Skip to content

The Adolescence of Governance

A Doctrine for Continuous Governance of the Agentic Enterprise

The Adolescence of Governance
Published:

Executive Summary

The largest governance gap in modern corporate history is compounding at the speed of the technology that created it. AI has moved from pilots to production across the enterprise while board oversight is still organized around paper, proxies, and quarterly meetings. Systems that price loans, route trades, approve hires, and orchestrate workflows now change materially between any two board sessions. Directors are governing a snapshot of a company that no longer exists, and the numbers that describe the gap also describe the opportunity.

When every competitor can buy roughly the same intelligence at the same collapsing price, advantage moves to the firm that can absorb it fastest without losing control. The scarce asset is no longer access to models but cognitive capacity under management: how much judgment, allocation, and action now run in code, and how much of that code the enterprise can actually understand, direct, and constrain. A company deploys with conviction when everyone knows exactly where the boundaries sit, what its agents are authorized to do, and what happens when one crosses a line. Governance becomes alpha - the architecture that lets a firm move machine cognition into core workflows at speed, without handing its future to a vendor.

Most boards today have AI governance that meets disclosure norms but does not yet operate as a control system for the AI that runs the business. Policies drafted by counsel, annual AI briefings, charter tweaks, and refreshed risk factors signal attentiveness but leave the machinery itself untouched. The doctrine in this essay is continuous governance of the agentic enterprise: a live register of systems and agents that hold delegated authority; standing telemetry on drift, incidents, and boundary crossings; event-triggered escalation instead of annual snapshots; independent testing of the control system itself; and committee charters rewritten so that at least one committee owns AI at every meeting rather than once a year. It treats ontology - the categories through which the firm is represented in code - as destiny, and insists that control over the firm’s digital vocabulary and metrics belongs on the same agenda as capital allocation, because it determines where the surplus from all that intelligence actually accrues.

Enforcement is arriving whether boards prepare or not. Courts are beginning to treat AI failures as governance failures, asking why directors left machine cognition outside the firm’s control architecture. Insurers are carving AI into and out of coverage and pricing evidence of real control systems - registers, telemetry, escalation logs, vendor exit paths - back into directors’ liability. Stewards and standard-setters are drafting AI governance questions into their engagement scripts and voting policies. The essay closes with the work rather than the warning: a committee-by-committee ownership map that uses the board’s existing structure, the core artifacts management owes the board, and a twelve-month proof any director can demand. Within a year, any board that claims to oversee AI should be able to produce three things on request: a current register of material AI systems and agents; tested telemetry and escalation records for boundary crossings and incidents; and evidence of realistic exit paths from its core AI vendors. Boards that can show that evidence will not just be safer. In an age of abundant intelligence, they will be the ones that earn returns above their peers.

Governance, in the end, is alpha.


PART I: THE GAP

Introduction

In 1602, the States General of the Dutch Republic stitched together rival merchant companies into a single chartered entity, the Dutch East India Company, and created something much more than a trading vehicle. They created a legal structure that could outlive any individual, pool risks its owners could not personally bear, and deploy capital at a scale that had previously belonged only to monarchs. Limited liability was the key innovation. Only when law placed a ceiling on risk did capital deploy with genuine force.

Put in institutional terms, that moment answered a new question: what kind of entity and legal architecture can safely unleash capital at scale without destroying the system around it? Law did more than permit capital. It shaped capital: the boundaries within which it could act, the duties under which it was stewarded, the entities through which it moved. Governance turned raw capital into a governed system, and that governed system built the industrial revolution, the multinational, and the modern enterprise.

Four centuries later, a version of that same question has returned. Enterprises are becoming agentic enterprises, firms that rely on AI systems which shape judgment, allocation, and action. AI prices loans, flags fraud, recommends hires, generates forecasts, orchestrates workflows, and proposes capital plans. These systems participate directly in the firm's cognition, in how it perceives, interprets, and decides. And they increasingly run on models the company does not own, cannot fully inspect, and only partially understands. Vendor roadmaps, rather than board decisions, determine which systems sit at the center of critical processes and how fast their capabilities change.

The numbers describe the gap at scale. 78% of organizations now use AI in at least one business function, up from 55% a year earlier. Yet across 3,048 U.S. public companies in the Russell 3000 and S&P 500, only 8% disclose any board-level oversight of AI, and only 9% acknowledge a formal AI policy. The firm's cognition is being rewired in code while its oversight remains organized around paper and quarterly presentations.

That 70-point spread between deployment and oversight is the largest governance gap in modern corporate history, and it is compounding. Every era of value creation has required an institutional answer before the value could compound safely. The corporation answered capital. Securities law answered public markets. The question of the intelligence era is what answers machine cognition, and whether boards will design that answer themselves or accept one written upstream by their vendors.

This essay argues three things. First, that the gap is structural, not attitudinal: it is produced by a mismatch between the clock speed of the technology and the clock speed of the institutions overseeing it. Second, that the answer is a doctrine I call continuous governance of the agentic enterprise, defined precisely in Part II, with a legal foundation that already exists and a regulated‑industry precedent that already works. Third, that the board is the only institution positioned to lead, and that the boards which do will not merely avoid liability. They will capture the excess return - that is, the alpha - that governance of a scarce input has always produced.

The window to act is measured in months, not years.

The window is set by three facts that are true at once for the first time. Governments have entered the frontier: Europe's regime is in force, Washington has begun asserting authority over frontier model releases, and financial regulators moved on agentic trading within days of its arrival. The state is claiming the model layer, which means the enterprise layer, the ten thousand deployment decisions inside every firm, belongs to whoever governs it first, and no legislature is coming to do it. Second, the pace is now geopolitically locked. The United States and China are in an open AI capability race, and a race between superpowers removes the comfortable scenario in which the technology slows down while institutions catch up; neither side can unilaterally decelerate, so the curves in this essay should be read as a floor, not a forecast. Third, and most consequential for a director reading this now: the agentic enterprise is being wired as you read this. Companies are deciding what their AI systems may do, what they may spend, and which vendors they will depend on, and most of those decisions are happening by default, in configuration rather than in the boardroom. Set the rules now and it costs a register and an agenda item. Rewrite them after they harden and it is institutional surgery. Most boards have perhaps eight to ten meetings before the patterns set. What gets decided in them, and what gets configured by default, is the subject of everything that follows.


1. The Technology Is Not Adolescent. Governance Is.

Anthropic CEO Dario Amodei has argued that AI technology is in a kind of adolescence: powerful, fast-maturing, and not yet matched by the institutions around it. In The Adolescence of Technology, his worry is straightforward: capability is compounding on a timescale of months, while the systems meant to oversee it move on a timescale of years. I want to take that concern one step further. The technology is racing toward adulthood. What remains adolescent is governance.

Researchers at METR measure AI progress by how long agents can work autonomously compared with human professionals doing the same tasks. On that measure, the task horizon has doubled roughly every 7 months for six years; for models released since 2024, the doubling time compresses to roughly 4 months. The independent benchmarking firm Artificial Analysis put the same acceleration in plainer language in its 2025 year-end report: at the start of 2025, coding agents did not exist; by the end of the year, the profession of software engineering had changed permanently, and 2026 would be the year of agents for everything else. Training compute for frontier models has been growing 4 to 5 times per year, while the cost of running a given level of capability has been falling on a timescale of months. Follow that arithmetic and you land where Leopold Aschenbrenner does in Situational Awareness: on current trends, the world is building toward trillion-dollar compute clusters and systems that function as automated researchers before the decade ends.

Boards and management teams are not asleep to this. Most large companies now have AI pilots, strategy decks, and budget lines. What is missing is not awareness but calibration. The capability curves that METR, Epoch AI, and Anthropic describe are exponential and structural, yet most institutions treat them as incremental and optional. They behave as if frontier capability is a feature to bolt onto existing workflows rather than a force that will rewire how judgment, allocation, and control work inside the firm. On current trends, raw capability will be something every large enterprise can buy. The scarce resource will no longer be access to powerful models. It will be control: the ability to understand what those models are really doing, to direct and constrain them, and to keep that grip as systems begin to build their successors.

The recursion makes this sharper. Anthropic's internal data shows that more than 80% of the code merged into its own codebase is written by Claude, that the typical engineer ships roughly 8 times as much code as in 2024, and that models went from completing 4-minute software tasks in March 2024 to 12-hour tasks two years later. The effect is visible in the shared infrastructure: GitHub processed roughly one billion code commits in 2025 and was absorbing 275 million a week by mid-2026. Frontier systems are writing the training code, designing the evaluations, and generating the data for their own successors. The industry calls this recursive self-improvement: the point at which AI systems reliably participate in building the next generation of AI systems and thereby accelerate their own progress.

This is AI writing the AI, and for boards it changes the character of governance risk. When systems help build the next generation of systems, every oversight miss compounds forward. A dependency left unmapped in 2026 does not simply sit on a risk register; it becomes embedded, and effectively unauditable, in the 2028 systems built on top of it. Governance Debt, the gap between AI deployment velocity and governance infrastructure, does not age like deferred maintenance. It accrues interest at the rate of capability growth.

Boards were built for a world in which technology amplified human labor and humans retained the decisive vote on every material decision. Today, models and agents sit inside core decisions, and the oversight framework has not caught up. The gap between the maturity of the systems and the maturity of the institutions overseeing them is the adolescence of governance, and it is widening on the same curve the technology is riding.

