A new governance-focused analysis warns that enterprises are delegating decision rights to AI agents faster than governance frameworks can keep up. The piece says organizations have shifted from treating AI as software to treating it as an operational actor, while most still lack clear strategy and management controls. It reports that 91% of organizations are already using AI agents but only 10% have a clear strategy to manage them. The core risk, according to the analysis, is not malicious behavior but how agents operate under delegated authority in systems that were built for people—especially around access, authorization, and identity management. The article cites security findings that only a minority of organizations treat AI agents as independent identities, even as incident reporting indicates suspected or confirmed security incidents involving AI agents. For higher education institutions implementing agentic tools for advising, learning analytics, and administrative workflows, the warning is direct: governance must include decision rights, identity controls, and auditability before scaling agent-based automation.