
Agentic AI Frameworks - Extending or Creating New Ones
Governing agentic AI without throwing away what you already know.
Open the three frameworks most of us point people to; the NIST AI Risk Management Framework, ISO 42001, and the EU AI Act ; and search them for the word “agent.” By at least one widely-shared analysis, it isn’t there. No autonomous agents, no multi-agent systems, no AI that takes actions with real-world consequences. Which is strange, because the systems landing in enterprises this year are exactly those.
It would be easy to read that as an indictment of the frameworks. I don’t think it is. These are still the backbone of how most organizations talk about AI risk, and they were never meant to spell out every future capability. The more useful question isn’t whether they’re good. It’s what you do now that they don’t name the thing everyone is deploying. And on that question, the field genuinely splits.
The real disagreement
One camp says build new. If agents are different in kind, the argument goes, then bolting them onto frameworks written for a different era creates false confidence. You need purpose-built standards for autonomy, delegation, and tool use. This isn’t hypothetical: in January 2026, Singapore’s regulator released what’s described as the world’s first national framework purpose-built for agentic AI, and the Cloud Security Alliance has been building an entire parallel stack of agentic controls.
The other camp says we already have more frameworks than most organizations actually apply, and the answer is to extend rather than multiply. The Future Society argues the EU Act, despite not being written with agents in mind, already applies to them. The EU’s own guidance notes that a model’s autonomy and tool use can already trigger systemic-risk obligations. And the CFA Institute warns that chasing every new framework leaves you trying to “boil the ocean” and governing none of it well.
The neat thing is that two leading jurisdictions now embody the split: Singapore invented, and the EU is extending. It’s worth being honest that much of this is still in motion; NIST’s agent-specific control overlays are still in draft, and the EU has provisionally pushed its high-risk deadlines into late 2027 and beyond. Nobody has a finished answer. We’re watching it get built.
My Stand?
Extend by default, invent on purpose. The foundations are your backbone and your shared language with legal, risk, and the board; I wouldn’t give that up to chase novelty. But where agents genuinely break the model; identity, autonomy, real-time action, audit trails; that’s where purpose-built controls earn their place. The better move is to map those new controls back onto the framework you already run, rather than stand up a second system beside it. Tellingly, even the new instruments are built that way: the Cloud Security Alliance’s controls matrix maps directly back to NIST AI RMF and ISO 42001. The field seems to be converging on roughly this.
What it looks like in practice
Concretely, take a single NIST function and write the agentic controls underneath it. Govern assumes an action traces back to an accountable person; an agent acting across systems breaks that with an attribution gap, which is why OWASP’s agentic guidance is so insistent on giving each agent its own governed identity, least-privilege scope, and vaulted credentials. Do that across all four functions and you’ve extended your foundation instead of replacing it. (I’ve put a one-page worksheet for exactly this in the video description.)
For organizations
The same logic scales. Find your agents first; most organizations already run them through bottom-up adoption. Treat them less like features and more like digital employees, with their own identities and least-privilege scopes. Build audit trails for disputes, not debugging, so an agent’s actions are reconstructable before anything reaches a regulator. Keep money movement and access changes off-limits to unsupervised agents until you have real observability and rollback. And if you have EU exposure, re-assess any system that gained agentic capability after its original conformity assessment.
The frameworks you learned are the foundation and not the ceiling. The people and the organizations who do well in the next two years will be the ones who can stand on this foundation and build the agentic layer on top of it.