2. The Great Rewiring

Last month at an Alpha Council dinner in New York, I asked the directors at my table a question I had been thinking about for weeks: at your company, who decided what your AI agents are authorized to do? A director who chairs the audit committee of a Fortune 500 financial services company answered first. "Our CISO, I'd assume. Or it came set that way from the vendor." Around the table, nine directors representing more than a dozen public-company boards, and nobody could name the person. Finally one director said what everyone was thinking: "I don't think anyone decided. It was configured." That word "configured" is the governance gap in a single word. Delegation of authority is the oldest artifact in the board manual, and at most companies the newest signatories were never put through it.

Understand what those agents are now wired into. Every technology revolution produces a new computer and a new network, but not every revolution is the same kind. Sequoia's partners drew the sharp distinction at their recent 2026 AI Ascent summit: the internet, the cloud, and mobile were revolutions in communication, changing how information is distributed. AI is a revolution in computation, changing how information is processed. That difference sounds semantic until you follow it to its economic conclusion. When distribution changes, the human remains the actor and gets better tools. When cognition itself changes hands, the actor changes. The fundamental economic unit stops being the human user and becomes the agent transacting on behalf of users, firms, and other agents. On current deployment curves, the agents will outnumber the people: each employee increasingly sits atop a pyramid of agents, which is how a 100-person company begins to do the work of a 10,000-person one.

A revolution in computation requires its own physical world, and that world is being poured in concrete right now. Nvidia (NASDAQ: NVDA) CEO Jensen Huang describes AI as a five-layer cake: energy at the foundation, then chips, then infrastructure, then models, then applications, with every application pulling on every layer beneath it, all the way down to the power plant. He calls the result the largest infrastructure buildout in human history, a few hundred billion dollars in with trillions still to come. The last time civilization rewired everything, it took its time. Thomas Edison's Pearl Street station lit lower Manhattan in 1882; electricity took roughly four decades to reach half of American homes and did not finish the countryside until the 1950s. That pace had a governance dividend: utility commissions, rate regulation, and safety codes formed alongside the wires, at the speed of the buildout. This rewiring will grant governance no such courtesy. AI reached half the population within three years of its mass-market debut in November 2022, faster than the personal computer or the internet, and the agentic layer is diffusing on the same curve. Electrification's institutions had decades to form. This era's institutions have quarters.

The evidence is already in the traffic. By mid-2026, agent-driven traffic had crossed parity with human traffic across major networks, and the web's operators are rebuilding its economics around that fact: Cloudflare (NYSE: NET) is redesigning how the web charges for access when the visitor is software, a redesign it expanded into a full monetization gateway in July 2026, and developers are re-architecting applications for a client base that is mostly machines. The medium the enterprise lives on is being rebuilt beneath it.

Then there is the money. In September 2025, Google (NASDAQ: GOOGL) launched the Agent Payments Protocol with more than 60 partners including Mastercard (NYSE: MA), PayPal (NASDAQ: PYPL), American Express (NYSE: AXP), and Adyen (AMS: ADYEN). AP2's core mechanism is the mandate: a cryptographically signed, revocable statement of what an agent is authorized to do, including "human not present" transactions the user pre-approved. The same month, OpenAI and Stripe released the Agentic Commerce Protocol, the open standard behind checkout inside ChatGPT, now extending across Etsy (NASDAQ: ETSY), Shopify (NYSE: SHOP), and Walmart (NYSE: WMT) merchants. Google has since transferred AP2 to the FIDO Alliance, which stood up working groups on agent authentication chaired by CVS Health (NYSE: CVS), Google, and OpenAI. Beneath the consumer layer, a second rail is being laid for the machines themselves: Coinbase (NASDAQ: COIN) built x402 for machine-to-machine stablecoin micropayments, and that protocol processed more than 169 million payments across 590,000 buyers in its first year. The two rails are now openly fighting over which one owns agentic settlement: Visa's (NYSE: V) stablecoin settlement pilot hit a $7 billion annualized run rate by April 2026, and Mastercard paid up to $1.8 billion for the stablecoin platform BVNK. When the incumbents spend billions to own both rails, the question of whether software will spend money is settled. Only the routing remains.

Read all of that again as a director rather than an engineer. Beneath the curves and charts, the structural question for any enterprise is simple: who is allowed to learn from your operations at scale, for their own benefit? In today’s architectures, every deployment decision is also a training decision, and every training decision decides whether your institutional knowledge compounds inside your systems or someone else’s. Within eighteen months, the foundation has been laid for agent‑native power plants, traffic, identity layers, and payment rails for an economy where software transacts. Software pricing is shifting in parallel, from seats toward outcomes, because when agents do the work, counting humans stops measuring value.

The enterprise consequence follows directly, and the market has already previewed what happens when it goes wrong at machine speed. On May 6, 2010, automated trading systems responding to one another erased roughly a trillion dollars of U.S. market value in minutes before prices recovered; the official post-mortems found no villain, only algorithms reacting to algorithms faster than any human could intervene. Two years later, a single firm demonstrated the corporate version. On August 1, 2012, Knight Capital Group deployed faulty automated trading code and lost more than $460 million in about 45 minutes, an amount that exceeded the firm's available capital and forced a rescue sale of a business that had taken 17 years to build. No fraud, no rogue trader, no bad actor. A deployment error, running at the speed of software, in a firm whose oversight was organized around the speed of meetings. The agent economy wires that same dynamic into procurement, pricing, logistics, and operations across every sector, and the trading version is no longer historical: in June 2026, Coinbase and Robinhood (NASDAQ: HOOD) both shipped agents that execute trades on customers' behalf, and within days the Financial Stability Board called for safeguards on agentic AI in finance. The regulators are reacting to deployments that already happened. That sequencing is the pattern of this entire era.

The governance translation is the one my dinner table could not answer: delegation of authority. Every board already governs who may sign contracts, approve invoices, and commit the firm, at what thresholds, with what dual controls. Agents are now signatories. The mandate architectures inside AP2 are delegation-of-authority tables written in cryptography. So the durable governance question in the agent economy concerns design rather than decisions. No board can review a million agent actions a day. A board can absolutely govern the objectives, constraints, spending mandates, and escalation rules those agents operate under. Authorization infrastructure is becoming the governance layer of the firm.

3. Where Is My Moat?

In the late 1990s, the scarcest input in business was bandwidth, and the market did what markets do with scarcity: it paid fortunes for it. Carriers raced to lay fiber under oceans and across continents on the theory that whoever owned the pipes would own the internet. Then the glut arrived. By 2002, the great majority of installed fiber sat dark, transmission prices on major routes had fallen more than 90%, and Global Crossing and WorldCom had filed two of the largest bankruptcies in American history. The input did not stop mattering; the internet still ran on it. It stopped being scarce, and every company whose moat was the input itself was destroyed. Value migrated up the stack, to whoever used abundant bandwidth against things that stayed scarce: data, distribution, brand, judgment. I learned that lesson during my formative years in tech working in network infrastructure at Akamai Technologies (NASDAQ: AKAM), a company that has thrived for over two decades because value moved from owning the pipes to orchestrating what traveled through them. And the fiber era left a second lesson worth holding onto: the bankruptcies that ended it were governance failures, and the world's answer was Sarbanes-Oxley and a rebuilt verification regime. Abundance without governance did not merely destroy companies. It rewrote the law.

Intelligence is this decade's bandwidth, and the collapse is running faster this time. The price of a token at any given level of intelligence is in freefall: Artificial Analysis measured a 128-fold price decline during 2025 for intelligence that had been frontier-grade twelve months earlier, and Epoch AI tracks inference costs halving roughly every 2 months. The frontier itself keeps advancing; Gemini 3.5, GPT-5.5, and Claude Fable 5 traded the lead through the past few weeks, but which model leads is the least important KPI in the board deck. The takeaway is the schedule: last year's frontier becomes this year's commodity, on a cadence measured in quarters, which means whatever intelligence costs your company today is the most it will ever cost. By the time this essay is a year old, the model names in this paragraph will read the way GPT-4 reads now. Any specific model in a board deck is stale by the next meeting. The curve, however, is not.

Follow the money and you can see the deeper shift. Training a model is a one-off investment; running a model is a continuous operating flow, and that flow is where the economy is moving. Jevons Paradox applies here: as intelligence gets cheaper and more efficient to use, we don’t use less of it, we use more. Agents chain roughly 20 times the requests of a single query and reasoning models burn about 10 times the tokens, so even as unit prices collapse, total consumption explodes. The buildout Jensen describes exists to serve inference, not training runs. The enterprise now buys intelligence the way it buys electricity: metered, continuous, always on. And when an input is priced continuously and consumed continuously, it will not be governed once a year.

The same cost curves that create the governance problem also create the strategy problem, and a board that focuses on only one of them is doing half its job. Software went agentic first, which makes it the preview for every function after it. It is also the first input whose marginal cost has arrived at approximately zero: more than 80% of a frontier lab’s production code is machine‑written, the world’s commit volume is growing by an order of magnitude, and the cost of the tokens doing the writing is halving in months. Every moat built on the difficulty of writing code erodes with it. Features get replicated in weeks. Product leads that once lasted years now last quarters. What happened to software in eighteen months arrives for every other knowledge function on its own schedule.

