1. AGF, the AI-native operating model, and agentic capital
An AI-native operating model emerges when agents become first-class executors of work rather than peripheral tools. The enterprise then has to reorganize around agentic workflows, product and value-stream ownership, policy-bounded tool use, learned ontologies, decision traces, lifecycle controls, and verification-centered metrics. Humans do not disappear; their center of gravity shifts upward toward intent-setting, exception handling, risk ownership, and redesign. In this operating logic, the main bottleneck in the agentic economy moves from execution to verification, which is why organizational redesign is now a prerequisite for scale [1][3][6].
That redesign creates a new economic object: agentic capital. Agentic capital is the stock of deployable agents, reusable workflows, tool interfaces, evaluation assets, and knowledge infrastructure that can be replicated at low marginal cost and allocated across value streams. But this capital is not productive merely because it automates work. It becomes productive only to the extent that it is permissioned, monitored, reusable, and verifiable. Verification capacity therefore becomes the scarce complement that determines whether autonomous output counts as recognized productive capacity or accumulates as unmanaged operational, financial, and governance exposure [2][14][15].
The Agentic Governance Framework is the conditioning layer that binds these two ideas into one enterprise system. It answers the questions that make autonomous execution institutionally real: who may delegate agency, under what permissions, against which ontology, with what evidence, at what risk tier, and with what economic accountability. Without AGF, the AI-native operating model remains structurally incomplete and agentic capital remains a technical capability without reliable enterprise recognition. With AGF, autonomy becomes attributable, bounded, testable, auditable, and therefore deployable at scale [5][6][16][18].
The relationship is therefore recursive. The AI-native operating model defines how work is organized. Agentic capital defines the productive stock the firm is building. AGF defines the control, evidence, and learning system that makes that stock safe to allocate, measure, finance, and monetize. Governance is foundational in operational terms because it makes agentic workflows trustworthy, and foundational in economic terms because it converts raw autonomy into verified autonomy, the unit from which revenue, margin, service performance, and trust premiums can be realized. Firms will win not by maximizing autonomy in the abstract, but by expanding verified autonomy faster than risk, verification cost, and trust constraints grow [2][6][14].
Exhibit 1. How AGF, the AI-native operating model, and agentic capital fit together
| Element | Core function | Why it matters |
| AI-native operating model | Organizes work around agentic workflows, product/value streams, learned ontologies, lifecycle controls, and verification-centered metrics [1]. | Creates the organizational architecture required to scale autonomous execution. |
| Agentic capital | Represents the reusable stock of agents, workflows, interfaces, evaluation assets, and knowledge infrastructure [2]. | Defines the economic asset the firm is forming, allocating, renewing, and measuring. |
| AGF | Allocates decision rights, permissions, evidence, knowledge governance, accountability, and learning loops [6]. | Converts raw autonomy into verified autonomy so agentic capital becomes safe, legible, and revenue bearing. |
2. Definitions and theoretical framing
The conceptual move in this paper is to insert governance into the center of the AI-native operating model, rather than treat it as a surrounding compliance envelope. The resulting framework rests on four definitions.
2.1 The extended AI-native operating model
Let the AI-native operating model be defined as OMAI-native = <S, P, C, T, M, G>, where S is structure, P is process, C is culture, T is technology, M is metrics, and G is governance. The first five dimensions describe how work is organized and executed; the sixth determines whether those dimensions can scale safely and economically. Verification, learned ontologies, and agentic capital all require formal decision rights, controls, evidence flows, and lifecycle discipline, which is why governance must be modeled as a core dimension rather than as an outer compliance layer [1][2].
2.2 Raw autonomy, verified autonomy, and monetized autonomy
Raw autonomy is the set of actions an agent can technically perform. It says nothing about whether the action was authorized, attributable, policy-compliant, or safe to count as enterprise output.
