One you commissioned, one you did not
There are two AI programmes running inside almost every large enterprise right now. One the executive committee commissioned. One it did not. Both are in production. Both are drifting. The governance models being applied to them are built for one of the two and blind to the other.
The pattern surfaces consistently across the practitioner correspondence I receive from CIOs, CAIOs, and AI delivery leaders. Two programmes, two different origins, two different governance instincts, and two different failure modes. Most enterprises are governing one wave with discipline and ignoring the other entirely. The argument here is that these are not separate problems. They are the same category problem at opposite scales, and the operating discipline required to govern both has not yet been built.
The first pattern came from a compliance officer at a wealth management firm. Her firm rolled out Microsoft Copilot Studio across its relationship managers eight months ago. Each RM was free to build their own client briefing agent: pull from the CRM, summarise portfolio performance, prep talking points for the next meeting. Productivity numbers looked good for two quarters.
Then audit happened. Three different RMs had built three different versions of the briefing agent, with different prompts, different data sources, and different definitions of high concentration risk. All three had been used to brief clients across the same families of accounts during the same quarter. As one practitioner I correspond with put it: "we have three different versions of our investment advice running across the same clients, and we did not know until audit asked."
The compliance officer did not know how many other agents her RMs had built. Nobody did. There was no registry, no risk classification, no cost tracking. Just a sanctioned platform, a few hundred enabled users, and an audit finding that exposed eight months of ungoverned advice.
The second pattern came from a credit risk lead at a bank. His function had commissioned an AI agent to support credit decisioning. On paper, his team owned it. The model registry showed credit risk as the accountable function. In practice, performance monitoring sat with the data team, cost monitoring sat with finance, and compliance review sat with the second line of defence. When drift began to show, none of those three functions had the full picture, and his team did not have the technical depth to act on what they could see. The line he gave me was: "we own the model on paper, but I cannot tell you who actually runs it."
These two cases differ in every observable way. Different scale, different shape, different governance instinct. They are happening inside the same kinds of enterprises at the same time, and almost no organisation in the practitioner correspondence is governing both.
The compliance officer is dealing with what I call the citizen wave. Hundreds of small agents built by individual employees on platforms enterprises have already approved. The list of platforms is now familiar to most CIOs: Microsoft Copilot Studio, Salesforce Agentforce, Google AgentSpace, ServiceNow AI Agents, alongside enterprise versions of OpenAI's Custom GPTs and Claude Workspaces. Each citizen agent is small in scope. The aggregate is enormous and largely invisible to central governance.
The credit risk lead is dealing with what I call the flagship wave. A handful of high-stakes, multi-team, customer-facing or revenue-critical agents commissioned through formal initiatives. Each flagship agent is large in scope. The portfolio is small in count, strategic in profile, and visible to the executive committee.
The asymmetry is the point. Citizen is the many. Flagship is the few. Both are AI agents in production. Both are drifting. Both are creating risk. The fact that one wave came from below and the other came from above is an org-chart story, not a governance story. The agents do not care which way they entered the building.
The two waves trigger different governance reflexes inside the enterprise. Both reflexes are correct for the problems they were originally designed to solve. Both are mismatched to AI agents in production.
When the citizen wave arrives, IT and procurement read it as a tool sprawl problem. The instinct is to lock down the platform, restrict who can build, limit what data sources are available, and gate use cases through an approval process. This is the correct reflex for shadow IT, because shadow IT was about unsanctioned tools running outside corporate controls. The reflex breaks down for citizen agents because citizen agents are not tools. They are decisions, automated by individuals, running across customer interactions and internal workflows, drifting and recompiling without anyone watching. An enterprise can lock down the platform and still have a thousand sanctioned agents in production making different choices about the same business problem. The platform was never the problem. The decisions running through the platform are the problem.
When the flagship wave arrives, the AI Council reads it as a project governance problem. The instinct is to commission a programme, fund it properly, gate it through risk and architecture review, declare it launched, and move on to the next initiative. This is the correct reflex for a transformation initiative, because traditional transformation projects close at deployment. The reflex breaks down for flagship agents because flagship agents do not finish at launch. The data shifts, the regulation moves, the business context changes, and the agent drifts whether anyone is watching or not. The governance built to approve flagship agents was never built to operate them through their lifecycle.