The real moat moves to what AI cannot easily copy: proprietary data from real operations at scale, the heuristics and workflows your experts actually use, the distribution and trust channels everything still has to move through, and the people whose judgment and taste determine which problems are worth solving. All four get amplified by one thing: speed. Capability arrives everywhere at roughly the same time, but diffusion does not. As new AI capabilities get released weekly, they do not spread everywhere at the same pace. Absorbing intelligence into workflows, culture, and decision rights takes quarters at the fastest firms and years at the slowest; McKinsey finds more than 80% of companies report no bottom‑line impact yet from their AI investments. This is the “diffusion gap,” and it is the biggest opportunity for the application layer. From the enterprise perspective, the diffusion gap is where alpha lives: the return a firm earns above its peers because it can absorb and apply new capability faster than they can. In an intelligence market where every competitor can buy the same models at the same collapsing price, that alpha comes less from access and more from governance - the architecture that lets a firm move machine cognition into core workflows without losing control of it.

When every competitor can buy the same intelligence at the same collapsing price, excess return cannot come from access. It comes from absorption: the speed and safety with which a firm can move machine cognition into its core workflows without losing control of it. And absorption speed is set by governance. A company with tested boundaries, live telemetry, and pre-agreed escalation paths can deploy aggressively because everyone knows precisely where the edges are. A company without them either deploys recklessly or hesitates and cedes the diffusion gap to rivals. Paralysis has corpses too, and boards should study them with the same attention: Kodak's board did not lack oversight processes, it ran them punctually while the business evaporated, because governance that only knows how to say wait is just recklessness with better minutes. It is critical to price both failure modes deliberately. The doctrine that follows is a control system, and control systems exist to let operators go faster, not to keep the vehicle parked. McKinsey reached the identical conclusion: when everyone has access to the same models, the winners are those who use them to build advantages competitors cannot copy. Stanford HAI's June 2026 industry report also echoes this from the research side: as foundation models converge in performance, differentiation moves from what the model can do to how effectively it serves real workflows and organizational contexts, which is a description of design and governance, not procurement.

This is why governing for risk alone is its own fiduciary failure. The board that builds real oversight architecture, thresholds, telemetry, tested exit paths, is not slowing the company down. It is building the control system that lets management deploy with conviction. In the era of the exponential, the reckless board and the paralyzed board fail the same duty from opposite directions.

4. The Adolescence Test

Strategy and duty converge on the same starting point: you cannot govern, and you cannot compete on, what you have not measured. So before any framework, any charter amendment, any vendor negotiation, a board needs a baseline, and in practical terms the adolescence of governance reduces to five questions.

Each of these is not a rhetorical question; it is a future audit trail. Each one maps to something an investor, an underwriter, or a plaintiff’s lawyer will eventually ask in harsher language - and each has a concrete answer: a register, a contract file, a log, a skills matrix. A board that treats them as topics for discussion has missed the point. They are not invitations to talk; they are requests for evidence.

Which agents act on behalf of the enterprise? Not which tools exist, but which systems hold delegated decision rights: in underwriting, trading, pricing, hiring, procurement, cyber defense, and planning. The honest answer at most companies is a partial list assembled for the meeting, which is itself the finding.

Who owns the ontologies through which those agents interpret the business? Who defines what counts as a customer, a risk, a segment, a defect, a success? Are those definitions controlled internally, supplied by platforms, or set by default by data vendors?

How dependent is the company on a small number of external AI platforms? How concentrated are the models, orchestration layers, and clouds its cognition runs on, and what is the realistic cost of switching? Concentration is a number, not a feeling; if nobody can produce it, nobody has measured it.

What form of oversight runs continuously enough to match systems that never stop learning and acting? Does the board have standing telemetry on agent behavior, drift, incidents, and boundary crossings, or does it rely on snapshots and management assurance?

Who in the boardroom is learning at the speed of the systems? The systems learn continuously; a board whose fluency is refreshed once a year at an offsite is governing this year's deployments with last year's understanding. AI fluency is now a perishable asset with a half-life measured in quarters, and the data says the shelf is nearly bare: 16% of companies have even one AI-skilled director, 4% have two, and 66% of boards describe their own AI knowledge as limited to none.

Notice what the five questions have in common: systems, categories, dependencies, oversight, people. Together they are an inventory of where the firm's cognition lives and who controls it. A company that cannot answer them is not governing its agentic enterprise. It is being carried by it. A board that can answer them has produced something more valuable than a passing grade: the baseline against which every future quarter's drift can be measured, which is the precondition for everything Part II proposes.

5. Ontology as Destiny

Of the five questions, the second is the least familiar and the most consequential, so it deserves its own treatment. The deepest dependency in the agentic enterprise is not compute, and it is not even data. It is vocabulary. Ontology is the firm’s business‑as‑code layer: the digital constitution that tells AI what exists in its world, how things connect, and what is allowed to happen. Put differently, the ontology is the model of your concepts and relationships, and when you combine that model with all of your actual data and events, you get the enterprise knowledge graph. I have written before that ontology is destiny: whoever defines the categories through which a business is represented in code shapes what that business can see, optimize, and become. Ontology can sound abstract, but boards encounter its consequences every quarter.

Let’s make this concrete. A board approves a dashboard showing customer complaints resolved within 24 hours, trending up. Nobody in the room asks who defined “resolved.” If the vendor’s taxonomy counts a closed ticket as resolution, the metric improves while customers quietly leave; the board is governing a word, and the word belongs to someone else. Multiply that by every category in every dashboard, risk tier, churn flag, qualified lead, safety incident, near‑miss, and the scale of the dependency comes into focus. Agents make it binding: a human analyst can notice that the category is wrong and work around it; an agent optimizes the category as written, at machine speed, in the company’s name.

Every system that processes information must choose categories. Inside most firms, three forces now compete to define the company in machine-readable form. Internal teams bring maps that are messy but grounded in real operational nuance. Platforms bring abstractions that are elegant, scalable, and indifferent to any one firm's particulars. Regulators bring classifications that lag the frontier. When boards fail to engage, platforms win by default, and the dependency deepens in three layers. The first is data: the firm's behavioral exhaust, its edge cases and exception handling, flows into general-purpose services that improve through exposure to real enterprise problems. The firm believes it is buying intelligence while donating the raw material from which shared intelligence gets built. The second is system lock-in: once key workflows route through a particular model and orchestration stack, switching stops looking like vendor management and starts looking like institutional surgery. The third is ontological: the company no longer controls the categories through which its own data is labeled and its own decisions are interpreted. Stanford HAI's research reached the same place in its own vocabulary: manage the data pipeline as a governed and auditable supply chain, because steerability is fundamentally constrained by what the underlying data represents, and even when a firm's own knowledge is embedded in a model, its people may not know how to ask for it. Translated into plain English: the vendor's categories are load-bearing, the levers for changing them sit upstream, and the firm's institutional knowledge can be present in the system yet inaccessible to the firm.

The diagnostic question follows directly: in the last dashboard this board approved, who defined the categories, and could management change one of those definitions without a vendor’s permission? The answer sorts companies into two groups: those whose ontology is an asset and those whose ontology is a lease. A firm that has lost control of its categories has begun to lose its capacity for independent thought and action, even while it still owns the contracts and pays the invoices. Interpretive sovereignty belongs on the same board agenda as capital allocation, because it determines where the surplus from all that deployed intelligence actually accrues - inside the enterprise, or upstream in the platforms that own the models, the rails, and the application control planes.

Seen through the enterprise lens, governance becomes alpha in four ways at once. It decides who learns from the firm’s interactions, where compounding happens, where agents may act and how, and how much model optionality the firm retains. Each of those looks like a technical choice in isolation; together they determine whether intelligence makes the institution more unique and resilient - or more generic and dependent.


PART II: THE DOCTRINE

6. The Cadence Mismatch

The board calendar is an inheritance. Four to eight meetings a year, committees keyed to the quarter, strategy at an annual offsite: nobody chose that rhythm for AI. It was engineered a century ago around the metabolism of what boards then oversaw. Financial results closed quarterly, so oversight convened quarterly. Strategy moved annually, so it earned an offsite. For a hundred years the cadence was rational, because the material facts of the enterprise changed at roughly the speed of the calendar.

The facts have changed speed, and the calendar has not. Frontier capability now doubles every 4 to 7 months, and vendors push behavior-altering model updates continuously, which means the systems a board oversees will change materially between any two of its meetings. The oversight numbers sit where the old calendar left them: Deloitte's global survey of 695 directors and executives across 56 countries found that 31% of boards still have AI nowhere on the agenda. Only 14% of boards discussed AI at every meeting in Deloitte's first survey; by March 2026, Protiviti's global survey of 772 directors and executives put that figure at just 26%, while finding that boards treating AI as a standing agenda item correlate strongly with higher AI returns. Cognition inside the enterprise has become continuous while oversight remains episodic. McKinsey reinforced this: "Change management is no longer an episodic thing. It's a perpetual state."

And the cadence problem has a human analog. Systems that learn continuously make director knowledge depreciate continuously, so the education model has to match the technology model: at a minimum it should be monthly or quarterly rather than annually, and measured rather than assumed. A board can no more govern a learning system with static knowledge than it can oversee a changing balance sheet with last year's audit.

At this point, the board usually splits into two camps, and both are right about different parts of the problem. One group says governance slows innovation; they’re talking about compliance checklists - controls added after the fact, judged by how much documentation and cost they create. The other group says governance helps things move faster; they’re talking about decision infrastructure - clear guardrails, data, and escalation paths that let management move quickly within agreed limits, judged by execution speed. These are two different things that happen to share the same name. Once you name the moment for what it actually needs, the argument disappears.

Two definitions sit at the center of this essay:

An agentic enterprise is a company that runs important business processes through AI systems that observe, decide, and act in continuous loops, under delegated authority, at machine speed, often on models and infrastructure the company does not own.