Verified autonomy is the subset of raw autonomy that is attributable to a named owner, executed within permissions, tested against policy, traceable by evidence, and reversible or escalated where required. Verified autonomy is therefore the unit of productive capacity in an agentic firm.
Monetized autonomy is verified autonomy that is linked to a P&L, a contractual service outcome, a measurable productivity gain, or a decision-quality gain that management accepts as economically real. In other words, monetized autonomy is verified autonomy that finance is willing to recognize.
Exhibit 2. The economic progression from raw to monetized autonomy
| Unit | Definition | Governance requirement | Economic meaning |
| Raw autonomy | Technically possible agent actions | Minimal or experimental controls | Potential output only |
| Verified autonomy | Authorized, attributable, policy-compliant, evidence-backed actions | Identity, permissions, tests, traces, escalation | Recognizable productive capacity |
| Monetized autonomy | Verified autonomy tied to P&L, service levels, or accepted productivity gains | Portfolio steering, pricing, reserves, finance recognition | Recognized revenue, margin, or decision value |
2.3 Agentic capital
Agentic capital is the stock of deployable, permissioned, and monitored agents, reusable workflows, evaluation assets, tool interfaces, and knowledge artifacts that together execute economically valuable work with low marginal scaling cost. Vallier’s framing emphasizes that agentic capital can be spawned and retired at near-zero marginal cost. Catalini’s framing emphasizes that only the verifiable share of that output should be treated as productive capacity [14][15].
This immediately yields a managerial implication: enterprises should stop treating agents as isolated applications and start treating them as a capital stock with formation costs, operating costs, depreciation, reserves, and yield. The purpose of governance is to keep that capital productive as it scales.
| A simple economic formulation |
| Recognized agentic revenue = volume x technical autonomy x verifiable share x value per verified action – compute cost – governance operating cost – expected loss reserve. Governance is productive because it raises the verifiable share, expands safe addressable volume, and lowers expected loss. |
3. The Agentic Governance Framework (AGF)
The AGF is the architecture that makes autonomous execution governable and monetizable. It is best understood as a layered system. Lower layers bound risk and make autonomy deployable; upper layers convert that deployable autonomy into capital yield.
Figure 1. The seven layers of the Agentic Governance Framework
3.1 Constitutional mandate and risk appetite
The constitutional layer answers the question that should precede engineering: where should the firm delegate agency at all? It defines permitted classes of use cases, non-delegable decisions, autonomy tiers, escalation rights, and risk budgets. This is the layer at which the enterprise distinguishes reversible internal tasks from irreversible external actions, low-sensitivity data handling from actions that change financial, legal, operational, or safety state.
This is not an abstract governance exercise. IMDA explicitly frames agent risk around the scope of actions an agent can take, the reversibility of those actions, and the level of autonomy granted. Its guidance is to assess and bound these risks upfront rather than rely on blanket human review after the fact [6]. NIST and ISO provide the management-system scaffolding for the same move through policy-setting, risk mapping, and continual improvement [3][4][7].
3.2 Identity, permissions, and tool contracts
Every production agent requires its own identity, explicit owner, delegation record, permission profile, and tool interface. Permissions should be bounded by role, context, and task, and should never exceed the authority of the human or system that delegated them. Tool contracts should define allowed actions, expected arguments, validation requirements, reversible actions, rate limits, and safe failure behavior.
This layer is where abstract principles become enforceable. IMDA recommends robust identity management and access controls so that agent actions are traceable and controllable [6]. NIST SP 800-53 anchors the security logic through least privilege and logging of privileged functions [18]. OWASP’s agentic security guidance reinforces the need to treat tool use, memory, and multi-agent coordination as first-order attack surfaces [10]-[12].
The design reason is straightforward. The UK’s NCSC argues that current large language models do not enforce a robust boundary between instructions and data inside a prompt, which means prompt injection cannot be treated as a problem that disappears with better prompting alone. Deterministic safeguards around tools and permissions are therefore not optional; they are the real security boundary [13].
