Ready to Work Together?
Let's discuss how our expertise can help transform your business.
Jordan Saunders
·
Jul 15, 2026
The agent governance tools arriving now — Docker's among them — solve a problem that badly needed solving. Here is the part the sales process will not dwell on. The tool is the easy 20 percent.
I wrote recently about why governance has to live at the runtime — the actual environment where an agent executes, holds credentials, and calls tools. That argument stands. Enforcement beats advice, and the runtime is the right layer to enforce at.
But enforcement of what? That is the question the tool cannot answer for you, and it is where most deployments will quietly stall.
Part of the agent governance series. In the previous post, the case was made that most AI governance is theater — and why enforcement has to move to the runtime. This one is about what comes after you deploy the tool.
Stand up runtime governance and you inherit a list of decisions on day one.
None of those are technical questions. They are policy questions wearing technical clothes. And in most mid-market companies, there is no committee waiting to answer them. There is one IT director who already has a full job.
So the default outcome is predictable. The tool gets deployed in its strictest mode, because strict feels safe. Everything is denied. Then a developer mid-task hits a wall, needs a tool approved, and nobody owns the approval. It takes a week. The second time, it takes a DM to someone who is on vacation.
You know what happens next, because it happens with every security control that ignores how people work. The developer routes around it. A personal laptop, an unmanaged environment, an agent running somewhere your governance has never heard of. Now you have the tool, the dashboard, the audit log, and shadow agents doing the real work outside all three. That is worse than where you started, because now the dashboard says you are covered.
The fix is not a better tool. It is treating governance like a program, which means three unglamorous things.
None of this is a flaw in the tooling. It is the same lifecycle every serious security control has ever had. Nobody bought an identity platform and was done — the rollout, the role design, and the ongoing administration were always the real work. Agent governance is the same shape. The difference is that agent adoption is moving faster than IAM ever did, so the gap between buying the tool and running the program gets expensive sooner.
This is the work we do at NextLink, and it is why our Docker partnership is about implementation, not resale. We design the policy model, wire it into the identity and audit systems a company already runs, and set up the cadence so it keeps working after we leave.
If you are evaluating agent governance right now, my advice is simple. Budget for the program, not just the licenses. Before you sign anything, answer one question: when an agent needs something new next Tuesday, who says yes, and how fast?
If there is no name, the tool will not save you. If there is, you are most of the way there before you spend a dollar.
Author at NextLink Labs
Your senior people aren't slow — they're doing archaeology. Here's why retrieval is where AI should go first in your business, and what that actually looks like in practice.
Jordan Saunders
·
Jul 8, 2026
Agents are already inside your company. Most AI governance is theater — policies agents don't read, gateways that miss the runtime. Here's what actually works.
Jordan Saunders
·
Jul 1, 2026
Five engineering defaults are quietly making your AI features 10x more expensive than they should be. Here's how to find them and fix them in a week.
Jordan Saunders
·
Jun 24, 2026
Let's discuss how our expertise can help transform your business.