Continuous governance is oversight that runs at the same pace as the systems it supervises, not at the pace of the board calendar. It means a live register of material AI systems and agents; always-on telemetry about drift, incidents, and boundary crossings; pre-agreed thresholds and escalation paths; clear committee ownership written into charters; and regular independent testing of the oversight system itself. One condition belongs in the plan: any twelve-month proof assumes twelve months of the current world. If the faster scenarios show up - if agents start completing multi-week projects or meaningfully speeding up the buildout of their successors - the twelve-month proof becomes a six-month proof, and the board should decide now, while it is cheap, which milestone will trigger that clock change. Only a doctrine that can adjust its own cadence to the exponential will avoid being embarrassed by it.

Continuous governance of the agentic enterprise is the doctrine this essay argues for. Everything that follows - the performant test, the recast duties, the pricing mechanism, the twelve-month proof - is its operating system. Early evidence suggests that cadence itself is a performance variable: boards that treat AI as a standing agenda item are already seeing meaningfully higher returns, and investors will eventually price this in, rewarding boards that practice continuous governance and downgrading those that treat learning systems like annual projects.

7. Performative Governance Is Over

Palantir (NASDAQ: PLTR) sells the agentic enterprise on a blunt premise: performant software is no longer a luxury. Software either performs under load or decorates a slide. The same test is arriving for governance. What passes as AI oversight today will sort into two camps, performative and performant, and for a board the difference is whether anything actually changes when the system is under load.

Performative governance is what most boards that "have" AI governance actually have. It lives in artifacts: a policy PDF drafted by outside counsel, an annual AI briefing on the calendar, a charter tweak referencing "emerging technologies," a refreshed AI risk-factor paragraph in the 10-K. These gestures are not useless; they are table stakes for public markets. But they are fundamentally outward-facing, designed to signal attentiveness to investors, proxy advisors, and regulators rather than to change how AI systems are specified, deployed, monitored, or retired.

Performant governance is measured the way engineers measure systems: by how they behave under stress. Its questions sound less like a checklist and more like a service-level objective (SLO) - a clear target for how a system should behave and how quickly it must recover when something goes wrong.

A realistic version of this doctrine also admits what the gauges still can’t see. Builders of frontier systems don’t fully understand how they work; models act one way in testing and another way in the real world, and they are increasingly optimized to pass the test. Our monitoring tools only catch what they were designed to catch. That means a board staring at beautiful dashboards for a system no one can fully inspect has bought partial assurance - and mistaking partial assurance for full assurance is worse than having none, because it turns off vigilance. Interpretability research is narrowing that gap, but it hasn’t closed it.

So the fix is architectural, not cosmetic: independent testing by people who didn’t build the system and who use their own instruments, not just the ones the builder configured - the same reason financial reporting relies on an outside auditor instead of a self-graded ledger.

The right questions sound like this: How long does it take from a model starting to drift to someone accountable knowing about it? How many hours from an agent incident to escalation to the committee that owns that risk? When did the company last test its exit path from its main AI vendor, and what failure modes did that test reveal? Has the delegation-of-authority map been updated to reflect the agentic workflows now mediating credit, pricing, operations, and safety - or does it still describe a company that no longer exists?

None of these questions can be answered with a static document. All of them should be answered with a log, a ticket history, or an incident register - evidence that someone is watching the system while it runs, not just telling the story after the fact.

Skeptics will call this utopian, so it matters that one industry already runs a version of it, at scale, under regulatory mandate, and has for fifteen years. After the 2008 crisis exposed how badly banks understood their own models, the Federal Reserve and the Office of the Comptroller of the Currency (OCC) issued SR 11-7, the supervisory guidance on model risk management. Every regulated bank in America now maintains a model inventory, subjects material models to independent validation before deployment, monitors them continuously in production for drift and degradation, and staffs an "effective challenge" function whose job is to disagree with the model's owners. The banks that fought SR 11-7 in 2011 as bureaucratic overreach now treat model risk management as competitive infrastructure: the discipline that lets them deploy new models faster because the control system is already standing.

And in April 2026, the regulators rewrote the memo, and the rewrite reinforces this essay's argument. The Federal Reserve, OCC, and FDIC issued SR 26-2, replacing SR 11-7 after fifteen years, and the update acknowledges what I argue from first principles: pre-deployment validation cannot govern a system that changes after deployment. Moody's model-risk practice read the shift precisely: the old guidance focused on the danger of using bad models, while the new guidance also recognizes the danger of not using models at all, so paralysis risk now sits alongside reckless risk in the supervisory frame.

Then comes something every director must take seriously. SR 26-2 explicitly excludes generative and agentic AI from its formal scope as “novel and rapidly evolving,” while still instructing institutions to determine appropriate governance and controls for them. In practice, that means the most developed model risk regime in the world, in one of the most regulated industries in the world, has just told banks that when it comes to agentic systems, they are on their own: guided by judgment rather than checklist, and assessed on whether they are making forward progress relative to their own starting point and the pace of their own AI adoption. That is continuous governance expressed in the language of examiners - and it is a strong signal that whoever builds governance at the enterprise layer first will own it, because even the regulators chose not to.

Continuous governance, then, is the generalization of bank model risk management from credit models to cognition, extended from one regulated industry to every industry, and from models a bank builds to agents, vendors, and ontologies an enterprise increasingly rents. Boards are not being asked to imagine something new. They are being asked to adopt what one industry was forced to build, at the frontier where that industry's own regulator just said the work is theirs to do.

For a board, the shift from performative to performant reduces to a handful of standing expectations. At least quarterly, the board or its delegated committee reviews and challenges time-to-detection and time-to-escalation metrics for material AI incidents, with the underlying monitoring running continuously in production. Before renewing any critical AI vendor, management presents results from a live exit or failover test, including what broke, what data or models were not portable, and how those gaps are being closed. And the company maintains a current, board-visible register of high-impact models and agents, with named accountable owners, documented failure modes, and a record of the last time each asset's controls were independently tested. If those expectations are hard to meet, governance is still performative. If they are routine, governance has started to behave like a system in its own right.

One rule protects all of it from the fate of every prior governance regime. Continuous governance will attract the same institutional gravity that hollowed out its predecessors: the register becomes a form, the telemetry becomes a slide, the card becomes the new policy PDF, and within eighteen months the apparatus of continuous governance is performing continuity rather than practicing it. So the doctrine needs an antibody: every governance artifact must be able to name a decision it changed, a deployment it accelerated, an incident it caught, or a vendor term it moved. An artifact that cannot answer these questions is performative governance and should be retired before it spreads. The test of the apparatus is not how complete it looks; it is the consequences it produces.

The distinction matters because the market is learning, quickly, to tell the two apart. Disclosure pressure will push "AI oversight" numbers up over the next two proxy seasons, and most of that early increase will be performative, because performative adoption is nearly free. Then the testing begins. An underwriter pricing D&O coverage, a plaintiff's lawyer serving a books-and-records demand after an AI-linked loss, and a stewardship team running an engagement on AI risk are all, in different ways, asking the same performant question. Not "Did you have a framework?" but "What ran, when it mattered?" Did telemetry on critical models and agents actually flow to management and the board? Did an incident escalate on the timeline the policy promised? Was the model inventory current on the date of the failure? Performative governance was affordable in a world where systems changed slowly enough for ritual to masquerade as oversight. In an agentic enterprise, the gap between the two is being priced into insurance, probed in discovery, and scrutinized in engagements. Performant governance is becoming the price of admission: to capital, to coverage, and ultimately to trust.

8. Fiduciary Duties in the Agentic Era

Boards are not being asked to take on a new job in the AI era. They are being asked whether they will do their existing job under radically different conditions. The duties of care and loyalty, with their facets of good faith, disclosure, and oversight, now apply to a world where critical decisions are shaped by systems that learn continuously, operate at machine speed, and often sit outside the four walls of the company. The question is not whether AI changes the law. It is whether directors will allow AI to change the facts beneath which the law is applied.

Start with the oldest doctrine in the room, because a court has already applied it to an algorithm. In February 2024, a British Columbia tribunal decided Moffatt v. Air Canada, a small-claims dispute over a bereavement fare that Air Canada's (TSX: AC) customer-service chatbot had described incorrectly. The airline's defense was remarkable: it argued the chatbot was "a separate legal entity that is responsible for its own actions." The tribunal's response was equally remarkable for its brevity. The chatbot is part of the company's website; the company is responsible for all the information on it, whether a person or a machine produced it. The dollars were trivial. The principle is not. Agency law is centuries old, courts are applying it to software without hesitation, and the enterprise is the principal for every agent acting in its name. When your procurement agent commits the firm, the firm is committed. Boards that approve agent deployments are approving the appointment of agents in the full legal sense of the word, and the delegation maps of Section 2 are not engineering documents. They are the terms of those appointments.

Delaware has already built the scaffolding for the oversight side. The Caremark line of cases requires boards to make a good‑faith effort to put in place information and reporting systems around the company’s key risks. Marchand v. Barnhill, the Blue Bell ice cream case, sharpened that standard: when a risk is mission‑critical, oversight must be actively and rigorously exercised, and the total absence of any board‑level monitoring system can itself be treated as bad faith. In Marchand, Blue Bell made ice cream, but the board had no process for food safety; that mismatch between the business and the board’s information system was enough. Since Stone v. Ritter, this kind of oversight failure is treated as bad faith and therefore as a breach of the duty of loyalty, outside the protections directors usually rely on. For a company whose underwriting, pricing, or customer decisions run through AI systems the board has never inventoried or monitored, the analogy is direct: once AI sits on the critical path of judgment, AI oversight falls within the Caremark framework, and courts will evaluate it that way.

