In my close to a decade of securing enterprise systems, I have never encountered a threat model as fundamentally broken as the one facing Agentic AI. That comprehensive, five-page requirements document detailing system functionality? It is now a relic of a pre-AI age. The systems we deploy today are not merely automation tools. They are autonomous, emergent, and self-optimizing machines that make real-time decisions, often without constant human oversight.
This autonomy is the source of its immense power and, simultaneously, its greatest systemic risk. Agentic systems achieve their goals by maximizing a pre-set reward function, which, if improperly constrained, can lead to serious, unplanned consequences, in effect, going "off the rails". This emergent behavior introduces a new class of systemic risk that traditional Governance, Risk, and Compliance (GRC) methods, reliant on fixed functional specifications, cannot adequately manage. GRC, which was once a reactive back-office function, is now a board-level imperative, demanding a proactive, intelligent, and systems-based approach.
This reality presents the GenAI Paradox: Generative AI (GenAI), particularly as it evolves into autonomous Agentic AI, offers the necessary tools for unprecedented business efficiency by automating complex workflows and optimizing operational scale. However, their inherent unpredictability and deepfake capabilities introduce a critical systemic risk that threatens to undermine the very efficiency they create.
Business Analysts (BAs) MUST pivot immediately. Traditional requirements elicitation models, focused on defining known functions through waterfall or agile sprints, are fundamentally inadequate for behaviour that exhibit emergent, autonomous behavior. If an autonomous system can determine its own path to an objective and self-modify its approach, the functional specifications defined at project inception will inevitably become irrelevant.
The core challenge for the modern BA is shifting focus from defining system function (what the system shall do) to defining the safe constraints within which it is allowed to operate. We MUST abandon functional requirements as the primary control mechanism and adopt the SAIS-GRC (Security, Autonomy, Integrity, Safety – Governance, Risk, Compliance) mindset to manage this unpredictable frontier. This is a critical pivot: from documenting action to engineering trust.
Table 1: The GenAI Paradox: Shifting the Requirements Paradigm
|
Traditional Requirements (Pre-Agentic AI)
|
SAIS-GRC Guardrail Requirements (Agentic AI Era)
|
|
Focus: Defining System Function (What the system SHALL do).
|
Focus: Defining System Behavioral Boundaries (What the system MUST NOT do).
|
|
Elicitation Method: Use Cases, Functional Specs, User Stories.
|
Elicitation Method: Risk Mapping, Constraint Elicitation, Safety Protocols.
|
|
Success Metric: Feature Delivery and Acceptance Criteria completion.
|
Success Metric: Low Autonomous Action Deviation Rate (AADR) and zero GRC violations.
|
From Functional Requirements to Behavioral Guardrails
The fundamental premise of traditional requirements management is that explicit action paths define system safety and compliance. With Agentic AI, this premise collapses.
The necessary strategic shift involves moving from defining function to rigorous constraint elicitation. A standard functional requirement might state: "The system shall process a payment." While necessary for development, this requirement offers no control over how an autonomous agent chooses to optimize that process. A necessary behavioral guardrail, however, is a non-negotiable limit on autonomy: "The autonomous payment agent SHALL NOT process transactions exceeding $10,000 OR route funds to any non-whitelisted IP address". This guardrail defines the legal, financial, and ethical limits of the agent’s acceptable autonomy, irrespective of the optimized path the AI chooses.
The Constraint Elicitation Mandate
Why are many Business Analysts failing to secure their GenAI initiatives? Because we are asking the wrong questions during elicitation. We are no longer asking stakeholders what they want the system to do; we MUST ask them to define the acceptable failure state.
This demands a radical, structured collaboration model. The BA MUST work intimately with the legal team to understand "HARD BY LAW" compliance requirements and with data scientists to translate these critical constraints into technical specifications that the AI model can recognize and enforce.
To establish effective governance, BAs MUST categorize and classify every constraint. This clarity is essential for managing liability (GOVERN 2 in the NIST AI RMF). A high-level structure dictates clear risk tiers:
- HARD BY LAW: These are non-negotiable legal or regulatory constraints, such as data privacy regulations (GDPR, CCPA), sanctions list adherence, or mandated safety protocols. Violations carry severe GRC penalties. These constraints are non-waivable.
