“Scaling agentic AI is primarily an operating model challenge, not a technology challenge”— Nitin Mehta, EY

Nitin Mehta, Partner – Consulting and Digital Risk Leader, EY explains why enterprises are shifting from copilots to agentic AI, highlighting governance, security, accountability, and risk frameworks needed to scale autonomous systems responsibly.

The enterprise industry is rapidly shifting from generative assistance to autonomous execution. What began as productivity enhancement through copilots is now evolving into agentic systems capable of orchestrating workflows, making decisions, and acting across enterprise environments. This transition is not merely technological, it represents a fundamental rethinking of operating models, governance structures, and accountability frameworks, particularly as organisations confront rising cost pressures, competitive intensity, and the need for always-on operations.

In this interaction, Nitin Mehta, Partner – Consulting and Digital Risk Leader at EY, highlights how Indian enterprises are navigating this shift from augmentation to delegation. He examines where agentic adoption is accelerating across functions, the hidden operational costs of managing autonomous systems, and the governance frameworks required to ensure control, auditability, and resilience.

CIO&Leader: How does EY distinguish between the “Copilot era” (generative assistance) and the “Agentic era” (autonomous execution), and what specific triggers are driving Indian enterprises to make this jump now? 

Nitin Mehta: The Copilot era is fundamentally about augmentation: AI supports individuals to draft, summarise, code, analyse and retrieve information, while humans still initiate actions and remain accountable for outcomes. The Agentic era represents a move to delegation: AI systems can plan tasks, invoke tools, orchestrate across platforms (for example ITSM, ERP and CRM), and execute multi-step workflows with bounded autonomy—operating within defined policies and producing an auditable record of decisions and actions. 

The Agentic era represents a move to delegation: AI systems can plan tasks, invoke tools, orchestrate across platforms and execute multi-step workflows with bounded autonomy.

Indian enterprises are accelerating this shift for a set of converging factors that are increasingly visible at the executive and board agenda: 

• sustained cost and service-level pressure in shared services and operations;  

• maturity of cloud platforms, APIs and automation foundations (RPA, DevOps, ITSM) that agents can now “plug into”;  

• sharper competitive cycles in digital channels where speed-to-execution is a differentiator; and  

• leadership appetite to move from pilots to measurable outcomes—cycle-time reduction, fewer handoffs, and always-on operations.  

In practical terms, the shift is from using AI as an individual productivity enhancer to enabling AI to complete well-bounded activities end-to-end, with human oversight focused on exceptions. This requires explicit decision rights: what the agent may do autonomously, what requires pre-approval, and what must be escalated. 

CIO&Leader: Aside from coding, which enterprise functions are seeing the most aggressive adoption of agentic workflows, and where is the “risk-to-reward” ratio currently most favourable? 

Nitin Mehta: Beyond software engineering, the most rapid adoption is emerging in functions characterised by high transaction volumes, repeatable decision patterns, and strong digital traceability. The underlying differentiator is that agents can combine judgement with execution—progressing from generating content to initiating and completing controlled actions across enterprise systems. Early adoption is most evident in: 

• IT operations & service management (incident triage, runbook execution, patch orchestration, change validation). 

• Customer operations (case summarisation, resolution playbooks, next-best-action, proactive outreach with approvals). 

• Finance shared services (invoice exception handling, reconciliations, collections workflows, close support). 

• Procurement & vendor management (RFx drafting, compliance checks, contract clause review, supplier queries). 

• Risk & compliance operations (control testing support, evidence gathering, policy mapping, continuous monitoring signals). 

At present, the most favourable risk-to-reward profile is typically found in internal, well-instrumented workflows where data remains controlled, operating boundaries are clear, and actions are reversible—such as ticketing, knowledge-base maintenance, report generation, reconciliation, evidence gathering, and runbook-driven operations. A pragmatic scaling approach is to introduce autonomy progressively: begin with “read + recommend,” move to “recommend + execute with approvals,” and only then extend to straight-through execution. Conversely, use cases such as autonomous customer communications, pricing decisions, and credit outcomes can carry materially higher conduct, regulatory, and reputational risk unless guardrails, approval pathways and monitoring are already mature. 