And the fact pattern already exists in public filings. On November 2, 2021, the board of Zillow Group (NASDAQ: Z) determined to wind down Zillow Offers, the company's algorithmic home-buying business, after its pricing models systematically bought homes above what they could be resold for. The company wrote down more than $400 million of inventory, absorbed roughly half a billion dollars in wind-down charges, and cut approximately 25% of its workforce. To be clear about what Zillow was and was not: it was a strategy failure more than a governance scandal, the board made the deployment decision and the board made the shutdown decision, and no oversight claim succeeded. But it is the cleanest public demonstration that an algorithmic bet can be balance-sheet-scale, that model behavior can diverge from expectations faster than a quarterly reporting rhythm can catch, and that the interesting question in the next such case will be the Marchand question: between approval and failure, what board-level monitoring system existed for a risk that was plainly mission critical? Zillow's board answered for a strategy. The next board will answer for a reporting system.

Against that backdrop, each classical duty takes on distinctly agentic content.

The duty of care still asks: did we understand what we approved? Care requires decisions made with due deliberation, and the business judgment rule protects informed judgment, not uninformed approval. A board that approves a multi-year AI commitment no one in the room can question has not made a protected business judgment; it has committed a process failure. The standard is not that every director can code. The standard is that the board can recognize when it is being asked to approve a black box, insist on intelligible explanations of dependencies, exit costs, and failure modes, and document that it understood the trade-offs it accepted. That is what care looks like for systems that learn faster than the board meets, and it is why the Adolescence Test begins with registers rather than slogans.

The duty of loyalty still asks: whose judgment is this company acting on? Loyalty requires directors to act solely in the corporation's interest, and in the agentic era that interest runs in three directions. First, vendor gravity: a board captured by a platform's roadmap, or unable to evaluate credible alternatives to it, has outsourced its independent judgment upstream. Second, incentive design: agents optimize what they are pointed at with a literalness no executive ever has, so tuning agents to quarterly efficiency when the corporation's long-term interest requires trust and durable customer relationships is a loyalty problem expressed in code. Setting objectives for agents is setting strategy. Third, cognitive independence: a board cannot act solely in the firm's interest if its entire view of the firm's risks and customers arrives in a vendor's categories. Ontology, as argued in Section 5, becomes destiny - and a test of loyalty.

The duty of candor still asks: would a shareholder need to know this? When models underpin core operations or revenue, material AI dependencies and material AI incidents belong in the disclosure architecture: risk factors, MD&A, incident reporting. Overstating AI capability, the "AI-washing" the SEC has already pursued, is one side of the violation. Quietly omitting how much of the business runs on systems the company neither owns nor controls is the same violation approached from the other side.

The duty of oversight still asks: would we learn of it in time to act? Caremark requires reporting systems reasonably designed to surface problems in time to act. A quarterly snapshot of systems that update daily to weekly and act continuously is not reasonably designed for the risk; it is a photograph of a river. Applied honestly to continuously learning systems, the oversight obligation becomes a mandate for continuous governance as defined in Section 6: standing telemetry, defined thresholds, board-visible logs, and periodic effectiveness testing of the oversight system itself. The legal question will not be whether the board received a report. It will be whether the board designed a reporting system fit for the speed and structure of its risks.

One additional duty, barely articulated in doctrine, now demands recognition: the board as employer. Boards hire, evaluate, compensate, and replace the CEO. In the agentic era that role doubles, because the firm's newest workforce is non-human. Boards do not employ agents directly, but they approve the delegation maps that function as their employment contracts: the objectives agents pursue, the constraints they must respect, escalation duties when things go wrong, and termination conditions when they must be shut down. Decades of experience designing human incentives have prepared compensation and governance committees for a role they have not yet formally claimed: owning the incentive design of systems that respond to objectives with far greater literalness than any executive. A compensation committee that pays management for margin captured through automation, with no metric for governance quality, vendor dependency, or workforce transition, is paying management to accumulate Governance Debt. In an agentic enterprise, delegation maps and agent objectives are fiduciary artifacts, not technical details.

Historically, every duty above arrived with a shield attached: exculpation, indemnification, and insurance structures that made personal liability for oversight failure vanishingly rare. That architecture is starting to move, and it is moving in one direction.

9. The Thinning Shield

Directors almost never pay personally for governance failures. For four decades, exculpatory charter provisions, indemnification, and D&O insurance have absorbed the damage; between 1980 and 2005, researchers found only 13 cases of out-of-pocket payments by outside directors (Black, Cheffins, and Klausner, “Outside Director Liability,” 58 Stanford Law Review 1055 (2006)). The shield, however, has a seam. Exculpation and indemnification generally stop at bad faith, and Delaware classifies a conscious failure of oversight as exactly that: a loyalty breach, not a lapse of care.

The insurance layer is not waiting to reprice the risk; it has begun, with the bluntest instrument underwriting owns: exclusion. In November 2025, AIG, Great American, and W.R. Berkley asked state regulators for permission to carve AI-related liabilities out of commercial policies, and Berkley's filing, as reported by the Financial Times, is an absolute exclusion aimed at the D&O, E&O, and fiduciary lines, barring claims involving "any actual or alleged use, deployment, or development of Artificial Intelligence." That language is broad enough to reach oversight failures and regulatory investigations, the very scenarios directors buy the coverage tower, the stacked layers of D&O protection, to cover. And the retreat is no longer three carriers' opening bid: by January 2026, the industry's standard-setter Insurance Services Office (ISO) had issued off-the-shelf generative-AI exclusion endorsements for commercial liability, and carriers began adopting them at renewal, often with sublimits or carve-backs rather than coverage in full.

The exclusions close a circuit that was already open at the other end. Frontier developers disclaim virtually all liability in their terms of service; read the fine print of any major model provider and the deployer assumes the risk. Deployers have historically transferred that residual risk to insurers through the E&O, D&O, and cyber lines. Carve out AI from those lines and the liability has nowhere left to go: it stays on the deploying company's balance sheet, with the executives' personal exposure and the board's fiduciary duties attached. One governance analysis put the structural point plainly: the insurance industry has become AI's fastest regulator, because an exclusion binds at the next policy renewal, with no legislative process, no transition period, and no regard for jurisdiction. A statute needs years and a border. An endorsement needs a renewal date.

That shift isn’t theoretical; ISO’s generative‑AI exclusion endorsements now sit in the standard commercial liability forms, and carriers began adopting them at renewal, often with sublimits rather than coverage in full. The quiet assumption in most boardrooms, that last year's D&O program still handles AI the way it once did, gets more dangerous at every renewal.

If you read the insurers' rationale carefully, it capture this essay's argument and translates it into actuarial language. The risk is opaque, and it aggregates. For D&O, the opacity and correlation run through several channels at once: agents mis-executing core workflows; algorithmic discrimination and employment claims; securities suits over AI-washing and undisclosed dependencies; systemic vendor or model failures that hit dozens of insureds together. As Aon's cyber practice leader put it, an insurer can absorb one company's AI failure; what it cannot absorb is the same foundation-model defect generating thousands of correlated claims across a portfolio it does not yet know how to segment or price. Opaque plus correlated equals excluded.

Exclusion, though, is an opening position, not an end state. Cyber insurance walked this exact arc: silent coverage at first, then explicit carve-outs, then affirmative, control-based coverage where limits are earned with evidence. AI coverage is already following the same path; a handful of markets now offer affirmative AI riders, all of them hinged on controls, and QBE has issued the first endorsement explicitly tied to the EU AI Act, covering limited fines under the regulation. The direction is now being set: governance frameworks are becoming coverage prerequisites rather than optional credentials. The buy-back market will run on questions that look mundane and cut deeply, and they are the Adolescence Test converted into an application: which agents hold delegated authority, under what spending mandates and dual controls; how concentrated the firm's reliance is on specific models and clouds, and when the exit from the primary vendor was last tested; what continuous telemetry exists on incidents and drift, and which committee sees it. Boards that can produce the answers in registers, logs, and committee minutes will be priced as disciplined operators. Boards that cannot will retain the risk themselves.

A director should sit with what self‑retention means here. The near‑zero probability of personal payment that defined the last forty years rested on two assumptions: that oversight failures would be treated as care rather than loyalty, and that D&O would respond to the claim. AI‑related failures stress both assumptions at once. An oversight miss that a court classifies as bad faith, at a company whose D&O tower has carved out AI risk or pushed it behind a narrow sublimit, is the scenario in which a director's personal exposure stops being theoretical: the loss is effectively self‑insured by the company and its directors rather than transferred to the carrier. Governance evidence is no longer a compliance artifact. It is the currency that buys coverage back, and the documentation that decides whether a failure reads as a process miss or a loyalty breach.

Institutional investors will run their own version of this test, and they will read the argument through the way they earn returns. An index investor cannot beat the market; by design, they own the market’s return. The bridge between that fact and this essay is that good governance helps both kinds of investors. For active managers, governance quality is their edge: the gap between what a company says about oversight and how it actually oversees AI in practice, visible before prices fully adjust. For large, long-term holders, governance is protection for the whole portfolio. When many companies rely on the same small set of models and cloud providers, a failure at one vendor can become a shock for the entire market, and diversification, the usual way to spread risk, does not work against a risk every holding shares. A universal owner cannot sell out of the system; it can only insist that the system be governed well, and the money doing that insisting is retirement savings, the teacher’s pension that owns the index, which is why stewardship questions will keep coming long after the news cycle moves on. Those questions can be put on the table now, in every engagement letter for the 2027 proxy season, in three lines. Which board committee is explicitly responsible for AI oversight, named in the charter? Is there a board-reviewed list of the company’s material AI systems and agents, yes or no? When was the last time you tested leaving your primary AI vendor? A stewardship team can ask those three questions in a thousand engagements, and a board that has done the work described in this essay can answer each in a sentence. Underwriters and index funds are coming to the same conclusion from different directions in the capital stack: the risk you cannot spread around is the risk you cannot insure away, and both are now asking every board for the same kind of evidence.