3.3 Accountability and human oversight
In agentic systems, accountability becomes more complex precisely because actions emerge dynamically rather than from fixed workflows. Model providers, platform vendors, tool hosts, product teams, security teams, and end users may all sit somewhere in the value chain. The governance requirement is to create a chain of accountability across that value chain rather than assume that responsibility is obvious [6].
Human oversight therefore has to be redesigned. It is neither economically viable nor cognitively effective to review every action. Meaningful oversight instead means placing humans at significant checkpoints, especially where actions are high-stakes, irreversible, or hard to reverse ex post. IMDA emphasizes both significant checkpoints and periodic auditing of whether human approvals remain effective over time, especially as automation bias grows [6].
3.4 Verification, evaluation, and evidence
Verification is the production discipline that converts raw agent activity into trusted output. It includes pre-deployment testing, policy-adherence checks, runtime monitoring, trace capture, rollback capabilities, incident response, and post-deployment review. In the agentic context, evaluation must extend beyond answer quality to cover execution accuracy, tool-use correctness, control-flow behavior, and failure handling [5][6][19].
This is the operational heart of the framework. NIST organizes AI risk management around Govern, Map, Measure, and Manage, and its GenAI profile extends those concerns into generative and agentic contexts [3]-[5]. IMDA likewise recommends baseline safety and reliability testing before deployment, followed by gradual rollout and continuous monitoring after deployment because not all risks can be anticipated upfront [6].
3.5 Ontology and knowledge governance
As agents move from answering questions to changing the world, they require more than access to raw data. They require an actionable world model of the enterprise: objects, relationships, permissible actions, logic, and security constraints. This is why AI-native enterprises increasingly treat learned ontologies and operational knowledge layers as core infrastructure rather than documentation. Modern enterprise platforms use ontologies to connect data, logic, action, and security, while graph-based approaches extend that substrate into retrieval, reasoning, and coordination across complex private data [1][16][17].
Palantir’s ontology documentation is explicit that the enterprise world model must integrate data, logic, action, and security in order to support both human and agent collaboration in real operational workflows [16]. Microsoft Research’s GraphRAG work shows a parallel move in the knowledge layer: LLMs can build graph indexes and community summaries from large text corpora to improve sensemaking over private enterprise data [17].
The governance implication is that ontology versions, graph indexes, embeddings, summaries, action schemas, and semantic drift tests all become governed artifacts. The enterprise should version them, validate them, bind them to permissions, test them for backward compatibility, and link them to decision traces. Governance must therefore extend from models and prompts into the enterprise’s learned representation of reality itself.
3.6 Economic allocation and revenue realization
The sixth layer is the paper’s most important extension beyond current public frameworks. Official frameworks are strong on risk and controls, but they say less about how governance should steer investment and revenue realization. Yet this is where the economics of agentic capital actually become decisive.
If agentic capital can be replicated cheaply, then scarce resources shift elsewhere: human verification, organizational trust, compliance readiness, and liability-bearing approvals. Catalini argues that as automated execution becomes abundant, rents migrate to verification and accountability. Vallier argues that agentic capital can be spawned and retired at low marginal cost. Put differently, the scarce complement to autonomous execution is not execution itself; it is governed and verifiable execution [14][15].
The economic layer of the AGF therefore allocates compute, verification capacity, trust budgets, and risk budgets across a portfolio of use cases. It sets hurdle rates, reserve policies, chargeback logic, reuse credits, and depreciation rules so that teams optimize for risk-adjusted verified autonomy rather than gross automation percentage. This is the layer that lets finance treat agents as capital assets rather than as experimental software projects.
3.7 Continuous learning and capital renewal
The final layer governs how agentic systems improve without becoming uncontrollable. Decision traces, evaluations, user corrections, ontology updates, and incident reviews should feed controlled learning loops that improve workflows and reusable skills over time. ISO/IEC 42001 explicitly frames AI management in terms of establishment, maintenance, and continual improvement, while the NIST Playbook is itself a living resource that evolves with technology [4][7].