CIO&Leader: Organizations often cite productivity, but what are the hidden operational costs of managing a fleet of autonomous agents that leaders often overlook? 

Nitin Mehta: While productivity uplift is often the headline benefit, leaders frequently underestimate the operational effort required to run an “agent workforce” at scale. In practice, this resembles establishing a new digital operating capability—supported by controls, monitoring, resilience and continuous improvement—rather than maintaining a conventional software application. Commonly overlooked cost drivers include: 

• Identity, access and credential hygiene: issuing least-privilege roles, rotation, secrets management, and continuous entitlement reviews. 

• Observability and auditability: storing agent logs, decisions, tool calls, prompts, and evidence trails—plus analytics to detect abnormal behaviour. 

• Change management for prompts, policies and tools: versioning “agent instructions,” testing in sandboxes, and controlled promotion to production. 

• Data readiness and knowledge curation: keeping SOPs, runbooks and knowledge bases current so agents don’t automate yesterday’s process. 

• Model and vendor lifecycle: monitoring performance drift, cost drift (token/compute), outages, and third-party dependency risk. 

• Human supervision and exception handling: analysts and SMEs spending time on escalations, approvals, and post-incident reviews. 

Bottom line: agentic AI delivers sustainable value when it is run as a managed enterprise capability—with clear accountability, service levels, control design, and a product-style roadmap—rather than as a collection of disconnected pilots. Organisations that invest early in “run” disciplines (monitoring, incident playbooks, change governance and cost management) typically scale faster and with fewer operational surprises than those focused primarily on initial build. 

CIO&Leader: In traditional software, we worry about bugs; in Agentic AI, we worry about “agentic drift”—where an agent takes an unpredictable path to a goal. How do you build a governance framework that monitors intent and pathway rather than just output? 

Nitin Mehta: In agentic systems, governance cannot rely on final-output review alone. What is required is behaviour assurance: the ability to demonstrate that the agent remained within its mandate and followed an acceptable route to the outcome. Leading frameworks therefore monitor three dimensions—what the agent is attempting to achieve, how it is pursuing the objective, and what it ultimately changed in the environment: 

• Intent: what the agent is authorised to achieve (scope, objectives, prohibited actions) expressed as machine-enforceable policies. 

• Pathway: how the agent is pursuing the goal (plans, tool choices, data sources used, escalation decisions, retries). 

• Impact: what changed in the real world (transactions, records updated, infrastructure changes, customer communications). 

In operational terms, this is typically implemented through controls such as: 

• policy-as-code guardrails (allowed tools/actions, spend limits, data boundaries);  

• step-up approvals for high-risk actions (e.g., “write” to production, external communications, financial postings);  

• continuous pathway monitoring (loops, unusual tool sequences, out-of-hours privileged actions, excessive retries); and  

• traceability—a defensible record of what the agent observed, the plan it formed, the tools it used, and the outcome. When these are in place, autonomy becomes a controllable spectrum rather than a binary on/off decision. 

CIO&Leader: If an autonomous infrastructure agent makes a logic error that leads to a significant system outage, where does the legal and operational liability sit in a post-copilot world? 

Nitin Mehta: In a post-copilot environment, “the agent did it” is not a defensible accountability position. In most operating models, responsibility rests with the enterprise that deployed the agent and defined its permissions—alongside any vendor and service-provider obligations established contractually. For this reason, autonomous agents should be treated as production-grade automation, governed with the same rigour applied to other high-impact change and execution mechanisms. 

In a post-copilot environment, ‘the agent did it’ is not a defensible accountability position.