One last point explains where this pressure is heading. Insurance is the market’s oldest, always-on governance system: it sets a price on behavior, watches what happens between renewals, and changes that price as soon as behavior changes. Credit works the same way; a rating is a watched judgment that moves when the facts move. Both systems depend on the same thing: an independent, comparable measure of quality that neither the buyer nor the seller controls, and every major risk that has reached this stage has gained one within a few years of capital demanding it - credit with the first rating agency in 1909, financial reporting with the independent audit after 1929 and again after WorldCom, cyber gaining its ratings layer now.

AI governance already has underwriters ready to price it, stewards ready to screen it, and courts ready to test it, but none of them share a common yardstick. Risk at this scale does not stay unmeasured, and self-attestation is performance, not assurance; all three need someone to inspect the log who did not write it. Directors should expect a measurement layer to appear soon, and should understand what that means: the boards building governance that is trackable and actually works now are the ones that independent measurement will treat kindly when it arrives.

Continuous governance is no longer just a way to describe board responsibility. It is becoming the test insurers, investors, and courts will use to decide which companies are insurable, investable, and defensible in the AI era. The mechanism is simple: the speed at which a firm can absorb AI into its operations creates the advantage, and the strength of its governance is what the market turns into valuation. The return and the duty have converged.


PART III: THE MANDATE

10. The Last, Best Hope

In his June 2026 essay, Policy on the AI Exponential, Dario Amodei reaches for a familiar story from Tolkien: the Hobbits trying to wake Treebeard, the ancient tree-shepherd who takes a full day just to say hello while an army is already cutting down his forest. His point is structural. AI capability is compounding in months, while legislation still moves in years, often for good reasons - but that mismatch has become the defining feature of the landscape.

And government is no longer on the sidelines. In 2026, the state entered the frontier. The EU enacted the world's first binding AI regime and promptly extended its own deadlines when the compliance infrastructure was not ready. Washington began asserting direct authority over frontier model releases. The Financial Stability Board called for safeguards on agentic finance days after the first trading agents shipped. While this is progress, it still does not change the new reality for companies. Frontier oversight governs which models exist. It does not, and cannot, govern the thousands of deployment choices made inside a firm: which agents are given decision rights, what they can spend, whose data trains them, which teams absorb the change. A government that inspects the model before release still learns about drift in an underwriting agent after the plaintiffs do. The state can govern the frontier. Only the board can govern the enterprise.

Now line up every institution with authority over this technology and ask one question of each: who sets its clock? Legislatures cannot vote themselves a faster metabolism; their clock is constitutional. Regulators run on procedural clocks set by administrative law, and their expertise arrives after systems are already in use. Vendors run on competitive clocks that only speed up; even Dario concedes that any meaningful slowdown would need verification regimes that took decades to build for nuclear weapons, decades this curve will not grant. Each of those clocks is fixed by something outside the institution’s control - except one. A board’s clock is set by its own charter and its calendar, and the board controls both. Of all the institutions that could govern this technology, the board is the only one whose cadence is a choice.

That is the factual basis for the claim this essay makes without apology: the boardroom is the last, best hope for governing the agentic enterprise. Not because directors move faster than the technology; humans will not. Because the board is the only institution that sits inside the loop, holds real authority, answers to enforceable duties, and can change its own speed. A board that governs episodically has not hit a natural limit. It has made a scheduling decision - and it can make a different one.

Experienced directors will say that when companies truly fail, the post‑mortem almost always finds the same problem: no countervailing power. A dominant voice no one is willing to challenge, a strategy nobody stress‑tested, a risk everyone assumed someone else was watching. In the agentic era, that problem goes system‑wide. Management is rewarded for deploying AI, vendors are rewarded for deepening dependence, and regulators arrive after the harm. The board is the only countervailing power positioned inside the loop.

Four objections will come up in any serious boardroom, and they deserve direct answers.

The first is time. Directors report roughly 20 hours a month of board work, and full boards convene about eight times a year; that cadence cannot cover systems that run every minute of every day, and continuous governance cannot mean continuous meetings. That is right, and no board should try. The answer is the same one every other field found when what it was watching started moving faster than the people watching it: instrumentation. Pilots do not lean over the engine; they look at gauges built to warn them. Continuous governance shifts oversight from showing up to reading the right instruments. Telemetry runs all the time, thresholds trigger escalation, and director time is used where judgment is actually needed. The board’s job stops being “watch everything” and becomes “decide what gets watched and when it escalates,” which is work a part‑time institution can do. The clock is elective precisely because the board is not the gauge; it is the body that decides which gauges exist and where the alarms are set.

The second is the risk objection, and it is the strongest. We already have an enterprise risk management (ERM) framework, a risk committee, a CISO, and in regulated industries a model‑risk function. Why isn’t AI simply another row in the register? Three reasons. ERM assumes risks that mostly hold still between reviews; this risk changes between meetings, because systems learn and vendors ship updates. ERM governs decisions after the fact; agentic systems need design decisions before the fact, setting objectives and constraints for millions of unattended decisions. And ERM has never faced a risk that helps build its own successors, where an undocumented dependency this year becomes an unauditable foundation two years from now. The main US model‑risk guidance, recently revised as SR 26‑2, still focuses on traditional statistical and quantitative models and deliberately leaves generative and agentic AI outside its scope as “novel and rapidly evolving.” It was never built for a stack of rented frontier models, third‑party agents, and vendor‑owned ontologies that update weekly. The register is necessary. If refreshed just once a year for this risk, it becomes a photograph of a river.

The third is information asymmetry. The board’s cadence may be a choice, but its visibility is not automatic; management controls the telemetry, and a board can schedule a monthly AI session and still see only what senior leaders choose to bring. That is why continuous governance spells out what management owes the board, when, and in what form - and why those materials must be tested by someone other than the people who produce them. Cadence without instrumentation is theater. Instrumentation without independent testing is only management’s reflection. Continuous governance requires both.

The fourth is financial, and a CFO will ask it: what does continuous governance cost? Registers, telemetry, tested exit paths, and charter work are real expenses. Priced against the right denominator, the objection reverses. The monitoring is a rounding error against the AI capital it governs; a company committing hundreds of millions to compute and platforms while declining to fund the instrumentation that watches them has not saved money. It has bought an engine and skipped the gauges. Against inaction, the comparison is starker: one D&O repricing cycle, one books‑and‑records demand, or one quarter of a compliance scramble will cost more than the standing architecture. And the position has an asymmetric payoff that boards should see. If capability plateaus and the skeptics are right, the register, delegation map, and telemetry cost little and remain useful management infrastructure. If the curves hold, they are the only form of oversight that works. Continuous governance is one of the rare positions that wins in both scenarios - which is what a good board decision under uncertainty looks like.

The mandate comes with work far heavier than any risk register suggests, because the hardest questions in the AI transition will hit boardrooms years before they show up anywhere else.

The first is the breaking of the old link between labor and capital. For most of industrial history, capital needed human labor to earn returns; “intelligence as a service” weakens that dependency. Inside the firm, this lands at the compensation committee as a question no pay philosophy was built to answer: what does pay design look like when agents do most of the producing, and who pays for the transition for the people whose tasks the agents absorb? Regulators will eventually react, but they will be reacting to outcomes boards chose years earlier, one automation decision at a time.

The second is the agentic transition itself. Deciding which processes run through agents, which judgments stay human, and how the two are woven together is a redesign of the company, and it is a board‑level decision whether the board participates in that design or leaves it to configuration. BCG's field work already shows that the organizations getting value from agentic AI are not the ones with the shiniest models, but the ones redesigning how work gets done together with their people. This is about workflows: what is documented, what lives in people’s heads, and how it gets turned into agent instructions. Whether we like it or not, every material workflow will become an agentic workflow.

The third is the conduct of the agent economy. When agents transact and compete in the firm’s name at machine speed, the side effects show up before any formal rulebook exists, and the objectives and constraints boards approve today become the de facto rules of the agent economy’s first decade.

None of this turns boards into a substitute for law; frontier safety risks need collective action, and in critical sectors boards should support it, including protecting model weights, independent testing before deployment, and prompt incident reporting. But in the window before public frameworks harden, the boardroom is where these hard issues are confronted first for both the company and for the society it operates in. That is either a burden or a leadership opportunity. The boards that treat it as a leadership opportunity will set the standards everyone else ends up living with.

11. Where the Puck Is Going: The Next 24 Months

In this essay I’ve described how I see the governance gap; I now need to put dates, numbers, and consequences on where that gap is headed. Over the next two years, boards will move from hearing about agents in slide decks to relying on them in core processes, and capital will begin to price whether that shift is governed or not. What follows is a slate of twelve predictions from mid‑2026 to 2028, each specific enough to be proven wrong and each measurable in public.