This layer also manages depreciation. Agentic capital loses value through drift, model or API churn, policy change, security exposure, and semantic mismatch between what the enterprise believes the world is and what the world has become. Continuous learning is therefore inseparable from retirement, rollback, and renewal. Well-governed agentic capital compounds; poorly governed agentic capital decays.
Exhibit 3. AGF layers, control objects, and economic effects
| Layer | Primary control objects | Foundation effect | Revenue effect |
| Constitution | Use-case classes, autonomy tiers, risk budgets, non-delegable decisions | Prevents unsafe deployment and clarifies design intent | Focuses investment on monetizable use cases |
| Identity & permissions | Agent IDs, scoped credentials, tool contracts, delegation records | Makes autonomy deployable and bounded | Expands safe action volume |
| Accountability | RACI, checkpoints, escalation rights, vendor obligations | Prevents responsibility diffusion | Enables higher-value deployment |
| Verification & evidence | Tests, traces, telemetry, rollback, incident review | Turns outputs into trusted decisions | Raises the verifiable share of output |
| Ontology governance | Graph versions, embeddings, action schemas, drift tests | Keeps the world model aligned to reality | Improves reuse and reduces decision error |
| Economic allocation | Portfolio steering, pricing, reserves, chargebacks, hurdle rates | Makes agentic capital legible to finance | Improves turnover and margin realization |
| Learning & renewal | Skill libraries, retraining rules, retirement, depreciation controls | Prevents decay and uncontrolled drift | Compounds capability at lower marginal cost |
4. Why agentic governance is foundational to the AI-native operating model
The AGF is foundational because every dimension of the AI-native operating model depends on it. Structure requires clear decision rights between central platform teams, domain product teams, security, risk, and finance. Processes become truly agentic only when they are expressed as permissions, tool contracts, verification requirements, and escalation paths. Culture shifts from routine execution toward critical thinking, liability-bearing approvals, and continuous redesign. Technology requires runtime identity, policy, observability, and knowledge controls. Metrics must center on verification, policy adherence, rollback, and drift rather than raw output volume [1]-[7].
The regulatory and standards context makes this even more urgent. As of April 2026, the European Commission’s baseline timeline remains that the AI Act entered into force on 1 August 2024, prohibited practices and AI literacy obligations have applied since 2 February 2025, GPAI obligations since 2 August 2025, and the Act becomes broadly applicable on 2 August 2026, with some high-risk product rules extended to 2027 [8][9]. In parallel, ISO/IEC 42001 requires organizations to establish, maintain, and continually improve an AI management system, while NIST continues to extend the AI RMF through profiles and implementation resources [3]-[7].
The operating implication is straightforward: enterprises can no longer treat governance as a committee review that happens after product teams ship. Governance must be embedded in the operating model and in the runtime itself, because the cost of retrofitting control after autonomous execution has already scaled is too high.
Exhibit 4. Crosswalk from AGF to current governance anchors
| AGF area | Framework anchors | Operating implication |
| Constitution | NIST Govern/Map; IMDA risk assessment; EU risk and use-case obligations | Delegate autonomy only where intent, risk, and evidence obligations are explicit |
| Identity & permissions | IMDA traceability and control; NIST least privilege; OWASP tool and memory risks | Make agents separately identifiable, scoped, and observable |
| Accountability | IMDA meaningful human accountability; ISO roles and objectives | Create explicit chains of responsibility across the lifecycle and value chain |
| Verification | NIST Measure/Manage; IMDA testing and gradual rollout; AIOpsLab-style observability | Make verification a production capability, not an ad hoc review step |
| Ontology | ISO continual improvement; operational ontology and graph approaches | Treat the enterprise world model as a governed operating asset |
| Economic allocation | Added by this paper | Connect governance evidence to capital allocation, pricing, reserves, and P&L recognition |
5. How governance becomes a revenue engine for agentic capital
The decisive claim of this paper is economic. Governance does not generate revenue by itself in the way that a sales team does. It generates revenue in the way that a payment rail, a credit model, or a quality system does: by making more economic activity recognizable, contractable, and repeatable. In Catalini’s framing, as automated execution becomes abundant, economic rents migrate toward verification and accountability. In Vallier’s framing, agentic capital can be replicated at low marginal cost. Combined, the result is that advantage shifts to the firms that can turn more of their autonomous output into governed and trusted output [14][15].
