Most asset managers, banks, and health insurers are running modest pilots of agentic AI. The agents operate within narrow functional scope — exception handling, reconciliation, first-line triage. They do not run the workflows. They work as enablers within workflows that still rely on people, process, and technology to move the business forward. Confidence grows incrementally as the business line owners closest to the work learn what the tools can and cannot do.
None of this sits in live production at scale. All of it could, as confidence grows in the coming months and years.
Two familiar postures, neither of which fits
The risk function has two instinctive postures toward novel technology, and neither works here.
The first is gatekeeper. The risk function slows the pilots down until policy catches up, requires formal sign-offs before scope expands, and demands documented risk assessments before the experiments can do meaningful work. This posture loses credibility quickly with business line owners who can see, in front of them, that the tools produce useful output on real tasks. Gatekeeping trains the business to route around the risk function rather than to it.
The second is oracle. The risk function predicts the risks before pilot data arrives, issuing frameworks and risk taxonomies that anticipate what the technology will do at scale. Oracle posture overstates what can be known. Agentic AI performs unevenly across adjacent tasks — strong on one, weak on the next, for reasons not yet well understood. Frameworks drafted in advance tend to miss the risks that matter and over-specify the ones that don't.
Neither posture puts the risk function where it needs to be: close enough to the work to see what's happening, early enough to shape the framework before production scope hardens.
Three horizons the risk function has to see coming
What makes this transition difficult is that it happens in stages, and each stage produces risks the previous stage's framework cannot capture.
Horizon one: agents as functional contributors within existing workflows. Today's pilots sit here. The agent handles a defined task within a workflow that still runs on people, process, and technology. Handoffs remain human. The workflow's shape stays intact.
Horizon two: agents as owners of end-to-end workflows and their handoffs to adjacent workflows. Over time, confidence and capability grow together. The agent graduates from contributor to orchestrator, taking responsibility for the workflow end to end and managing the joins to workflows upstream and downstream. The workflow still exists in recognizable form. The agent now runs it.
Horizon three: agents that redefine workflows and their neighbors. The deepest transition comes last. Existing workflows carry decades of accretion — a step added after a regulatory finding, a handoff introduced because a legacy system could not integrate, a review layer that persists because the person who understood why it was needed has retired. Agents capable of end-to-end ownership will eventually redesign the workflows themselves, eliminating accretion and reshaping adjacent workflows whose own accretion no longer fits.
The risk function has to see all three horizons coming. A framework built for horizon one cannot protect the business at horizon two, and a framework built for horizon two cannot see horizon three approaching.
The sidecar posture
A third option exists. The risk function rides alongside the experiments rather than in front of them or behind them. It watches the pilots closely, sees where the tools are being tried, how they touch workflows, and where the agent makes decisions that a human would otherwise make. It sees what human checkpoints remain, and how those checkpoints are expected to change as confidence grows. These observations tell the risk function which risks are becoming material, and in what order.
Risks arrive in sequence, and the sequence shifts as the horizons change. At horizon one, operational risk moves first through process exceptions and agent behavior drift, with technology risk alongside it through integration architecture and vendor API dependencies. Data privacy and cybersecurity risks grow as the agent's data access expands. Financial and regulatory risks surface as agent decisions affect customer outcomes, financial reporting, or regulated activities.
At horizons two and three, strategic and systemic risks enter the frame: vendor concentration, governance in workflows without a human accountable at each step, reputational risk when redesigned workflows produce outcomes no one predicted.
The work of the sidecar posture runs iteratively rather than definitively. Conventional risk assessments assume a stable end state, and pilots have none. Assessments get produced as working documents, revised as pilot scope expands and agent capabilities change. The same iterative logic governs key risk indicators: conventional measures of losses, errors, and incidents arrive too late to help while pilots are the frontier. Leading indicators that catch drift, unevenness, and capability erosion before they surface as losses resist easy definition. They also hold the value.
Controls designed in parallel evolve as the pilots evolve, adapting toward production-readiness rather than arriving retrofitted after the fact. When the risk function and Internal Audit work alongside the pilot team, the controls framework matures at the same pace as the capability.
The RPA memory
Financial services, banking, and health insurance ran a version of this before. Robotic process automation arrived a decade ago with a similar arc of modest pilots, growing confidence, and function-by-function expansion into production. RPA ran on rules, behaved deterministically, and offered auditability. It still produced durable governance failures. Bots broke when underlying systems changed. Error surfaces went unnoticed until losses accumulated. Accountability blurred when automation drifted from what it was supposed to do. Control frameworks arrived after production scope had already hardened.
Agentic AI presents the harder version. Behavior runs non-deterministically, capability boundaries shift across model versions, and vendor updates beyond the enterprise's control change what the agent can do. The cost of arriving late runs higher because the substrate runs harder. The sidecar posture captures what arriving on time looks like.
Why the timing matters
The window while pilots remain the frontier offers the lowest-cost time to develop the risk assessments, leading key risk indicators, and controls framework that will move with production adoption. Waiting for a stable end state means waiting past the point where the risk function holds leverage.
Once agentic AI moves into live production workflows — in reconciliation, claims administration, or fraud detection — the framework has to be retrofitted against production behavior rather than developed alongside pilot behavior. Retrofitting runs slower and more expensive than developing in parallel, and carries exposure during the gap.
The framework need not be complete to be useful. It must move at the same pace as the capability.
The Bottom Line
Agentic AI moves through pilot and sandbox across reconciliation, claims administration, fraud detection, and other workflows that rely on people, process, and technology working together. Over time, agents will own workflows end to end and eventually redesign them and their neighbors. The gatekeeper and oracle postures cannot position the risk function to arrive at production with a ready framework. The sidecar posture can.
Right-Brained Risk applied to agentic AI adoption looks like this: broad, vigilant attention riding alongside the experiments, with the capacity to see what's emerging before it fits the framework — while the framework is still being built.
The window stays open while the pilots are still pilots. It closes as workflows move to production.