Analyst(s): Fernando Montenegro
Publication Date: June 26, 2026
This report by Futurum Research examines the state of agentic AI governance following the May 2026 launch of the Agent Control Standard (ACS), a proposed, vendor-led runtime control standard that originated inside the AI security startup Zenity. The analysis argues that while ACS is an interesting development, a well-designed control layer does not close the governance problem it was built to address. We make the case that the correct organizational target is shrinkage, the continuous reduction of ungoverned exposure, rather than the universal coverage that platform economics will not deliver.
Key Points:
- The Governance Gap Beyond the Control Layer: ACS is an interesting early development, but it cannot fix the accountability chain break that is structural to goal-directed agents. Authorization exists at the goal level, not the action level, and no runtime enforcement layer can reconstruct an authorization record that was never created.
- Platform Economics Predict Fragmentation, Not Convergence: Agent catalogs, lifecycle policies, and registry ownership are platform stickiness mechanisms. The interoperability dynamic that drove MCP and A2A adoption does not extend to governance-layer standards, where owning the decision is the business model. Microsoft shipped its own same-named control specification six days after ACS launched, fragmentation surfacing before adoption even begins. A single universal control layer is structurally unlikely.
- Shrinkage Is the Correct Target: Organizations optimizing for complete coverage are aiming at a destination that will not arrive. The right goal is reducing ungoverned exposure below an existential threshold and managing it continuously, with explicit ownership of what remains ungoverned.
Overview—The Core Problem:
Goal-directed agents sever the clean authorization chain that traditional IAM assumes. A human authorizes a goal, the agent infers the actions needed to reach it, and some of those actions are unexpected. The question “who authorized this specific action?” often has no clean answer. ACS, the vendor-led standard launched in May 2026, proposes policy hooks at execution checkpoints that return allow, deny, or modify verdicts before an action reaches production, which is architecturally correct. What it cannot provide is validation against an authorization record that goal-directed architecture never produced at the action level. This is why coverage alone is the wrong frame.
The Shift
We argue vendors should stop selling completeness and start building toward the harder, more durable problem: prospective, goal-scoped authorization rather than retrospective audit trails. The second move is positioning. Because no hyperscaler has the incentive to aggregate governance across competitors’ platforms, a durable opportunity exists for a neutral aggregation layer above fragmented registries, the same structural gap that produced the SSPM category. Vendors that enter that space are competing in a space where incumbents are structurally unable to follow.
The “So What”
There is no regulatory deadline forcing action, which makes deferral easy to rationalize, but the cost compounds. Every month of ungoverned deployment adds governance debt as identities go uninventoried and procurement contracts are signed without disclosure requirements. The third-party agent market still lacks an Agent Bill of Materials (ABOM), creating Akerlof information asymmetry in which well-scoped agents cannot signal their quality beyond their asserted claims. Organizations that adopt shrinkage as a discipline will now govern methodically; those that wait will govern reactively, under pressure, and at higher cost.
What to Watch:
- Native Framework Support: Will major frameworks such as LangGraph, AutoGen, and the Claude Agent SDK ship first-class ACS hooks, or will integration remain manual wrappers? Native support within 12 months would be evidence against the fragmentation thesis.
- A Neutral Aggregation Category: Watch for vendors explicitly positioning as cross-platform governance aggregators above the hyperscaler registry layer. Early category definition will carry disproportionate influence.
- First Regulator to Move: Financial services is the highest-probability first mover. Watch for SEC, OCC, or FFIEC guidance extending model risk management frameworks to goal-directed agents, and whether it is principles-based or prescriptive.
The full report is available to read on our website and via subscription to Futurum Intelligence’s Cybersecurity & Resilience IQ service—click here for inquiry and access.
Futurum clients can read more in the Futurum Intelligence Platform, and non-clients can learn more here: Cybersecurity & Resilience Practice.
About the Futurum Cybersecurity & Resilience Practice
The Futurum Cybersecurity & Resilience Practice provides actionable, objective insights for market leaders and their teams so they can respond to emerging opportunities and innovate. Public access to our coverage can be seen here. Follow news and updates from the Futurum Practice on LinkedIn and X. Visit the Futurum Newsroom for more information and insights.
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
