How to set up agent operations before your first 2 a.m. incident

I was reading the Gartner press release on Tuesday morning and one sentence stopped me. “Governance shouldn’t be sitting with one individual person, that’s already a failure mode.” That is Shiva Varma, Senior Director Analyst at Gartner, quoted in CIO Dive’s coverage of the May 26, 2026 release. The same release predicts that by 2027, 40 percent of enterprises will demote or decommission their autonomous AI agents after production incidents surface governance gaps nobody saw coming.

If you are running a Series B that has crossed from “a few pilot agents” to “fifteen agents touching real workflows,” that sentence is talking about you. The question the board will ask in Q3 is not whether the AI strategy is sound. It is who runs the agents at 2 a.m. when one of them does something weird. Most founders I talk to are still trying to answer that with a single hire. The May 26 evidence says that is the wrong answer.

What Series B teams are trying right now

The Series B move I keep seeing is the search for a Head of Agent Operations. The job description writes itself. Own the production agent fleet, set the SLOs, run incident response, manage cost. Recruiters get the brief, the role sits open for nine months, and meanwhile the agents keep multiplying in production.

The Asanify AI digest published May 26 calls these new production-side roles by name and confirms they are nearly impossible to fill: Chief AI Ethics and Compliance Officer, Agentic Product Manager, Workforce Transformation Lead, AI Talent Strategist. The same week, the Cloud Security Alliance published a synthesis of the Darktrace State of AI Cybersecurity Report 2026, which found that 92 percent of security professionals are now concerned about the impact of AI agents while only 37 percent of organizations have a formal AI policy. That second number went down from the year before. AI spending up 130 percent. Policy coverage down. That gap is where 2 a.m. incidents live.

The Mayfield Agentic Enterprise survey from April puts 42 percent of organizations already in production with agents, and 72 percent in production or active pilots. Most of those 72 percent are running their agents the way they ran their first microservices in 2014: an engineer owns it, the engineer is also on call for everything else, and “governance” lives in a Notion doc nobody reads. When the agent does something costly, embarrassing, or both, the answer to “who is responsible” turns into a meeting.

Where the model breaks and what the May 26 evidence actually says

Here is what Gartner actually argues. Uniform governance applied across every agent breaks two ways. Over-restrict the simple Observe-tier agents and delivery slows enough that engineers spin up shadow versions they do not tell anyone about. Under-restrict the Fully Autonomous agents and operational, security, and compliance risk accumulates until the incident surfaces it. Both failure modes have the same root cause: treating an agent that summarizes documents the same way as an agent that moves money.

The fix Gartner proposes is a four-level proportional autonomy framework. Observe agents read or summarize. Advise agents recommend, humans execute. Act-with-Approval agents execute but require explicit human sign-off each time. Fully Autonomous agents execute within guardrails, humans review exceptions and aggregated outcomes. Different tiers get different controls.

The same week Gartner published this, the Agent Control Standard launched at the AI Agent Security Summit in San Francisco. ACS is a vendor-agnostic open standard for runtime governance, announced in a Business Wire release on May 27. It defines middleware hooks at six points in the agent execution path where a policy engine can return allow, deny, or modify: when an agent receives input, when it calls a tool, when it transitions from planning to executing, when it writes to memory, when it executes code, and when it invokes a sub-agent. Active workstreams include OpenTelemetry semantic conventions for agent tracing and an Agent Bill of Materials for real-time inventory.

The two announcements landing 24 hours apart is not a coincidence. Gartner described what proportional control should look like. ACS described how the runtime exposes the hooks to implement it. For the first time, a Series B has a credible technical and conceptual frame for “what does agent operations actually mean.”

The pattern: what scales is the function, not the seat

Governance shouldn't be sitting with one individual person, that's already a failure mode.

The Series B reframe is uncomfortable and freeing at the same time. There is no hiring out of this. There is a standing function, a written classification, and a tested kill protocol, none of which require the recruiter.

Here is the actual sequence I would walk a Series B through this week. Each step takes hours, not months, but they have to happen in this order.

1. Build the agent inventory in a spreadsheet, this week

   One row per agent: name, business owner, engineering owner, what it can read, what it can write, what tools it can call, when it last ran, cost in the last 30 days. If the Agent Bill of Materials workstream in ACS holds, the format will standardize. Do not wait.

2. Classify each agent by Gartner's four autonomy tiers

   Observe, Advise, Act-with-Approval, Fully Autonomous. Force the conversation: where on this list does this agent actually sit, not where the team wishes it sat? The classification is the artifact that auditors, customers, and the board will ask to see.

3. Name a human per agent for operational accountability

   Per-agent, not per-fleet. This is the SRE layer: who gets paged when this agent silently fails, who owns its baseline, who signs off on a tier promotion. Different from step 4.

4. Stand up the cross-functional governance call

   Engineering, security, legal, and the business owner of the agent. Sixty minutes a month. Reviews the inventory. Approves tier promotions. Logs incidents. This is the part Gartner explicitly says cannot live with one person.

5. Pick one runtime control surface, knowing it can change

   Either a managed platform (Microsoft Agent 365, ServiceNow AI Control Tower, Salesforce Agent Fabric) for the cases where enterprise procurement already trusts the channel, or a thin internal layer aligned with ACS conventions for the cases where the buyer-side is more flexible. Buy what compresses procurement friction; build what preserves the option to move.

6. Run a kill drill on a non-production agent

   Pick an agent, trigger the kill protocol on a Wednesday afternoon, time it, log what broke. The 2 a.m. incident is the worst possible time to find out the runbook is incomplete. Schedule the next drill before this one ends.

That sequence is roughly six weeks of work for a team that already has the engineers. It will not solve every problem in the agent stack. It will solve the specific question the board is going to ask in Q3 about who runs the agents and what happens when one of them misbehaves.

What I’d tell you over coffee

If I were sitting across from a Series B CTO at a coffee shop this week, here is what I would actually say. The reason the Head of Agent Operations role keeps failing to attract the right candidate is that the job, as it is being scoped, does not exist as a single seat. The function exists. The seat does not. What is actually needed is two engineers who care about reliability, a security partner who shows up to the monthly call, a legal partner who reads the autonomy classification before it ships, and a written kill protocol that has been run at least once outside an incident.

That is what a credible agent operations posture looks like at Series B. The EU AI Act high-risk deadline is 65 days out. The Q3 board cycle is closer than that. The good news is the work is finite. It is sequencing. And the team can start Monday.