Practically, leading organisations make accountability unambiguous through:  

• an explicit RACI per agent (business owner, technical owner, risk/control owner);  

• change-management alignment (approvals, segregation of duties, rollback and post-change validation);  

• vendor and model risk controls (SLAs, incident response obligations, audit rights, and clarity on shared responsibility); and  

• post-incident forensics (immutable logs of what the agent observed, decided and executed). The goal is not to eliminate error—humans and systems both fail—but to ensure you can detect, contain, explain, and remediate quickly. 

CIO&Leader: As agents gain “write” access to databases and infrastructure, they become high-value targets. What are the non-negotiable security guardrails for an agentic system? 

Nitin Mehta: As agents obtain “write” access to enterprise systems, security must prioritise impact of compromise—not only the risk of incorrect outputs. The minimum baseline should mirror privileged human access controls, implemented in ways that are automated, testable and continuously monitored: 

• Least privilege by design: separate identities per agent, scoped roles, and time-bound elevation for sensitive actions. 

• Strong secrets management: no hard-coded credentials; rotate keys; isolate tokens; use managed vaults. 

• Tool allowlists and action controls: agents can only call approved APIs/tools; enforce transaction limits, rate limits, and approval gates for high-impact changes. 

• Network and environment isolation: sandbox testing, segmented production access, and controlled egress to external sites/services. 

• Prompt and data protection: prevent prompt injection, restrict untrusted content, and enforce data boundaries (PII, confidential, regulated data). 

• Continuous monitoring: anomaly detection for unusual actions, excessive retries, and privilege misuse; integrate with SOC workflows. 

• Human-approved “break-glass” and rollback: safe stop, kill-switch, and automated rollback paths for critical operations. 

A useful framing is to treat any powerful agent as a privileged identity that operates continuously. If an always-on administrator account would be unacceptable without strong controls, the same standard should apply to agents: enforce least privilege, make actions fully auditable, and design for rapid containment and rollback from day one. 

CIO&Leader: How should enterprises design “human-in-the-loop” checkpoints without bottlenecking the very speed and autonomy that make agents valuable? 

Nitin Mehta: The objective is to move from ‘human reviews everything’ to risk-based supervision. Speed is preserved by defining which activities can execute straight-through and which require checkpoints based on impact, uncertainty and control maturity. Effective designs typically anchor oversight around: 

• Impact thresholds: automatic execution for low-impact actions; approvals only when cost, customer impact, data sensitivity, or production change risk crosses a threshold. 

• Exception handling: let agents run the “happy path,” and escalate only when confidence is low, data is missing, or outcomes deviate from expected ranges. 

• Sampling and post-review: for moderate risk, execute and then audit a sample with rapid rollback capability. 

• Tiered approvals: operational approvals for routine changes; specialist approvals (security/risk/legal) only for defined categories. 

When designed well, oversight does not become an approvals bottleneck. Instead, it operates as a structured control function: clear decision rules, automated routing, and human intervention only when warranted. In practice, combining “confidence” and “impact” scoring helps make escalation thresholds predictable, consistent and explainable. 

CIO&Leader: Many see risk management as a “handbrake” on innovation. How can a robust risk framework actually accelerate the deployment of Agentic AI by building board-level confidence? 

Nitin Mehta: At EY, Technology Risk Consulting helps organizations embed trust and resilience into every business transformation. In this age of increasing regulatory complexity, cost pressures and evolving emerging tech landscape, we proactively manage technology risks and support our clients in navigating complex environments with confidence. 

The Responsible AI framework developed by EY enables clients to mitigate AI risks while complying with emerging AI regulations. It can evaluate AI risks and build controls across seven trust attributes and four risk categories. 

Risk management is sometimes perceived as a constraint, yet a robust framework can materially accelerate deployment by reducing ambiguity and enabling consistent decision-making. Boards and executive committees tend to slow AI programmes when three questions cannot be answered with confidence: “Is it safe?”, “Is it compliant?”, and “Who is accountable for the outcome?” A robust framework makes answers to these questions repeatable—so every new use case doesn’t restart the debate from scratch. 

