Enterprise Agentic AI Lifecycle Governance: A Control-Driven Framework from Design to Decommissioning
DOI:
https://doi.org/10.63282/3050-9262.IJAIDSML-V7I2P103Keywords:
Agentic AI, AI Governance, Risk Management, Autonomous Systems, Lifecycle Management, AI SecurityAbstract
Agentic Artificial Intelligence (AI) systems, characterized by autonomous multi-step planning and execution capabilities, are increasingly transforming enterprise operations. However, their autonomy introduces novel risks related to security, compliance, and operational control that are not fully addressed by existing AI governance frameworks [1], [4]. This paper proposes a control-driven lifecycle governance framework tailored for agentic AI systems, spanning planning, design, development, deployment, monitoring, and decommissioning. The framework integrates inherent risk assessment, risk tiering, and continuous control validation aligned with established standards such as the NIST AI Risk Management Framework [1]. It further incorporates agent-specific threat modeling approaches, including MITRE ATLAS [2] and MAESTRO [3], to address emerging adversarial risks. A case study demonstrates how the framework enables organizations to operationalize agentic AI systems in a secure, controlled, and compliant manner.
References
[1] NIST, “AI Risk Management Framework (AI RMF 1.0),” 2023.
[2] MITRE, “Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS),” 2024.
[3] Cloud Security Alliance, “MAESTRO: Agentic AI Threat Modeling Framework,” 2025.
[4] ISO/IEC, “ISO/IEC 27001: Information Security Management Systems,” 2022.
[5] NIST, “Security and Privacy Controls for Information Systems and Organizations (SP 800-53),” 2020.
[6] Cyber Security Agency of Singapore (CSA), “Draft Addendum on Securing Agentic AI,” 2024.
[7] NVIDIA, “Agentic Autonomy Levels and Security,” 2024.
[8] HiveMQ, “Establishing Governance Frameworks for Agentic AI in Industrial Operations,” 2024.
[9] OWASP, “Top 10 for Agentic Applications,” 2026 (Draft).
[10] DAMA International, “Data Management Body of Knowledge (DMBOK),” 2017.
[11] Federal Reserve System, “Supervisory Guidance on Model Risk Management (SR 11-7),” 2011.
[12] Simon Willison, “The Lethal Trifecta,” 2025.
[13] Palo Alto Networks, “What is Agentic AI Governance,” Cyberpedia.
[14] C. Prakash, M. Lind, and A. Sisodia, "Agentic AI Governance and Lifecycle Management in Healthcare," arXiv preprint arXiv:2601.15630v1 [cs.AI], Jan. 22, 2026.
[15] Checkmarx, "SCA vs. SAST vs. DAST," Checkmarx Learning Center, 2026.
[16] Promptfoo, "AI Red Teaming," Promptfoo Documentation, 2026.