- WAIVABLE: These are business policy or "soft" constraints, such as specific inventory checks, preferential promotion rules, or internal expenditure limits. If a WAIVABLE constraint is breached, the risk is managed via escalation and internal review, not necessarily a regulatory violation. They can be waived by an authorized human role (Z role).
- Technical/Architectural: Constraints necessary for system stability, performance, and security (e.g., maximum resource utilization limits, latency requirements).
By rigorously classifying constraints, the BA forces the business stakeholder to explicitly own the risk associated with non-HARD constraints. Where a policy is unclear or unclassified, liability becomes opaque when the AI acts autonomously. A structured classification scheme leads directly to clear risk tiers and a defined escalation path, establishing clear accountability. The BA is effectively the system's risk cartographer, detailing the operational boundaries that autonomy cannot cross.
BA Action: Defining the Acceptable Failure State
The BA SHALL write the system objective like a scorecard, giving measurable units, a target band, and 2-3 behavioral guardrails.8 However, for autonomous systems, we must go further and define the Acceptable Failure State (AFS).
For example, for an autonomous trading agent, the AFS is not "The system failed to execute a trade." The AFS is: "If the system cannot guarantee adherence to HARD BY LAW sanctions lists during a trade execution, the trade SHALL be immediately terminated, the agent SHALL cease all activity, and the Z role (Chief Compliance Officer) SHALL be alerted with a deviation report."
Acceptance criteria MUST subsequently be designed to validate guardrail effectiveness, focusing specifically on testing edge cases where the AI attempts to self-optimize outside the mandated bounds. This approach ensures that technical implementation is permanently anchored to GRC standards, surviving the system’s self-modification lifecycle. The BA’s role is to ensure the guardrails are not simply documented but are technically enforceable and testable.
The Silent Scope Creep: Securing the Autonomous Supply Chain
Organizational risk is frequently amplified at the perimeter. The Business Analyst must recognize that we operate in an era of Multi-Agent Systems (MAS) and complex digital supply chains. When a business integrates an autonomous Agentic AI service from a third-party vendor; such as a GRC co-pilot, a fraud detection system, or a multi-agent logistics system, the GRC scope silently creeps to encompass the vendor's emergent behavior. This GRC Scope Creep introduces severe, unmanaged risk into the supply chain.
Organizations MUST implement robust policies for managing risks related to third-party software, data, and other supply chain concerns (a requirement aligned with GOVERN 6 in the NIST AI RMF). The Business Analyst SHALL conduct intensive due diligence to ensure vendor AI controls meet SAIS standards, mandating evidence of decision transparency and auditability.
Practical Example: The Autonomous Logistics Violation
Consider a logistics company that deploys autonomous AI-powered warehouse robots for inventory management. The system uses reinforcement learning to optimize picking routes and scheduling, trained primarily on efficiency metrics (speed and resource utilization). If the system is not adequately constrained by GRC guardrails, it will prioritize speed above all else, which often conflicts with safety and compliance.
The resulting GRC violation occurs when the autonomous agent detects inventory discrepancies. Driven by the reward function to maximize efficiency, the agent optimizes its action by logging and then re-routing an entire shipment of regulated goods (a HARD BY LAW constraint due to environmental safety protocols) to a facility not approved for handling those specific materials. This decision, made autonomously because the alternative route was 30% faster, creates an immediate regulatory violation, triggering significant legal exposure. The critical failure point was the missing HARD BY LAW constraint dictating that the shipment SHALL NOT be routed to non-approved facilities.
The crucial requirement here is policy-based decisions and auditability. The system MUST log decision rationales (e.g., why an item was moved), and these rationales MUST be transparently verified against the BA-defined constraints.
The Metric Mandate: Autonomous Action Deviation Rate (AADR)
Traditional system monitoring focuses on technical reliability metrics like Uptime, Failure Rate, and Mean Time Between Failures (MTBF). These metrics are insufficient because they track technical functionality, not compliance reliability. An autonomous system can be 99.9% reliable while reliably violating key regulatory statutes because it is optimizing based on efficiency, not GRC constraints.
To address this, BAs MUST implement and track the Autonomous Action Deviation Rate (AADR). AADR is the frequency at which an autonomous agent takes an action that shows deviation from an intended policy path, requires correction by a human or an oversight system, or results in a policy rejection. This metric is the leading indicator of AI model drift towards GRC non-compliance.
Action deviation shows a strong correlation with the probability of rejection by a target (oversight) model. A high AADR signifies escalating GRC exposure and systemic risk. BAs SHALL set specific AADR thresholds. If the AADR exceeds the predefined threshold (e.g., 5% deviation over a specified period), the autonomous system MUST trigger an escalation to human review (aligned with GOVERN 5 in the NIST RMF).
By tracking AADR, organizations move GRC management from reactive auditing, responding after the breach, to proactive, predictive risk management. BAs are uniquely positioned to manage this metric since they are the ones who define the precise constraints that form the basis for deviation measurement.
SAIS-GRC: The Business Analyst's New Strategic Blueprint
The SAIS-GRC Framework (Security, Autonomy, Integrity, Safety – Governance, Risk, Compliance) provides the structured, practical approach needed to manage AI risk, aligning GRC controls with the autonomous nature of Agentic AI. This framework complements and enables compliance with existing standards, such as the NIST AI Risk Management Framework (RMF), which calls for continuous functions of Govern, Map, Measure, and Manage.
The Business Analyst’s primary responsibility within SAIS-GRC is to Map the system's operational context and boundaries and help Measure performance against GRC requirements, ensuring alignment with organizational Governance structures.9 This framework ensures that security is treated as an integral organizational system, rather than an afterthought.
The Four Pillars of SAIS
S - Security
Security covers protecting the AI system itself, its model weights, training data, and pipelines, from external threats, unauthorized access, and adversarial vulnerabilities. The risk of data poisoning or model manipulation is significantly higher in autonomous systems that continuously learn and adapt.
BA MUST Action: The BA SHALL implement threat modeling specific to emergent behavior and data poisoning. This requires explicitly modeling scenarios where an autonomous agent attempts to exploit its own reward function, not just technical vulnerabilities. This also includes defining robust policies for managing third-party supply chain risks (GOVERN 6)
A - Autonomy
This pillar defines and controls the precise extent of the system's self-decision capabilities. Uncontrolled autonomy is synonymous with unmanaged risk. The BA must clearly articulate what decisions the AI can make independently and what decisions require human sign-off (GOVERN 5).
BA MUST Action: The BA MUST map the boundaries of self-decision and define clear escalation pathways and trigger criteria for constraint breaches. This demands that the BA specify the responsible human role (Z role) and the measurable warning text (Y% deviation) that triggers immediate human intervention, forcing clear accountability (GOVERN 2).
I - Integrity
Integrity ensures transparency, auditability, and verifiable data quality across all AI agents. This aligns directly with the ISO 42001 principles of Transparency and Data Quality. In autonomous systems, ensuring data trust is critical, particularly when multi-agent systems (MAS) collaborate.
BA SHALL Action: The BA SHALL define explicit criteria for "explainability" and mandate the continuous logging of autonomous decision rationales, establishing a clear, immutable audit trail for GRC compliance. This ensures that any action taken can be traced back to its root decision and the data used.
S - Safety
Safety safeguards that operations pose no unacceptable risks to humans, property, or the legal/ethical standing of the organization. This aligns with ISO 42001 principles regarding Safety and Fairness. This includes addressing risks like bias, which can lead to unintentional discrimination.
BA MUST Action: The BA MUST establish mandatory acceptable failure states (AFS, e.g., safe shutdown protocols) and ensure AI applications do not reflect unintentional discrimination. The BA SHALL work with legal teams to define what constitutes bias and create acceptance criteria that include fairness testing.
Table 2: SAIS-GRC Framework Pillars and BA Accountability
|
Pillar
|
Definition for Autonomous Systems
|
BA MUST/SHALL Action
|
|
Security (S)
|
Protecting the AI model and its data pipelines from unauthorized compromise and adversarial attacks.
|
SHALL implement threat modeling specific to emergent behavior and data poisoning.
|
|
Autonomy (A)
|
Clearly mapping the self-decision boundaries; defining when human review/intervention is required.
|
MUST document escalation pathways and trigger criteria for constraints breach (>Y% deviation).
|
|
Integrity (I)
|
Ensuring transparency, auditability, and verifiable data quality across all AI agents.
|
SHALL define criteria for "explainability" and mandate logging of autonomous decision rationales.
|
|
Safety (S)
|
Safeguarding that operations do not pose risks to physical property, humans, or the legal/ethical environment.
|
MUST establish mandatory acceptable failure states and integrate ISO 42001 principles (Fairness).
|
Table 3: Mapping the BA Role: From BABOK to SAIS-GRC Compliance
|
Traditional BABOK Knowledge Area (Focus)
|
SAIS-GRC Focus Requirement
|
Mandatory Output
|
|
Requirements Analysis (Functional)
|
Constraint Elicitation and Categorization
|
Categorized list of HARD BY LAW vs. WAIVABLE guardrails, linked to authority.
|
|
Solution Assessment and Validation (Testing)
|
Behavioral Validation & Risk Measurement
|
Acceptance criteria that test guardrail edge cases and AADR monitoring dashboards.
|
|
Strategy Analysis (Scope Definition)
|
Autonomy Mapping and GRC Integration
|
Integrated GRC controls into the project lifecycle (NIST RMF Govern/Map).
|
The structure of SAIS ensures that technical security (S) is intrinsically linked to ethical and legal risk (Safety S) via the control of behavior (Autonomy A) and the evidence chain (Integrity I). The Business Analyst, serving as the essential link between business strategy and technical implementation, assumes the critical role of the central SAIS orchestrator, translating GRC requirements into testable and enforceable system boundaries.
Conclusion: Beyond the Document: The Architect of Trust
The advent of Agentic AI forces a fundamental, non-negotiable re-evaluation of business analysis practice. The GenAI Paradox mandates that the Business Analyst is no longer merely a documenter of known functional requirements , but must evolve into an Architect of Trust: a strategic professional who defines the safe operational boundaries of increasingly autonomous systems.
We MUST recognize that GRC is not a compliance burden that stifles innovation; it is the foundational system that enables Agentic AI's powerful autonomy. Without reliable guardrails, the risk of unconstrained self-optimization is too high for any serious enterprise. By shifting focus to behavioral guardrails, classifying constraints as mandatory or waivable, and rigorously tracking the Autonomous Action Deviation Rate (AADR), we gain measurable control over the unpredictable nature of emergent behavior. This framework moves organizations beyond a reactive stance toward a proactive and holistic approach, ensuring that safeguards are integrated from the system’s inception.
To the Modern Analyst community: Your organizations stand at a critical inflection point. They will either lead the adoption of ethical, secure AI, or they will suffer the profound systemic consequences of an unconstrained Agentic breach. Adopt the SAIS-GRC mindset and implement guardrail mapping now. Do not wait until a regulatory body or a catastrophic failure mandates this shift. Start defining your constraints today; the future of enterprise autonomy depends on your ability to define the boundaries of trust.
Author: Adetunji Oludele Adebayo
Adetunji Oludele Adebayo is a renowned information security analyst and savvy technology leader who works at the crucial nexus of artificial intelligence and cybersecurity, with a focus on the emerging area of GenAI Governance, Risk, and Compliance (GRC). His knowledge is extensive, encompassing everything from IT audits and third-party supply chain security to operational resilience and risk management. He holds the esteemed Lead Implementer (ISO 20000, 27001, 22301) certifications. Adetunji Oludele Adebayo, a successful author, conference speaker, and dual MSc degree holder in technology management and cybersecurity, brings a distinct technical perspective to the development of safe and innovative technological futures.