data foundations are transforming public services","author":"pameladatta","date":"November 4, 2025","format":false,"excerpt":"This blog explores how agentic artificial intelligence (AI) is reshaping both employee and citizen experiences, and why Capgemini and ServiceNow are uniquely positioned to lead this transformation.","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2025\/11\/ServiceNow_WPL.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2025\/11\/ServiceNow_WPL.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2025\/11\/ServiceNow_WPL.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2025\/11\/ServiceNow_WPL.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":712022,"url":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/trends-in-tax-and-customs-for-2026-real-time-personalised-transactions-informed-by-ai\/","url_meta":{"origin":715535,"position":1},"title":"Trends in tax and customs for 2026 \u2013 real-time, personalised transactions informed by AI","author":"rashmiadarshshetty","date":"March 17, 2026","format":false,"excerpt":"Explore tax and customs trends 2026 and how AI is reshaping compliance and user experience in real-time business interactions.","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/04\/GettyImages-2180743257_2880x1800.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/04\/GettyImages-2180743257_2880x1800.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/04\/GettyImages-2180743257_2880x1800.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/04\/GettyImages-2180743257_2880x1800.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":713355,"url":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/unprompted-when-ai-becomes-proactive\/","url_meta":{"origin":715535,"position":2},"title":"Unprompted: When AI becomes proactive","author":"bedantadas","date":"May 7, 2026","format":false,"excerpt":"Explore the concept of proactive AI and how it anticipates actions rather than waiting for prompts to act intelligently.","rel":"","context":"In \"Artificial intelligence\"","block_context":{"text":"Artificial intelligence","link":"https:\/\/www.capgemini.com\/gb-en\/tag\/artificial-intelligence\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/Web-banners-2880-1800-5.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/Web-banners-2880-1800-5.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/Web-banners-2880-1800-5.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/Web-banners-2880-1800-5.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":713596,"url":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/trends-in-2026-for-public-administration-reshaping-how-administrations-operate\/","url_meta":{"origin":715535,"position":3},"title":"Trends in 2026 for Public Administration \u2013 reshaping how administrations operate","author":"rashmiadarshshetty","date":"May 12, 2026","format":false,"excerpt":"Explore public administration trends 2026 that focus on digital identity wallets and cybersecurity for resilient governance.","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/dotcom-banner.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/dotcom-banner.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/dotcom-banner.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/dotcom-banner.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":713587,"url":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/scaling-ai-in-engineering-organizations\/","url_meta":{"origin":715535,"position":4},"title":"Scaling AI in engineering organisations","author":"sharmisthanaskar","date":"May 22, 2026","format":false,"excerpt":"A snapshot of challenges and solutions to scaling AI, drawn from our report \u2018Why AI pilots succeed, but AI transformation fails at scale\u2019","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"Scaling AI in engineering organizations","src":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/Scaling-AI-in-engineering-organizations.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/Scaling-AI-in-engineering-organizations.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/Scaling-AI-in-engineering-organizations.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/05\/Scaling-AI-in-engineering-organizations.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":692506,"url":"https:\/\/www.capgemini.com\/gb-en\/insights\/expert-perspectives\/master-data-ai-next-gen-retail\/","url_meta":{"origin":715535,"position":5},"title":"How to master data &amp; AI to power the next generation of retail","author":"pameladatta","date":"July 11, 2025","format":false,"excerpt":"The most forward-thinking retailers are already years ahead, leveraging these technologies to drive efficiency, profitability, and customer satisfaction.","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2025\/07\/Gen-AI-2800-x-1800px.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2025\/07\/Gen-AI-2800-x-1800px.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2025\/07\/Gen-AI-2800-x-1800px.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2025\/07\/Gen-AI-2800-x-1800px.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_sharing_enabled":true,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Capgemini UK","distributor_original_site_url":"https:\/\/www.capgemini.com\/gb-en","push-errors":false,"featured_image_url":"https:\/\/www.capgemini.com\/gb-en\/wp-content\/uploads\/sites\/5\/2026\/06\/AI-Blog-Web-banner-1.jpg","_links":{"self":[{"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/posts\/715535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/users\/12549"}],"replies":[{"embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/comments?post=715535"}],"version-history":[{"count":7,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/posts\/715535\/revisions"}],"predecessor-version":[{"id":715548,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/posts\/715535\/revisions\/715548"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/media\/715536"}],"wp:attachment":[{"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/media?parent=715535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/categories?post=715535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/tags?post=715535"},{"taxonomy":"brand","embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/brand?post=715535"},{"taxonomy":"service","embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/service?post=715535"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/industry?post=715535"},{"taxonomy":"partners","embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/partners?post=715535"},{"taxonomy":"blog-topic","embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/blog-topic?post=715535"},{"taxonomy":"content-group","embeddable":true,"href":"https:\/\/www.capgemini.com\/gb-en\/wp-json\/wp\/v2\/content-group?post=715535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}