Drift Detection Is Not Governance

A drift detector reports that an agent's behavior moved. It does not decide what the agent is permitted to do next, and it does not leave a record an examiner can read.

The alert and the decision are different objects. Most agentic deployments ship the first and call it the second.

What a detector produces.

Drift detection observes a stream of behavior, compares it against a baseline, and raises a flag when the distance crosses a threshold. The output is an alert.

An alert has three properties that decide its limits. It arrives after the action, because the behavior it measures has already executed. It is advisory, because it routes to a queue or a log rather than to the action itself. It is silent on authority, because it never says whether the action was permitted, constrained, or refused.

A fraud agent widens its approval band across a shift. A drift monitor flags the shift when the window closes. The approvals already cleared.

What governance produces.

Governance is a control loop. It sits in the decision path. Before the action executes, the governor assesses the decision, sets the authority the agent carries for it, enforces that limit, and signs the record. The output is a decision with an authority attached and a record of both. An alert is not an authority.

There is a second object a governor has to cover. An adaptive agent does not only act. It updates inside the run. A learning-event admission gate decides whether an in-run update is admitted or declined before it changes behavior, and signs the admission. Drift detection watches behavior after the update has landed. Admission governance decides whether the update lands.

The action governor and the learning governor are different controls. One bounds what the agent may do. The other bounds what the agent may become.

Why detection ships first.

Detection is the tractable half of the problem. It attaches to an observability stack. It stays out of the latency path. It asks no one to own the decision.

A runtime-governance framework published this season enumerates drift detection as one of six components, with dynamic authorization and graduated containment listed as separate components. The separation is correct. The components do not ship at the same rate. Detection ships first because it changes nothing about who is accountable for the action. Authorization and containment ship last because they change everything about it.

The trade phrasing of the season is that agentic systems do not fail suddenly, they drift. The phrasing is accurate. It is also the reason a detector that fires at the close of the drift window is reporting a loss rather than preventing one.

What the examiner asks.

SR 11-7 was replaced by SR 26-2 on April 17, 2026. The new guidance puts generative and agentic AI outside its scope and points institutions back at their own risk practices. In insurance, the NAIC AI evaluation tool is in a multistate pilot running into the fall, and examiners are being handed a standard way to read an AI governance program.

When the examiner arrives, the question is not whether the monitor noticed the drift. The question is what the agent was permitted to do, under what authority, and where the signed record is. A drift dashboard answers none of the three. It shows that someone was watching. It does not show what the control did.

Detect or decide.

The question to put to an agentic-AI governance vendor is short. Does the product detect, or does it decide.

Detection raises an alert on a behavioral shift. A decision sits in the path, sets the authority of the action before it executes, governs whether an in-run learning update is admitted, and signs both onto a record a third party can recompute.

A detector is a useful instrument. It is not the governor. A contract should not pay for one as though it were the other.

What we are building.

Wayfinder Systems Group builds the governor, not the detector. The substrate sits in the decision path. It assesses each decision, sets the authority the agent carries, enforces the limit, admits or declines the learning event, and signs every decision and every learning event onto a tamper-evident chain at the moment it happens. A monitor reports that the agent drifted. The record states what the agent was allowed to do, and lets a stranger verify it. Patents held in The Wayfinder Trust. We call her Velma.