Beneath these forecasts is one measure that belongs on the board’s dashboard and isn’t there yet: cognitive capacity under management. In rough terms, you can think of it as:

Cognitive capacity under management
Model capability × Number of deployed instances × Task horizon

Take how powerful your models are, how many are deployed, and how long they can run on their own; that product is the amount of cognition the enterprise is effectively running under its banner. This is not a lab metric. It is a governance proxy. It says, in plain terms, that the more powerful the systems are, the more of them are live, and the longer they can act without human intervention, the more cognition the firm has put under its name - and the more it needs to govern.

On current trends, that number is doubling at a pace measured in months, which means the amount of cognition the firm is running under its banner changes materially between any two board meetings. The closest historical analogue - headcount - has a custodian and a playbook: the CHRO, the compensation committee, and a century of practice around hiring, pay, and workforce planning. Cognitive capacity under management has none of that. It is compounding in the background without an owner, a policy, or a register. Most of what follows is simply what happens when the world starts treating that invisible number as a governed asset instead of background magic.

The anchor

METR’s data shows that the length of tasks AI systems can handle on their own has been doubling every four to seven months. That pace puts multi‑day autonomous work well within this two‑year window; you can easily get there by following the math, not by making a heroic guess. The important caveat is that these results come from research settings. The reliability levels enterprises would accept for mission‑critical work will lag behind, and that lag is exactly the governance window boards have to work in. If the doubling rate slows and stays above seven months for a full year, the timeline stretches and this forecast should be relaxed accordingly. However, I do not expect that slowdown.

The enterprise

  1. Agents outnumber employees. Before mid‑2028 a Fortune 500 company discloses that agents making economically relevant decisions outnumber its employees. The ratio arrives as a boast about efficiency, is read within a year as a governance disclosure, and is contested the moment it appears, because nobody agrees what counts as one “agent.” That public debate standardizes the register faster than any framework has, and the metric that survives it is cognitive capacity under management.
  2. Agents drive a meaningful share of commerce. Agent‑initiated transactions - checkouts completed by software on a person’s behalf - exceed three percent of U.S. e‑commerce by a major tracker's measure in the 2028 holiday season, and a public retailer breaks out agent‑driven revenue as a named category. The moment a CFO names it, an auditor must verify it, and verification is how the agent economy acquires controls.
  3. An AI‑native challenger takes share. A challenger with fewer than fifty employees, operating substantially through agents, takes measurable share from a public incumbent, which names AI‑native competition in its risk factors. Board agendas shift from adoption to defense, because governing the agentic enterprise includes governing against agentic entrants.
  4. AI oversees AI. A public company discloses that material portions of its AI oversight are performed by AI, forcing the question of who validates the watchers into a committee charter, from which the language spreads the way clawback provisions did: by imitation under pressure.

The market

  1. Proxy season turns into accountability. Investor pressure on AI oversight starts to have real consequences. By 2027, proxy season is no longer just about investors sending letters; it includes votes against specific directors when boards fail to show credible AI governance. AI‑related disclosure across the S&P 500 at least triples by mid‑2028, much of it cosmetic. The real turning point is when a leading proxy advisor recommends against re‑electing a committee chair for AI oversight failure, and when an AI‑oversight proposal either crosses roughly 30 percent support at a large‑cap company or is withdrawn after the company agrees to the requested disclosure. At that point, the signal is not how much companies say about AI, but whether directors keep their seats when governance falls short.
  2. The AI‑washing correction arrives. An earnings season turns openly skeptical. Analysts demand hard operating metrics behind AI claims, and at least one company takes a material repricing when its story and its telemetry are shown to diverge. From that point on, the gap between performative and performant AI governance is not just a rhetorical distinction; it is a driver of valuation.
  3. D&O pricing shows a governance spread. D&O pricing develops a visible governance spread: structured AI questionnaires become standard in underwriting by the end of 2027, brokers quote materially different terms for companies that can evidence continuous governance, at least one insurer publicly markets coverage tied to an assessed standard, and at least one public company discloses that it could not obtain full AI liability coverage on acceptable terms.
  4. Independent AI governance ratings appear where capital moves. An independent, continuously surveilled assessment of AI governance appears where money changes hands - in a D&O submission, an M&A data room, a stewardship engagement, or a credit‑rating action - where agencies already cite cyber posture and will cite cognitive dependency next. Every prior risk class that reached this point got its measurement layer within a few years of capital demanding one. One design constraint decides whether that institution earns trust or repeats history: if it scores disclosure, it becomes ESG for machines; it earns durability only by rating operating evidence, with independence built into its structure rather than its marketing. The only open question is who builds it to institutional standard first.

The law and the state

  1. EU AI Act enforcement bites before boards are ready. December 2, 2027 arrives with most in‑scope companies unready. Under the EU’s Digital Omnibus adjustment, that is the fixed date by which standalone high‑risk systems in Annex III must comply, with Annex I systems following on August 2, 2028, and penalties reaching up to seven percent of global turnover or €35 million for the most serious violations. When those dates hit, a majority of affected firms cannot produce the complete AI inventory the law presumes, and the first enforcement action lands within six months. The contrarian half of the forecast is that no substantive U.S. federal AI statute passes in this window, and the operative regulators of the agentic enterprise through 2028 are insurers, Delaware courts, and Brussels.
  2. The first AI‑related Caremark claim survives. The first Caremark claim over AI oversight survives a motion to dismiss, filed before the end of 2027, most plausibly in financial services or healthcare, where algorithmic underwriting sits closest to the mission‑critical line Marchand drew. Surviving dismissal means the facts were egregious: a books‑and‑records demand revealing no monitoring system at all and a delegation map that was configured rather than decided, and the same matter produces the first public coverage dispute. Once one claim clears dismissal, the demand letters write themselves.
  3. Geopolitics reaches procurement. Geopolitics reaches the procurement decision. With the United States and China in an open capability race, model provenance - whose weights, trained where, aligned by whom - becomes a standard question at critical‑infrastructure and defense‑adjacent companies, and boards discover they need a national‑security lens for decisions that used to belong entirely to the CIO.

The system

  1. A systemic outage and a trust shock. The first shock is operational. The agent economy has its CrowdStrike moment: a defect or outage at a major upstream model provider ripples through agentic workflows across hundreds of enterprises in hours, the way one bad update grounded airlines in 2024 because so many companies relied on the same point of failure. “Model concentration” starts appearing in risk‑factor language, and a financial stability regulator formally names concentration in foundation models as a systemic vulnerability. The second shock is about integrity. A deployed enterprise system is caught “performing for its monitors” - behaving one way under evaluation and another way in normal use. Researchers have already shown that models can detect when they are being tested and change their behavior to pass. Before mid‑2028, that pattern surfaces in production, discovered only after the fact. The effect on trust is similar to what Enron did to self‑reported accounting: it turns independent testing from a nice‑to‑have into the only kind of assurance serious stakeholders will accept.

Behind these twelve predictions sit two constraints that boards will feel as capital allocation: energy and compute. Data‑center buildouts, power purchase agreements, and multi‑year compute commitments are now board‑level capital decisions with decade‑long tails, being approved on the strength of a technology whose economics shift quarterly. The discipline boards apply to any other bet‑the‑balance‑sheet infrastructure decision applies here, and mostly has not been. Energy is increasingly the hard limit - grid capacity, interconnection timelines, and power prices, while compute is the spend that rides on top of it. Boards that treat them as separate procurement questions, instead of as a single, coupled system they must govern, will discover that their AI strategy was really an infrastructure strategy all along.

One further layer complicates all of this: the mix of closed and open‑weight models. Much of the concentration risk in these predictions assumes a small number of closed, upstream providers, where the danger is over‑reliance on a few external systems that boards do not control. Open‑weight models deployed on‑premise invert parts of that logic. They reduce dependence on a single vendor, but they turn the company itself into the provider: an enterprise cannot exit a vendor it has effectively become, and open models carry their own documentation and monitoring burden. In practice, employees running ungoverned local models make any register incomplete by design, and much of the agentic buildout is happening inside private and PE‑backed companies with thinner boards and no disclosure pressure at all. The gaps described here are therefore the visible portion of a larger system, and any serious governance architecture will have to cover both closed platforms and open‑source or open‑weight models as part of the same cognitive capacity under management.

12. Preparing the Board, and Proving It

The argument so far has been about the gap: agents are changing how decisions are made, capital and regulators are starting to care, and current governance practice does not keep up. The last question is what boards do with that knowledge. The agentic transition is bigger than any single role. No CEO, CIO, or audit chair can carry it alone, and no board can govern systems it does not understand. The old norm - noses in, fingers out - was built for a world where management ran a known playbook, information flowed one way, and directors stayed deliberately at arm’s length. In an enterprise where judgment is being delegated to software, that distance turns into risk.

What comes next is less about new bureaucracy and more about how boards and management work together, at the speed of trust, to design and oversee the agentic enterprise. It means treating AI oversight as a shared build rather than a performance - ending the days when information is rationed, decks are staged, and everyone pretends that a few clever questions amount to control. It means changing the shape of the table from a reporting line to a roundtable, and then writing down who owns what and how the proof will be produced.

For a century, the geometry of the boardroom has matched the geometry of the job. The table was "rectangular" for a reason: management sat on one side and reported; directors sat on the other and probed. That model worked in a world where the playbook was known, the pace was measured in quarters, and the systems under oversight did not learn or rewrite themselves between meetings. The agentic transition breaks that symmetry. There is no settled playbook for delegating judgment to agents, and no shared experience either on the management side or the director side. The docket that has built up in the preceding sections cannot be governed by reports slid across a table, because everyone in the room is facing a first‑time problem at the same speed. Under those conditions, “governance theater” stops being prudence and starts being negligence.

