Paper Type
Complete
Abstract
Enterprises deploying autonomous multi-agent AI systems face a fundamental governance gap:- traditional IT Governance, Risk, and Compliance (GRC) frameworks operate at human speed while agentic AI systems operate at machine speed, rendering conventional oversight architecturally incompatible with emerging threats. This paper introduces meta-governance as a novel IS (Information Systems) security construct: the use of AI governance agents to autonomously monitor, evaluate, and intervene in the behavior of operational AI agent fleets. We present MOM-GS-MAS (Monitoring, Observability, and Management Module for Governance and Security of Multi-Agent Systems), a production-ready meta-governance platform deploying 16 specialized governance agents across four Safety, Alignment, Governance, and Security (SAGS) pillars. Grounded in Design Science Research (DSR), we evaluate MOM-GS-MAS through controlled simulation benchmarks and sector-specific governance scenarios, demonstrating sub-100ms policy enforcement, over 97% attack detection rates across five adversarial vectors, and sustained policy compliance exceeding 99% at fleet sizes up to 1,000 agents. Our findings extend IT GRC theory to agentic AI contexts, introduce Policy-as-Code as an operationalization of algorithmic accountability, and propose the Three-Way Governance Dilemma as a theoretical framing for why the adoption of meta-governance is architecturally necessary.
Paper Number
1513
Recommended Citation
Joshi, Himanshu; Shukla, Shivani; Kumari, Sunita; and Joshi, Manas, "Meta-Governance of Autonomous AI Agents: A Policy-as-Code Architecture for Real-Time GRC in Multi-Agent Systems" (2026). AMCIS 2026 Proceedings. 20.
https://aisel.aisnet.org/amcis2026/sig_sec/sig_sec/20
Meta-Governance of Autonomous AI Agents: A Policy-as-Code Architecture for Real-Time GRC in Multi-Agent Systems
Enterprises deploying autonomous multi-agent AI systems face a fundamental governance gap:- traditional IT Governance, Risk, and Compliance (GRC) frameworks operate at human speed while agentic AI systems operate at machine speed, rendering conventional oversight architecturally incompatible with emerging threats. This paper introduces meta-governance as a novel IS (Information Systems) security construct: the use of AI governance agents to autonomously monitor, evaluate, and intervene in the behavior of operational AI agent fleets. We present MOM-GS-MAS (Monitoring, Observability, and Management Module for Governance and Security of Multi-Agent Systems), a production-ready meta-governance platform deploying 16 specialized governance agents across four Safety, Alignment, Governance, and Security (SAGS) pillars. Grounded in Design Science Research (DSR), we evaluate MOM-GS-MAS through controlled simulation benchmarks and sector-specific governance scenarios, demonstrating sub-100ms policy enforcement, over 97% attack detection rates across five adversarial vectors, and sustained policy compliance exceeding 99% at fleet sizes up to 1,000 agents. Our findings extend IT GRC theory to agentic AI contexts, introduce Policy-as-Code as an operationalization of algorithmic accountability, and propose the Three-Way Governance Dilemma as a theoretical framing for why the adoption of meta-governance is architecturally necessary.
Comments
SIG SEC