Agentic AI systems — software that plans, decides, and acts across multiple steps with limited human supervision — are moving rapidly from experimental prototypes to core enterprise infrastructure. Unlike earlier generative AI tools, which primarily produced text or recommendations for a human to act on, agentic systems can themselves execute actions: committing financial transactions, modifying production systems, or pursuing open-ended goals over extended time horizons. This shift fundamentally changes the governance problem. Existing AI governance frameworks (e.g. the EU AI Act) classify risk largely by application sector, while early agent-specific efforts (Singapore's Model AI Governance Framework, OpenAI's practices paper, NIST's emerging agent-identity work) each address the issue from a different angle — oversight, traceability, identity, or reliability — without a unifying structure that practitioners can use to locate a given agentic system and derive the governance mechanisms it actually requires. Organizations deploying agentic AI today are largely improvising controls case by case, with fewer than 10% reporting a robust governance framework in place. This thesis addresses that gap by developing and validating a three-dimensional classification model — the "Agentic AI Governance Cube" — and deriving concrete governance mechanisms for its most relevant cells.
The thesis first requires a structured review of the agentic AI governance literature and adjacent fields (autonomous systems autonomy-levels research, IT risk classification, EU AI Act risk tiers) to consolidate the dimensions along which agentic systems are currently being differentiated. Building on this, the three governance-relevant dimensions — autonomy level (degree of human decision authority), impact/reversibility (consequence severity of erroneous action), and task complexity (planning horizon, from single-step to open-ended) — are operationalized into discrete categories, forming the cube. Empirical work (e.g. expert interviews, case analysis of real-world agentic deployments such as coding agents, customer-service agents, or autonomous finance agents) is then used to identify which cube cells are most densely populated in practice, and to derive and validate concrete governance mechanisms (e.g. checkpoint design, monitoring cadence, audit and rollback requirements, kill-switch criteria) tailored to each relevant cell.
You should
If you are interested, please send an e-mail to leon.mueller@unisg.ch. I look forward to hearing from you!
If you are eager to explore the topic, please submit to leon.mueller@unisg.ch: