I am sure everyone has heard the term “AI agent” enough times lately to be at least mildly tired of it, right up there with hearing about Dubai chocolate. But behind the buzzword is a real shift in how organizations are beginning to use AI, and it was a major focus at the IAPP 2026 Global Summit.
AI agents are systems designed not just to generate information, but to plan, adapt, and take action across one or more systems based on objectives set by humans. In other words, instead of simply telling you something, these systems are increasingly being designed to do something. That distinction matters, especially as organizations move AI from experimentation into production environments.
One of the most important action items is the need to move from high level AI guidelines to concrete guardrails. Guardrails are the technical, organizational, and governance controls that define what an AI agent can access, what actions it is authorized to take, and when human involvement is required. Without guardrails, agentic AI can create real risk, including unauthorized access to systems, unintended downstream actions, privacy and consent issues, and challenges in assigning accountability when something goes wrong.
Effective guardrails start with a clear understanding of an AI agent’s access, including the data it can read, the systems it can interact with, and whether it can initiate actions such as creating tickets, modifying records, or triggering customer communications. However, access controls are only part of the equation. Organizations need to layer these guardrails onto traditional identity and access management controls, consent capture, and human in the loop processes remain essential, particularly for high impact or irreversible actions.
As agentic AI continues to mature, organizations that treat these systems like active operators rather than passive tools, and that invest early in guardrails, monitoring, and documentation, will be better positioned to deploy them responsibly and at scale. The legal and governance architecture required to do that is neither simple nor one-size-fits-all, and getting it right requires both technical fluency and legal judgment working together.
AssociateAlec E. Turung is an associate in the Intellectual Property practice group. Mr. Turung has experience in various areas of intellectual property, including U.S. and PCT patent prosecution, U.S. patent reexamination, U.S. patent ...