This is why the key unit is verified autonomy. The firm that has the most raw autonomy may simply have the largest surface area for hidden liabilities. The firm with the largest stock of verified autonomy has the largest stock of capital it can safely deploy, price, insure, and reinvest.
Figure 2. The governance-to-revenue conversion loop
5.1 Expand the frontier of deployable autonomy
Thin governance traps firms at the bottom of the value curve. Either they restrict agents to trivial use cases because they cannot trust them, or they deploy agents too broadly and accumulate hidden losses. Productive governance expands the frontier of deployable autonomy by creating the controls required for medium- and higher-value tasks. More claims can be processed, more tickets resolved, more workflows executed, and more decisions delegated because permissions, checkpoints, and evidence reduce the downside of scale.
5.2 Compress verification cost
Verification is a bottleneck only when it remains artisanal. Standardized evaluation suites, trace capture, runtime telemetry, policy checks, and structured human checkpoints reduce the cost per verified action. Once verification becomes cheaper, the same stock of human oversight can support a larger volume of autonomous execution. This is equivalent to expanding productive capacity without a proportional increase in headcount [5][6][19].
5.3 Increase reuse and capital turnover
When workflows, tool contracts, ontology assets, and evaluation harnesses are standardized, they can be reused across domains. Reuse lowers formation cost and increases capital turnover: the same stock of agentic capital supports more use cases and more value streams. Governance is what makes reuse safe, because reuse without identity, evidence, and version control simply multiplies fragility.
5.4 Lower loss reserves and compliance drag
Governance reduces economic leakage. Better permissions reduce unauthorized actions. Better evidence reduces rework and dispute resolution. Better rollback lowers the cost of failure. Better accountability reduces contract ambiguity with vendors and tool providers. Over time, this lowers the reserves and contingencies the organization must hold against autonomous execution, which directly improves realized margin [6][10]-[13].
5.5 Create trust premiums and market access
In many settings, the premium is not speed alone but trustworthy speed. Regulated buyers, enterprise customers, and internal control owners are willing to pay more – or to approve broader deployment – when outputs are attributable, auditable, and policy-backed. Governance therefore creates a trust premium: it opens markets and use cases that unguided autonomy cannot access. In the agentic economy, provenance and liability do not merely reduce risk; they become part of the product [8][9][14].
Exhibit 5. Revenue channels unlocked by governance
| Revenue channel | Governance lever | Unit-economic effect | Example outcome |
| Efficiency revenue | Verification automation and bounded tool use | Lower cost-to-serve | More cases handled per worker |
| Capacity revenue | Autonomy tiers and checkpoint design | Higher throughput | More quotes, tickets, or claims completed |
| Conversion revenue | Better evidence and faster decision cycles | Higher realization rate | Fewer stalled workflows and escalations |
| Trust premium | Provenance, auditability, and policy compliance | Higher price or broader approval | Premium contracts in regulated contexts |
| Platform revenue | Governed reusable workflows and knowledge assets | Higher capital turnover | More value streams using the same assets |
| Two management metrics added by this paper |
| Governance yield = change in verified gross margin divided by incremental governance spend. Agentic capital turnover = verified value created divided by net agentic capital invested. Both metrics force the enterprise to judge governance by the amount of monetizable autonomy it enables, not by policy volume. |
6. Operating model design: where governance lives
Because governance is foundational and economic, it cannot sit only in compliance or security. It needs an operating-model home. The most workable pattern remains a hub-and-spoke design: a central agent platform and governance hub owns runtime standards, identity, policy engines, evidence models, and shared tooling, while domain product teams own outcomes within value streams [1][2].
