Final Theses

Digital Business, Digital Transformation, Service Engineering, Service Management

The Agentic AI Governance Cube: A Multi-Dimensional Framework for Designing Oversight Mechanisms Across Autonomy, Impact, and Task Complexity

Situation

Agentic AI systems — software that plans, decides, and acts across multiple steps with limited human supervision — are moving rapidly from experimental prototypes to core enterprise infrastructure. Unlike earlier generative AI tools, which primarily produced text or recommendations for a human to act on, agentic systems can themselves execute actions: committing financial transactions, modifying production systems, or pursuing open-ended goals over extended time horizons. This shift fundamentally changes the governance problem. Existing AI governance frameworks (e.g. the EU AI Act) classify risk largely by application sector, while early agent-specific efforts (Singapore's Model AI Governance Framework, OpenAI's practices paper, NIST's emerging agent-identity work) each address the issue from a different angle — oversight, traceability, identity, or reliability — without a unifying structure that practitioners can use to locate a given agentic system and derive the governance mechanisms it actually requires. Organizations deploying agentic AI today are largely improvising controls case by case, with fewer than 10% reporting a robust governance framework in place. This thesis addresses that gap by developing and validating a three-dimensional classification model — the "Agentic AI Governance Cube" — and deriving concrete governance mechanisms for its most relevant cells.

Objective of the Thesis

The thesis first requires a structured review of the agentic AI governance literature and adjacent fields (autonomous systems autonomy-levels research, IT risk classification, EU AI Act risk tiers) to consolidate the dimensions along which agentic systems are currently being differentiated. Building on this, the three governance-relevant dimensions — autonomy level (degree of human decision authority), impact/reversibility (consequence severity of erroneous action), and task complexity (planning horizon, from single-step to open-ended) — are operationalized into discrete categories, forming the cube. Empirical work (e.g. expert interviews, case analysis of real-world agentic deployments such as coding agents, customer-service agents, or autonomous finance agents) is then used to identify which cube cells are most densely populated in practice, and to derive and validate concrete governance mechanisms (e.g. checkpoint design, monitoring cadence, audit and rollback requirements, kill-switch criteria) tailored to each relevant cell.

Your Profile

You should 

  • have a basic knowledge of/strong interest in agentic AI and AI governance
  • have a strong interest in how autonomous AI systems impact organizational risk and IT management
  • have a basic understanding of qualitative research methods (interviews, case study analysis)
  • have scientific writing skills in English

We offer

  • Collaboration will take place in close supervision, with regular review meetings (biweekly), feedback sessions, etc.
  • Work can be started immediately.
  • Possibility of making a real impact through publishing in a scientific conference, on a topic at the very frontier of current AI governance debates.

If you are interested, please send an e-mail to leon.mueller@unisg.ch. I look forward to hearing from you!

Application

If you are eager to explore the topic, please submit to leon.mueller@unisg.ch:

  • Your CV: Detailing relevant experience, skills, and academic background.
  • Academic Transcripts: Providing records of your coursework and grades.
  • Proposed Timeline: An outline of your planned approach to the thesis and how you intend to manage your time throughout the project.

    Level stage

    Bachelor/Master
    north