Agentic AI Is Becoming Production Infrastructure—And Governance (Keys, Data Sharing, Auditability) Is the Real Bottleneck

AI strategy is quietly changing shape. The conversation is moving from “which model?” to “which tasks can agents execute safely inside our systems?” That shift matters now because agentic workflows increase the blast radius of AI: the moment an agent can query customer data, write to a ticketing system, or trigger a campaign, it becomes an operational and compliance concern—not just an innovation initiative.

Several signals in the last 48 hours point to the same direction. InfoQ highlights Google’s Gemini CLI subagents—a practical mechanism for delegating work to specialized agents in parallel, directly in developer workflows (InfoQ: “Subagents in Gemini CLI…”). In parallel, Databricks is explicitly marketing hands-on training around agents and “vibe coding” at its Data + AI Summit, indicating agents are becoming a mainstream developer toolchain concern, not a research novelty (Databricks: “Get hands on with agents…”).

At the business layer, Databricks and Adobe are pushing Delta Sharing plus “agentic marketing workflows,” which is an important tell: enterprises want agents to operate across organizational data boundaries (marketing + data science) with less friction (Databricks: “Adobe and Databricks Launch Delta Sharing…”). But as soon as you enable cross-system data access for agents, the question becomes: who controls encryption keys, what’s the policy boundary, and how do you prove compliance?

That’s where the governance and security pieces snap into focus. Databricks’ release of customer-managed keys for Lakebase Postgres is a direct response to regulated buyers who need cryptographic control as a prerequisite for broader AI adoption (Databricks: “Customer-Managed Keys for Lakebase Postgres”). And the regulatory drumbeat is steady: NIST’s ongoing work around HIPAA Security assurance underscores that compliance expectations are tightening, not loosening—especially for sensitive domains like healthcare (NIST: “Safeguarding Health Information…”). In the UK, the FCA’s continued emphasis on Consumer Duty reporting reinforces that regulators increasingly expect evidence of governance and monitoring, not just policy documents (FCA: “Year 2 Consumer Duty Board Reports…”).

For CTOs, the synthesis is straightforward: agentic AI is forcing a convergence of developer experience, data architecture, and compliance engineering. Treat agents as a new class of production workload that requires: (1) explicit data contracts and share boundaries (what an agent can read/write), (2) key management and tenant controls that satisfy your strictest regulator/customer, and (3) auditability designed in from day one (agent actions should be attributable, replayable, and reviewable). The winners won’t be the teams with the most prompts—they’ll be the teams that can let agents act safely at scale.

Actionable takeaways:

• Establish an “agent runtime” standard: identity, permissions, tool access, logging, and human approval paths for high-risk actions.
• Make cryptographic control a platform feature (CMKs/HYOK where possible) rather than a bespoke deal-by-deal security exception.
• Treat data sharing as a governed product: define datasets, policies, and SLAs the same way you define APIs.
• Update operational resilience playbooks for agent failure modes (runaway automation, bad tool calls, silent data exfiltration via legitimate access).

Sources

1. https://www.infoq.com/news/2026/04/subagents-gemini-cli/
2. https://www.databricks.com/adobe-databricks-delta-sharing-agentic-marketing
3. https://www.databricks.com/blog/take-control-customer-managed-keys-lakebase-postgres
4. https://www.databricks.com/blog/get-hands-on-agents-vibe-coding-and-more-data-ai-summit
5. https://www.nist.gov/news-events/events/2026/09/safeguarding-health-information-building-assurance-through-hipaa-security
6. https://www.fca.org.uk/news/blogs/year-2-consumer-duty-board-reports-progress-and-what-comes-next