Insights | NextLink Labs

Agent Governance Is a Program, Not a Purchase

Written by Jordan Saunders | Jul 15, 2026 3:55:52 PM

The agent governance tools arriving now — Docker's among them — solve a problem that badly needed solving. Here is the part the sales process will not dwell on. The tool is the easy 20 percent.

I wrote recently about why governance has to live at the runtime — the actual environment where an agent executes, holds credentials, and calls tools. That argument stands. Enforcement beats advice, and the runtime is the right layer to enforce at.

But enforcement of what? That is the question the tool cannot answer for you, and it is where most deployments will quietly stall.

Part of the agent governance series. In the previous post, the case was made that most AI governance is theater — and why enforcement has to move to the runtime. This one is about what comes after you deploy the tool.

The Decisions the Tool Cannot Make for You

Stand up runtime governance and you inherit a list of decisions on day one.

 
Which MCP servers are sanctioned, and who approves a new one when a developer finds something useful on a Tuesday.
 
What network and filesystem scope each class of agent actually needs.
 
Which credentials an agent may use, and for what.
 
Where the logs go, who reads them, and what they do when something looks wrong.

None of those are technical questions. They are policy questions wearing technical clothes. And in most mid-market companies, there is no committee waiting to answer them. There is one IT director who already has a full job.

The Predictable Default Outcome

So the default outcome is predictable. The tool gets deployed in its strictest mode, because strict feels safe. Everything is denied. Then a developer mid-task hits a wall, needs a tool approved, and nobody owns the approval. It takes a week. The second time, it takes a DM to someone who is on vacation.

You know what happens next, because it happens with every security control that ignores how people work. The developer routes around it. A personal laptop, an unmanaged environment, an agent running somewhere your governance has never heard of. Now you have the tool, the dashboard, the audit log, and shadow agents doing the real work outside all three. That is worse than where you started, because now the dashboard says you are covered.

Three Unglamorous Fixes

The fix is not a better tool. It is treating governance like a program, which means three unglamorous things.

1. Sane defaults over maximum restriction. Scope the common cases generously enough that a compliant developer never notices the governance is there. The control you want is invisible until something genuinely abnormal happens.

 

2. A fast exception path with a named owner. When an agent needs something new, someone specific decides, on a clock measured in hours. Governance survives on the speed of its exceptions. Slow approvals are how good tools get routed around.

 

3. A cadence. Agent use will not look the same in six months. New tools show up weekly. Someone reviews what got requested, what got blocked, what the logs actually show, and adjusts the policy. That review is also where your audit evidence comes from — because sooner or later an insurer or a customer will ask what your agents can touch, and "we bought a product" is not an answer. "Here is our policy, here is the log, here is the review cadence" is.

 

The Tool Is Docker's. The Program Is the Part Someone Has to Build.

None of this is a flaw in the tooling. It is the same lifecycle every serious security control has ever had. Nobody bought an identity platform and was done — the rollout, the role design, and the ongoing administration were always the real work. Agent governance is the same shape. The difference is that agent adoption is moving faster than IAM ever did, so the gap between buying the tool and running the program gets expensive sooner.

This is the work we do at NextLink, and it is why our Docker partnership is about implementation, not resale. We design the policy model, wire it into the identity and audit systems a company already runs, and set up the cadence so it keeps working after we leave.

If you are evaluating agent governance right now, my advice is simple. Budget for the program, not just the licenses. Before you sign anything, answer one question: when an agent needs something new next Tuesday, who says yes, and how fast?

If there is no name, the tool will not save you. If there is, you are most of the way there before you spend a dollar.