What changes in the agentic context is the addition of two explicit management disciplines. The first is Verification Operations, a function that industrializes evaluation, trace review, rollout controls, and incident learning. The second is Agentic Capital Management, a finance-linked discipline that allocates investment, sets reserve logic, and tracks yield across a portfolio of agents and workflows.
Every production release should bind together a governance bundle: workflow version, model or gateway version, prompt and policy version, tool contracts, ontology or graph version, evaluation suite and results, autonomy tier, rollback plan, owner, and evidence configuration. This is what makes agentic systems auditable as compound systems rather than as isolated model calls [5][6][10]-[12].
Exhibit 6. Core roles in a governance-native operating model
| Role | Primary responsibility | Decisions owned |
| Executive risk owner | Sets risk appetite and approves strategic use cases | Autonomy limits, escalation policy, exception rights |
| Agentic Capital Committee | Aligns business, technology, risk, security, and finance | Portfolio priorities, investment levels, reserve rules |
| Platform governance lead | Owns runtime standards and control architecture | Identity model, policy engine, evidence requirements |
| Domain agent product owner | Owns value-stream outcomes and KPI integrity | Workflow design, autonomy-tier requests, service levels |
| Verification Ops lead | Industrializes testing, rollout, and monitoring | Release gates, incident taxonomy, rollback decisions |
| Ontology steward | Owns semantic and kinetic world models | Ontology versions, drift responses, compatibility rules |
| Security and red team | Threat models agentic systems and validates controls | Baseline guardrails, attack simulations, remediations |
| Agentic controller / finance | Makes agentic capital legible to the P&L | Chargebacks, depreciation, recognition, governance yield |
7. Metrics and the board dashboard
Once governance is treated as a production and revenue system, the board dashboard has to change. Raw automation percentage is too weak a measure because it ignores verification cost, reserve requirements, and hidden failure modes. The dashboard should instead track stock, flow, yield, risk, and learning.
Exhibit 7. Suggested board-level KPI set for agentic capital
| KPI family | Metric | Definition | Why it matters |
| Stock | Production agent inventory | Agents and reusable workflows in production by role and autonomy tier | Shows capital stock, not just experiments |
| Stock | Reusable asset ratio | Share of workflows, tool contracts, and eval assets reused across domains | Measures capital formation efficiency |
| Yield | Verified autonomy ratio | Verified autonomous actions divided by total autonomous actions | Core indicator of productive autonomy |
| Yield | Agentic capital turnover | Verified value created divided by net agentic capital invested | Tests whether the stock is productive |
| Yield | Governance yield | Change in verified gross margin divided by incremental governance spend | Measures governance as a revenue engine |
| Quality | Verification cost per 1,000 actions | Human review + eval operations + incident cost per 1,000 actions | Shows whether verification is industrializing |
| Risk | Policy adherence rate | Percent of actions that pass policy and permission checks | Tests control effectiveness |
| Risk | Rollback success rate | Percent of failed actions successfully reversed or contained | Measures resilience |
| Risk | Trace completeness | Percent of material actions with usable provenance and audit evidence | Indicates auditability |
| Learning | Ontology drift cycle time | Time from semantic mismatch detection to governed update | Shows how fast the world model stays current |
8. Implementation roadmap and maturity model
A practical implementation path begins with evidence rather than ambition. Enterprises should first make a small set of agentic use cases evidence-ready – explicit owners, scoped permissions, trace capture, evaluation baselines, and rollback plans – before chasing broad autonomy. Once the evidence substrate exists, the organization can increase autonomy tiers, standardize knowledge assets, and link governance metrics to capital allocation.