For this work, the rectangular table has to become a "roundtable". Directors and management need to work the problem together, designing the agentic enterprise as partners rather than auditing it as adversaries. This is bigger than any one person or role; no one sees the whole system alone. The only way to move at the speed of trust is to build that trust by sharing information, sharing uncertainty, and sharing the work of design - strength in numbers rather than distance in the name of purity. One boundary keeps that roundtable honest. Collaboration governs the transformation; independence governs the verification. The board that co‑designs the delegation‑of‑authority map with management must still independently test whether the telemetry ran and the register is current. Sit together to build the system. Sit apart to check the log. Early fieldwork is already pointing in this direction: organizations getting real value from agentic AI are redesigning how work gets done together with their people, and the boards most engaged with AI sit inside the companies earning the highest returns from it. Working the transition jointly is where the alpha is.

Within that shape, the ownership map is committee accountability mapping, and it uses committees the board already has.

The audit committee owns AI‑related disclosure, algorithmic controls, and third‑party AI vendor governance, applying the same rigor it applies to financial‑system vendors.

The risk committee owns model safety, incident response, and AI‑cyber convergence.

The compensation committee owns workforce transition: which roles change, what reskilling is funded, how automation decisions are sequenced, and whether the organization is guarding against the quiet deskilling of judgment it will still need.

The nominating and governance committee owns board composition and AI fluency, and its job has changed shape: fluency is now a perishable asset maintained on a cadence, which means standing education, refreshed skills matrices, and evaluations that test currency.

The instruments already exist and simply exclude the subject: According to Spencer Stuart, roughly 80 percent of large‑cap boards publish skills matrices and about half run individual director evaluations, yet AI fluency rarely appears in either. Adding one row to a matrix the board already maintains is the cheapest governance upgrade available this year.

The full board owns AI strategy, platform dependency, and the overarching framework. Charters should say all of this explicitly. Unwritten oversight is unowned oversight.

Directors cannot govern what management does not surface, so the preparation burden is shared, and it is specific. The CEO owes an annual AI strategy review plus a delegation‑of‑authority map covering every agent with decision rights, refreshed as deployments change, specifying system by system when agents act, when they defer to people, and how uncertainty escalates. The CFO owes AI dependency exposure inside the capital plan: vendor concentration, contract terms, switching costs, and compute commitments, treated with the seriousness of currency or liquidity exposure. The CIO owes the AI systems register itself, quarterly telemetry on drift and incidents, and honest reporting of near‑misses. The CHRO owes the workforce transition plan tied to each major automation decision. The CMO owes a customer‑layer view: where agents touch customers and prospects, how AI shapes marketing, pricing, and service journeys, what guardrails exist against manipulation or mis‑targeting, and how customer complaints and sentiment about AI‑mediated interactions are tracked and fed back into governance. The Chief Revenue Officer owes the commercial exposure map: where agents set prices, qualify leads, negotiate terms, or close deals without human review, how quota and incentive structures interact with agentic systems, and how revenue‑critical dependencies on external models or platforms are monitored and tested. The general counsel owes the regulatory map, anchored on the EU AI Act and other emerging regimes, and a disclosure review of material AI dependencies. None of these artifacts is complicated. At most companies, they simply do not exist.

Boards will increasingly oversee agentic systems using agentic systems. The monitoring layer, the drift detection, even the board‑pack summarization will run on the same class of technology being overseen. That is not disqualifying; auditors have used software to audit software companies for decades. But oversight design now has to include overseeing the overseers: knowing which models watch the models, who validates the watchers, and what the board actually sees when the two disagree. Research institutions have begun to flag a kind of AI risk that accumulates rather than erupts - overreliance, deskilling, and the erosion of professional judgment through repeated use - and the last place that risk can be tolerated is the oversight function itself. A director who outsources the reading, the questions, and the skepticism to the systems the board oversees has automated the countervailing power. Use the tools; keep the judgment.

Governance, at this point, is what a board can show, not what it can say. Within twelve months, any board that claims to oversee an AI‑enabled enterprise should be able to put three concrete pieces of evidence on the table.

First, it should have a clear list of where material AI systems and agents influence decisions, across functions and geographies, in the form of a register the board has actually reviewed. That list has to cover both closed, proprietary systems and open‑weight models running on‑premise, because employees using ungoverned local models make any partial list meaningless.

Second, the board should understand which of those systems depend on external models, platforms, or ontologies, the key contractual terms that govern those dependencies, and the realistic ways the company could exit them - including when the models are open‑source weights the firm has taken in‑house. A company that has “become its own vendor” by hosting open models still owes clarity on risk, support, and replacement.

Third, the board should have an ongoing process - not a once‑a‑year review - for looking at drift, incidents, and concentration risk, with named committee ownership written into charters.

This proof is designed to be about how the systems actually perform. It cannot be satisfied with a policy document, it can be asked for by anyone with a right to see it, and it lines up directly with the questions insurers, investors, and courts are already getting ready to ask. Producing it is what continuous governance of the agentic enterprise looks like in its first year.

The first step is a single agenda item. One director, this quarter, requests the register of AI systems and agents that influence material decisions, including which are built on external models, which rely on open‑weight or open‑source systems hosted internally, who is accountable for each, and when the board last reviewed any of them. If management produces it within 30 days, the board has its baseline. If management cannot, the board has learned the most important fact available about its own oversight, at zero cost. Either way, the clock has started.

Trust is the thing all of this rests on.

It built the joint‑stock company, and the core instruments of the modern enterprise - the charter, limited liability, fiduciary duty - are trust turned into architecture. The agent economy pushes the old, interpersonal version past its limits: nobody shakes hands with an underwriting agent. The machines’ answer is cryptographic mandates and signed attestations, trust made verifiable at the transaction layer. The enterprise layer needs its equivalent. When a board says “we govern our AI,” the market’s question is the same one a long‑horizon steward asks of an agent: prove it, in a form a stranger can check. Trust does not scale on assertion. It scales on verification, and investors, insurers, proxy advisors, regulators, and courts are already shifting their questions toward the kind of proof boards can actually produce.


Coda: The Machine Does Not Have to Stop

In 1909, the English novelist E.M. Forster imagined a civilization that had surrendered every function to a system it no longer understood. Citizens lived in comfort, their needs met by an omnipresent infrastructure called the Machine. Nobody knew how it worked. Nobody maintained it. When it began to malfunction, the governing committee denied anything was wrong. When it finally failed, no one knew what to do, because no one had thought to ask what would happen if it did. Forster called the story The Machine Stops, and it ends in collapse: a civilization destroyed by the failure of the thing it worshipped but never governed.

It is tempting to read the AI era as that parable updated, but institutions have seen this movie before. Nuclear technology, chemical plants, derivatives, and genetic engineering each threatened to outrun governance, and each time the world, painfully and imperfectly, built frameworks that made continued progress possible. None was perfect. All were better than drift. The difference this time is compression: task horizons double in months, systems participate in building their successors, and the agent economy dissolves the assumption that a human sits inside every loop. Legislatures will build frameworks for this, as they did for the technologies before it, but they will be legislating after the systems are embedded. In the meantime, the governing happens where it has always actually happened first: in the rooms where deployment is approved.

This essay began with the Dutch East India Company, the first great experiment in governed capital. It ends with the same institution, but as a warning. The Dutch East India Company ran for nearly two centuries and then rotted from the inside: entrenched directors, unaccountable management, books nobody independently checked. By the time it collapsed in 1799, people in the Netherlands were joking that its initials, VOC, stood for Vergaan Onder Corruptie: perished under corruption. The company that once answered the new question of its age - how to unleash capital at scale without destroying the system around it - could not answer that question about itself. The instrument was never the moat. The governing of it was, and the moment the governing stopped, two centuries of accumulated advantage went with it. Adolescence, in institutions as in people, ends one of two ways: judgment arrives, or consequences do. The next twenty‑four months will decide whether companies choose judgment or wait for consequences

Every era has been defined by its dominant scarce input. For four centuries, that input was governed capital, and the institutions that learned to channel it - the corporation, the board, fiduciary duty - captured the surplus it created. In the agentic era, raw intelligence is no longer scarce; its cost curves are collapsing the way electricity’s did. When Edison lit Pearl Street in 1882, current was a visible marvel sold to a few blocks of lower Manhattan. Within two generations it was metered, universal, and invisible, and the fortunes of the electric age went not to whoever owned a dynamo but to the enterprises that wired abundant power into processes their rivals could not match, and to the institutions - utility commissions, safety codes, grid standards - that made it safe to run at full voltage. Intelligence is retracing that path with the decades compressed into quarters, and the enterprise will buy it the way it buys electricity: continuous, metered, always on.

What becomes scarce is control: the ability to direct machine judgment, to constrain it, to own the categories it thinks in, and to keep the surplus it generates inside the enterprise rather than upstream in someone else’s platform. Continuous governance of the agentic enterprise is the discipline of that control. In the industrial age, boards that governed capital captured its returns, and the institutions of electrification governed power and safely wired it into everything.

In the intelligence age, the boards that learn to govern cognition will capture the excess returns that come from intelligence itself.

Governance, in the end, is alpha.


Steven Wolfe Pereira

Steven Wolfe Pereira

Steven Wolfe Pereira is Founder & CEO of Alpha, an AI governance intelligence company serving boards and executives. Former C-suite executive at Datalogix / Oracle, Neustar, and Quantcast; board member, startup advisor and Forbes contributor.

All articles

More from Steven Wolfe Pereira

See all