The structural insight is that both reflexes are right and both are insufficient. The citizen wave needs more than platform control. The flagship wave needs more than launch governance. The two waves are not separate problems with separate solutions. They are the same category problem expressed at opposite scales, and they need a unified discipline.
The empirical evidence supports the structural argument. S&P Global's 2025 enterprise AI survey found that 42% of organisations had abandoned most of their AI initiatives, more than double the previous year. Grant Thornton's 2026 enterprise risk survey found that 78% of executives believe their organisation could not pass an external AI governance audit within ninety days. McKinsey's March 2026 State of AI report found that 86% of enterprises increased their AI budget in the past twelve months while only 29% can reliably measure AI's contribution to financial performance.
These are not three separate problems. They are three symptoms of the same underlying gap. The abandoned initiatives are flagship agents that never moved past pilot because the operating model to run them in production was never built. The failed audit readiness is the citizen wave plus the flagship wave together, neither of which is structured for traceability or accountability. The ROI invisibility is what happens when the portfolio is not counted: enterprises know what they spent on AI but not what they own, and you cannot price what you do not know exists.
Every enterprise running AI is running a portfolio. The portfolio includes both the flagship agents the executive committee commissioned and the citizen agents the platform enabled. Treating them as one portfolio rather than two programmes is the first move.
A unified portfolio frame requires three operating elements. The first is a registry that captures both waves. Every agent in production has a single named owner, a risk classification, and an entry point into governance. Citizen agents are not exempt from the registry because they are small. They enter at the point of build, not the point of audit.
The second is a cadence of review proportionate to risk. Critical and high-risk agents (regardless of which wave they came from) are reviewed in operating rhythms designed for probabilistic systems, not in quarterly governance committees designed for static deployments. Low-risk citizen agents may stay in a lighter cadence, reviewed monthly or by exception. The point is that the cadence is part of the agent's operating model, not an afterthought added at audit.
The third is a portfolio function with the technical depth and the organisational mandate to act across both waves. This function does not own every agent. It owns the discipline by which every agent is owned. Inside frameworks like the AI Role Operating Framework, this function is a named role. Inside other operating models, it sits with an expanded CAIO mandate or splits across several roles. The title varies. The function does not.
The full operating manual for these three elements runs across multiple frameworks practitioners can apply, and there is healthy debate about which structure works in which industry. The point of this essay is not to prescribe a single framework. The point is that the discipline has to exist at all, and in most enterprises today it does not.
There is a diagnostic that surfaces the gap quickly. In your next executive committee or AI governance forum, ask one question: how many AI agents do we have in production right now? I want both numbers. The flagship count and the citizen count.
Three things tend to happen. Either nobody knows the citizen count, or somebody starts to estimate, or somebody insists there are no citizen agents because the platform is locked down. All three answers tell the room the same thing. The enterprise is running a portfolio it has not counted.
A working operating model produces both numbers without hesitation. One name accountable for each flagship agent. One named function counting and risk-classifying every citizen agent against the same standard. If neither number exists, the portfolio is running the enterprise, not the other way round.
Boards in 2026 are now beginning to ask the question the diagnostic surfaces, often for the first time. EU AI Act enforcement begins in August 2026, with provisions that will require enterprises to demonstrate accountability for AI systems whose outputs affect customers, employees, and other parties. Australian privacy reform is moving in parallel. Personal liability for directors of organisations whose AI systems cause material harm is now a live regulatory question on multiple continents.
The two waves are not the future. They are the present, inside almost every enterprise running AI. The discipline of governing both as one portfolio has not yet been built in most organisations. The first move is naming what is in the building. The second move is counting it. The third move is operating it as a portfolio, not as two programmes that happen to share an org chart.
Vijayan Seenisamy is the author of The Pilot Trap and The AI Delivery Manager Blueprint, and the creator of the AI Role Operating Framework (AI ROF™).