In practice, the accelerators we see working are:  

• a standardised use-case intake (data classification, impact assessment, control requirements);  

• pre-approved patterns (e.g., internal summarisation with no write access; controlled agents with approval gates) that teams can deploy quickly;  

• control libraries for permissions, monitoring, and human oversight; and  

• transparent reporting—KPIs for value and KRIs for risk.  

The outcome is improved time-to-production because leadership can see autonomy being introduced in a controlled, measurable and auditable manner. 

CIO&Leader: Given the evolving global AI regulations (like the EU AI Act), how should Indian enterprises future-proof their agentic deployments against upcoming compliance requirements? 

Nitin Mehta: To future-proof agentic deployments, organisations should align to the direction of travel across major regulatory regimes: increased transparency, stronger governance, tighter data protection, and demonstrable human oversight—particularly for higher-risk use cases. For Indian enterprises, a practical approach is to establish a robust baseline early and apply it consistently across business units and geographies, rather than retrofitting controls market by market. Key steps include:  

• Classifying use cases by risk (customer impact, regulated decisions, safety, critical infrastructure) and applying proportional controls. 

• Building audit-ready documentation: purpose, data sources, limitations, testing results, and change history for each agent. 

• Ensuring traceability: logs of agent actions, approvals, and material decisions, with retention aligned to regulatory and business needs. 

• Data governance alignment: data minimisation, consent and privacy controls, cross-border data handling checks, and secure storage. 

• Vendor and model governance: due diligence, contractual controls, and ongoing monitoring of third-party model updates. 

For global-facing businesses—especially those serving EU customers or operating through EU entities—the practical aim is to evidence that autonomy is controlled: you can explain what the agent is allowed to do, show how it is monitored, and demonstrate how humans intervene for higher-risk decisions. Even where laws differ by market, expectations are fairly consistent—and building these guardrails early avoids expensive rework later. 

CIO&Leader: What new competencies does a Risk or IT team need to develop to effectively audit a black-box autonomous system? 

Nitin Mehta: Auditing agentic AI is less about reviewing code line-by-line and more about validating controls, behaviours and evidencing. In practice, effective assurance requires teams to understand how the agent is designed, what it is permitted to do, how it makes decisions, and how those decisions can be reconstructed after the fact. The most common capability areas to strengthen include: 

• Agent architecture literacy: understanding tools, permissions, memory, orchestration, and where decisions are made. 

• Model risk management: performance testing, bias/robustness checks, drift monitoring, and third-party model governance. 

• Prompt/policy governance: version control, testing, approvals, and segregation of duties for “agent instructions.” 

• Security for autonomous actions: identity, secrets, threat modelling (including prompt injection), and abuse-case testing. 

• Observability: interpreting logs, reconstructing decision pathways, and verifying that actions matched authorisation. 

• Control design for humans-in-the-loop: when to gate, when to sample, and how to evidence oversight. 

Many organisations are formalising these capabilities into defined roles—AI product owners, agent supervisors and control owners—so accountability sits with the teams that operate and manage the agents day-to-day, not only with periodic review forums. This often becomes a decisive factor in whether pilots translate into scaled, repeatable value. 

CIO&Leader: What is the one “hard truth” about Agentic AI that enterprise leaders need to hear before they scale these systems across their organizations in 2026? 

Nitin Mehta: The hard truth is that scaling agentic AI is primarily an operating model challenge, not a technology challenge. If autonomy expands faster than governance, organisations eventually encounter a preventable incident—an unauthorised change, a data exposure, a compliance breach, or a customer-impacting action that cannot be fully explained after the fact. 

Leaders that scale responsibly treat agents as a new class of enterprise capability: they invest early in ownership, control design, monitoring, incident response and continuous improvement. In 2026, outperformers are likely to be those that can increase autonomy at pace while maintaining transparency, accountability and control.