Minimal Viable Trust for Agentic AI

The session on "Governing Autonomy: Agentic AI, Multi-Agent Systems, and the Infrastructure of Trust" at the India AI Impact Summit 2026, organised by Cognizant's Responsible AI Office and AI Lab, assembled a panel that spanned the full landscape of agentic AI governance: Ellie Sakhaee of Google on frontier AI policy, Alpesh Shah of IEEE Standards Association on certification and standards development, Apoorva Goyal of Insight Partners on venture capital evaluation of AI companies, Praveen Tanguturi of Cognizant AI Lab on multi-agent system architecture, and Amir Banifatemi of Cognizant as co-moderator.

The session opened with a question to the audience: how many of you have built or played with an AI agent? Most hands went up. How many of you are scared of what agents might do? Roughly 5% to 10%. The gap between engagement and concern captures the current moment precisely. The technology is moving into production faster than the governance infrastructure needed to support it. The question is not whether governance is necessary. The question is what governance for agentic AI actually looks like in practice, and when it needs to be in place.

The Continuum of Autonomy

Ellie Sakhaee of Google framed the landscape by rejecting the binary classification of agentic versus non-agentic AI. Agent systems, she argued, exist on a continuum of autonomy across multiple dimensions: memory, planning horizons, execution capability, and the degree of independent action. At one end, a research assistant who gathers information and presents results has some agentic features but takes no action. At the other end, autonomous vehicles operate end-to-end in the physical world with full decision-making authority.

This continuum framing matters because it determines how governance should be structured. A system that retrieves information requires different oversight than one that executes transactions, which requires different oversight again from one that coordinates with other autonomous agents to achieve complex objectives. The governance challenge scales not linearly but exponentially as systems move along the continuum, because multi-agent interactions introduce emergent behaviours that no individual agent was designed to produce.

The session's discussion of runtime governance, raised early by a panellist working on foundational infrastructure for agent-to-agent interaction, captured this point directly. Traditional governance models evolved from machine-to-machine interaction, then adapted for SaaS and cloud architectures, then for microservices. Each transition assumed that governance could be addressed after the system reached scale. With autonomous agents, particularly multi-agent systems where agents collaborate, delegate, and negotiate across organisational boundaries, governance cannot be retrofitted. It must operate at runtime, continuously, as a control plane parallel to the data plane of innovation. The analogy to India's digital public infrastructure was explicit: when Aadhaar and UPI were built, the government standardised the interfaces while allowing open innovation on top. The same architectural principle applies to agentic AI. The interfaces, the trust primitives, and the identity and accountability mechanisms need to be foundational, not afterthoughts.

The 5-Layer Governance Stack

Apoorva Goyal of Insight Partners provided the most operationally specific framework of the session. His firm evaluates AI companies through what he described as a 5-layer governance stack:

The first layer is build time: how the company architects around data governance, model versioning, and the foundational decisions that determine what the system can and cannot do. The second is deploy time: policy tracking, permissioning, and secrets management as the system moves from development to production. The third is runtime: real-time observability, monitoring, and the ability to intervene, including kill switches when systems behave outside expected parameters. The fourth is remediation: audit trails, incident response architecture, and the ability to conduct rigorous post-mortems when things go wrong. The fifth is accountability: reporting structures, compliance mapping, and organisational clarity about who is responsible for what.

Goyal's assessment of how this stack functions in practice was direct. The best AI-native teams today have embedded governance so deeply that it operates as part of their weekly cadence. Evaluation reviews happen on a regular cycle. Red teaming is systematic. Post-mortems when systems underperform are structured and thorough. Governance, in his framing, has become equivalent to security: not a separate function but an integrated discipline that determines whether the product can be sold.

The market evidence supports this. Goyal noted that enterprise procurement conversations now lead with governance questions before technical evaluation begins. Organisations will invest significant resources in verifying auditability, traceability, data handling practices, and override mechanisms before committing to contracts. The cost of agentic AI failing in production is high enough that procurement teams treat governance verification as a prerequisite rather than a due diligence formality.

This dynamic inverts the conventional startup assumption that governance is something you add after achieving product-market fit. In the agentic AI market, governance is a precondition for product-market fit. Companies that cannot demonstrate it do not get past the procurement stage.

Minimal Viable Trust

For startups without the resources to implement comprehensive governance from day one, Goyal offered a pragmatic floor: minimal viable trust. Four requirements that any agentic AI company must meet before going to production.

First, a clearly defined agent identity registry: what is this agent, what is it supposed to do, where did it come from, and what data was it trained on. Second, guardrails at the orchestration layer: the mechanisms that constrain what agents can do and how they interact with each other and with external systems. Third, real-time observability architecture: the ability to see what the system is doing at any point, including internal agent-to-agent communication, token usage, cost, and decision paths. Fourth, defined oversight mechanisms: clarity about who monitors the system, who can intervene, and under what conditions intervention is triggered.

Goyal's position was unequivocal: without these four elements, an agentic AI system should not be in production. The four requirements are not expensive to implement. They are architectural decisions that need to be made at founding, not capabilities to be added at scale. As the company grows, compliance, certification, and more sophisticated governance layers build on this foundation. But the foundation must be there from the start.

This concept of minimal viable trust resonated across the panel. Alpesh Shah of IEEE Standards Association connected it to the economics of startup entry: if the required standards and governance primitives were integrated into development frameworks from the outset, startups would not face the choice between moving fast and being trustworthy. The cost of governance would be reduced by embedding it in the tooling rather than requiring each company to build it independently. This approach also gives regulators something concrete to measure against, which is essential given that it is difficult to hold companies accountable when the standards they are being measured against are unclear.

From Human-in-the-Loop to Human-in-Command

Ellie Sakhaee drew a parallel to aviation that clarified the progression model for agentic AI oversight. In drone regulation, the US Federal Aviation Administration originally required VLOS, visual line of sight, meaning a pilot must maintain direct visual contact with the drone at all times. This is analogous to human-in-the-loop in AI: a human approves every step, every action, every decision.

As AI-based detect-and-avoid systems demonstrated safety performance exceeding what human visual monitoring could achieve, the regulatory framework began shifting to BVLOS, beyond visual line of sight. The human is still in command, still accountable, still able to intervene. But the human is no longer in the loop of every operational decision. The system has earned, through demonstrated reliability, a degree of operational autonomy.

The parallel to agentic AI governance is precise. Human-in-the-loop, where every agent action requires human approval, fundamentally limits the utility of autonomous systems. As agents demonstrate reliability through structured evaluation, the appropriate governance model shifts to human-in-command: the human sets objectives, defines boundaries, monitors performance, and retains the authority to intervene, but does not approve each action. The transition is conditional on evidence of system reliability, not on a predetermined timeline.

Sakhaee was careful to note that this transition is not appropriate today for most agentic AI deployments. The current state of the technology requires human-in-the-loop for most production use cases. The point is that governance frameworks should be designed to accommodate the progression from loop to command as the evidence warrants, rather than locking permanently into one model or the other.

Multi-Agent Complexity and Federated Trust

The panel addressed a dimension of agentic AI governance that most discussions omit: what happens when agents from different providers, built on different models, interact in a multi-agent system.

Single-model, single-agent systems are relatively straightforward to monitor. The telemetry is contained. The decision paths are traceable. Verification of outputs against expected behaviour is achievable with established methods. Multi-agent systems operating across different LLM providers introduce a qualitatively different challenge. Each provider asserts the trustworthiness of their own model. But when agents from different systems collaborate, delegate tasks to each other, and produce composite outputs, the trust chain becomes distributed. No single party can verify the end-to-end integrity of the system.

The proposed solution, discussed by multiple panellists, is federated trust: governance primitives that operate across organisational and model boundaries, allowing verification and accountability without requiring centralised control. The comparison to the early internet's architecture was deliberate. The internet succeeded because foundational problems, identity, discovery, routing, were solved at the infrastructure layer through open, federated protocols. The same approach is needed for the internet of AI agents: trust primitives that are open, interoperable, and not owned by any single player.

Goyal reinforced this from the investment perspective: the collective learning infrastructure for agentic AI is underdeveloped. Startups learn from each other in conversation, but there are no global platforms for sharing anonymised audit trails, failure patterns, or system behaviour at scale. A shared infrastructure for learning from failures, analogous to aviation's incident reporting systems, would accelerate the maturation of the entire ecosystem.

How Mitochondria Builds on This Foundation

The governance stack that the session described, the minimal viable trust requirements, the progression from human-in-the-loop to human-in-command, and the emphasis on runtime rather than retrospective governance, map directly to how ATP is architected and deployed.

Every layer of Goyal's 5-layer stack is present in ATP's design. At build time, data governance and model versioning are structural: our systems operate via API with no client data stored on our side, encrypted transit, and compliance with GDPR and DPDP built into the architecture rather than layered on through policy. At deploy time, permissioning, policy tracking, and scope definition are established during the Stimuli phase, where the actual operational reality is mapped, and the boundaries of what the system will and will not do are defined collaboratively with the client. At runtime, full interaction capture, structured logging, and real-time monitoring provide the observability that both the client and our team require to verify system behaviour continuously. Remediation is supported through complete audit trails and incident response protocols established before the system enters production. And accountability is defined from the first engagement: who monitors, who intervenes, who reviews, and under what conditions autonomy expands or contracts.

The minimal viable trust framework validates what we have maintained since our first engagement: governance is not a feature. It is architecture. The agent identity registry, the orchestration guardrails, the observability infrastructure, and the oversight mechanisms are not additions to ATP. They are ATP. A system without them is not a less-governed version of the same product. It is a fundamentally different and less trustworthy product.

The aviation parallel captures the progression model we use across all deployments. ATP begins with human-in-the-loop: every decision is visible, every output is reviewed, every interaction is captured. As the system demonstrates reliability through the evidence generated in the Stimuli and Neuroplasticity phases, the governance model shifts toward human-in-command during Synthesis and Energy. The human is still accountable, still able to override, still monitoring system performance against defined thresholds. But the system has earned, through measurable performance, the operational latitude to handle routine decisions autonomously while escalating exceptions for human judgement.

This is not a philosophical position about the appropriate role of humans in AI systems. It is a practical architecture for building trust incrementally, based on evidence, in a way that allows organisations to benefit from autonomy without assuming risks they have not yet measured. The session at the India AI Impact Summit 2026 confirmed that the market, from venture capital evaluation to enterprise procurement to standards certification, is converging on exactly this requirement.

Governance is product. Trust is architecture. The companies that understand this from founding are the ones that will scale.

—

Mitochondria builds ATP — agentic AI for operations. It learns your workflows, earns autonomy in stages, and runs with governance built in. Your data stays yours. Based in Amsterdam and Pune, working with organisations across Europe and India.