Governing Autonomous AI Agents: A Two-Layer Architecture

Enterprises deploying autonomous AI agents confront a governance gap that existing security frameworks were not designed to address. A January 2026 survey of 418 IT and security professionals conducted by the Cloud Security Alliance and Token Security found that 65% of organizations experienced an AI agent security incident in the past twelve months, with every reported incident producing measurable business impact—most commonly data exposure (61%). The same survey found that 82% of organizations have discovered at least one AI agent operating in their environment without the knowledge of their security or IT teams. This paper argues that effective agent governance requires a two-layer architecture separating governance-layer controls—policy enforcement, compliance mapping, accountability structures, audit trails, and decision-rights allocation—from substrate-layer controls—model provenance, compute environment integrity, training data governance, fine-tuning drift management, and foundational model supply-chain security. The Agentic Trust Framework (ATF) provides a well-structured governance-layer solution. ATF is necessary but not sufficient: it achieves comprehensive governance-layer coverage while leaving the substrate layer unaddressed. This paper details the two-layer architecture, positions ATF within it, maps the substrate-layer gaps with precision, and provides actionable recommendations for enterprise leadership. Conclusions are applicable to SMB operators as a simplified two-layer readiness framework.