The maturity path is less about model sophistication than about the quality of the governance-to-revenue conversion loop. The following model is designed to help leaders stage that progression.
Exhibit 8. Maturity model for governance-native agentic enterprises
| Level | Characteristic state | Gate to the next level |
| 1 Assistive pilots | Agents are mostly copilots; limited controls; value is anecdotal | Create identities, permissions, traces, and clear owners |
| 2 Controlled automation | Agents execute bounded reversible tasks; basic TEVV and monitoring exist | Standardize evidence bundles and autonomy tiers |
| 3 Verified autonomy | Verification becomes a production discipline; policy checkpoints and rollback are normal | Connect governance metrics to portfolio decisions |
| 4 Portfolio-managed agentic capital | Finance tracks stock, yield, reserves, and reuse across domains | Embed governance into products and customer promises |
| 5 Trust-premium enterprise | Governance becomes a market differentiator and a source of premium revenue | Continuously renew the capital stock and ontology layer |
9. Conclusion
The AI-native operating model becomes durable only when governance is treated as infrastructure rather than review. Agentic capital becomes productive only when governance converts raw autonomy into verified autonomy. AGF is therefore the missing conditioning layer that binds organizational redesign to economic value.
The firms that win will not simply be those that deploy more agents. They will be those that write better constitutions for autonomy, create stronger permission boundaries, generate better evidence, govern their knowledge layers as operating assets, allocate verification capacity with greater discipline, and compound those capabilities into a reusable stock of trustworthy execution. In that sense, agentic governance is both the operating system of the AI-native firm and the revenue engine of agentic capital.
References
[1] “AI-Native Operating Models for the Agentic Economy,” companion working paper integrated into the present paper, 2026.
[2] “Native AI Operating Models and Agentic Capital,” companion working paper integrated into the present paper, 2026.
[3] National Institute of Standards and Technology (NIST), Artificial Intelligence Risk Management Framework (AI RMF 1.0), 2023.
[4] NIST AI RMF Playbook, living implementation resource aligned to the Govern, Map, Measure, and Manage functions, accessed April 2026.
[5] NIST, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile (NIST AI 600-1), 2024.
[6] Infocomm Media Development Authority (IMDA), Model AI Governance Framework for Agentic AI, 2026.
[7] ISO/IEC 42001:2023, Artificial intelligence – Management system requirements, ISO, 2023.
[8] European Commission, “AI Act | Shaping Europe’s digital future,” application timeline page, accessed April 2026.
[9] European Commission, “Guidelines for providers of general-purpose AI models,” accessed April 2026.
[10] OWASP Gen AI Security Project, Agentic AI – Threats and Mitigations, 2025.
[11] OWASP Gen AI Security Project, Securing Agentic Applications Guide 1.0, 2025.
[12] OWASP Gen AI Security Project, Multi-Agentic System Threat Modeling Guide v1.0, 2025.
[13] UK National Cyber Security Centre (NCSC), “Prompt injection is not SQL injection (it may be worse),” 8 December 2025.
[14] Christian Catalini et al., “Some Simple Economics of AGI,” arXiv:2602.20946, 2026.
[15] Kevin Vallier, “The Theory of Strategic Evolution: Games with Endogenous Players and Strategic Replicators,” arXiv:2512.07901, 2025.
[16] Palantir, “The Ontology system,” and “Ontology building” documentation, accessed April 2026.
[17] Microsoft Research, Project GraphRAG and “From Local to Global: A Graph RAG Approach to Query-Focused Summarization,” 2024.
[18] NIST Special Publication 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations, including least privilege and logging of privileged functions, 2020.
[19] Microsoft Research, AIOpsLab: A Holistic Framework for Evaluating AI Agents for Enabling Autonomous Cloud, 2025.
