The agent worked in March. It worked in April, and again in the Thursday demo in May, when it drafted forty policy-renewal letters, flagged the three that needed a human, and routed the rest without a stumble while the room nodded along. By late June, that same pilot had not touched one live customer account. Not one. Eight months of almost.

What kept stopping it was never the model. Every steering review died on the same two questions, and nobody in the room could answer either one in writing: what is this agent allowed to decide on its own, and who puts their name under that decision? The demo was flawless. The authority was undefined. So the launch slid another month, and then another, and the slide deck started carrying the word "soon" like a confession.

Multiply that one room by a few thousand and you get the defining number of 2026. Gartner's 2026 survey of more than 2,500 Chief Information Officers and technology executives found that only 17% of organizations have actually deployed AI agents, while more than 60% expect to within two years (Gartner, 2026 Hype Cycle for Agentic AI). That is the most aggressive adoption curve Gartner has ever charted for an emerging technology. It is also one of the widest gaps it has measured between wanting a thing and shipping it.

43 points
separate the 60%+ of organizations planning to deploy AI agents from the 17% that actually have. The intent is nearly universal. The deployment is rare
Source: Gartner 2026 CIO and Technology Executive Survey

I want to be careful not to wave this away as ordinary hype-cycle lag. Some of it is. Markets always run ahead of operations. But a 43-point spread is not the normal lag between a trend and its rollout, and the reason it is so wide is specific. The teams stuck on the wrong side of that number are not short on models or budget. They are short on the one thing nobody puts on a roadmap: a written, agreed answer to what "done" and "safe" mean for an agent that acts on its own.

What is the gap between planning AI agents and deploying them?

It is a readiness gap, and readiness is governable. The plan-to-deploy number measures appetite. The actually-deployed number measures whether an organization could write down, defend, and stand behind what its agent is permitted to do. Those are different muscles. The first one needs a budget line and a vendor demo. The second one needs the unglamorous discovery work most teams skip because it does not show up in a sprint board: surfacing the exceptions, naming the decision rights, and validating the inputs before anything goes live.

Deloitte put a hard number on the missing muscle. Its 2026 State of AI in the Enterprise survey, drawn from 3,235 leaders across 24 countries, found that only 21% of organizations have a mature governance model for autonomous agents, even as 74% expect to use agentic AI at least moderately within two years (Deloitte, Agentic AI is scaling faster than guardrails). Read those two numbers next to each other. Almost everyone is heading for agents. Roughly four in five are heading there without a governed way to bound them.

21%
of organizations have a mature governance model for autonomous AI agents, even though 74% expect to use them within two years. The ambition outran the guardrails
Source: Deloitte, 2026 State of AI in the Enterprise

Here is the part that surprised me when I first sat with the data. A mature governance model is not a compliance binder. Deloitte describes it as clear boundaries for which decisions an agent makes alone versus which need a human, real-time monitoring that flags anomalies, and audit trails that capture the full chain of an agent's actions. Strip the governance vocabulary off that list and you are left with requirements. Specific, validated, traceable requirements. The governance gap and the requirements gap are the same gap, wearing two different name tags.

Why do agentic AI pilots stall in "almost ready"?

Because the model is ready months before the requirements are. That is the trap. A modern agent demos beautifully on day three, which fools everyone into thinking the hard part is behind them. It is not. The hard part starts at the launch gate, where someone finally has to answer the questions a demo never asks: which actions can this run autonomously, which need sign-off, what data is it allowed to touch, and what is the one thing it must never do, no matter how confident it sounds.

Those are not engineering questions. They are discovery questions, and they have to be answered before the agent is live, not after it has done something nobody sanctioned. The insurance pilot I opened with was not waiting on a better model. It was waiting on a decision nobody had been assigned to make: the precise line between what the agent could approve on its own and what a human had to touch. That line was never a technical artifact. It was a requirement, and the requirement did not exist.

The agent was ready in March. The requirements were not ready in June. The pilot did not have a model problem. It had a "nobody wrote down what safe means" problem, and you cannot deploy your way out of that.

The Cisco AI Readiness Index measured exactly this control gap at scale. Across its global survey, 83% of organizations said they planned to deploy AI agents within a year, yet only 24% reported being able to control agent actions with proper guardrails and live monitoring (Cisco, 2025 AI Readiness Index). Cisco named the underlying problem well: "AI Infrastructure Debt," the modern evolution of the technical debt that stalled past transformations. I would push the name one layer deeper. Underneath the infrastructure debt sits requirements debt, the unwritten objectives and unbounded decision rights that no amount of compute can pave over.

24%
of organizations can actually control agent actions with proper guardrails and live monitoring, even though 83% plan to deploy AI agents within a year
Source: Cisco, AI Readiness Index 2025

What makes requirements the real readiness substrate?

Four questions, answered before launch. That is what separates a pilot that ships from a pilot that loops. An agent is deployable when its requirements pin down its objective, its inputs, its decisions, and its risk controls clearly enough that a reviewer can sign off without holding their breath. Miss any one of the four and you get exactly what the survey data describes: a working model trapped behind a gate it cannot pass, because passing the gate was never an engineering task in the first place.

Take them one at a time, because each one is a discovery problem dressed as a technical one. Objective: what outcome is this agent accountable for, stated precisely enough to measure, not "improve customer service" but "resolve tier-one billing disputes under a defined dollar threshold." Inputs: which data sources are validated, current, and in bounds, because an agent reasoning over a stale or unauthorized source produces confident, traceless errors. Decisions: which actions it may take alone, which escalate to a human, and how every one of them is logged so the chain can be reconstructed later. Risk controls: the hard boundaries, the actions it must never take, and the mechanism that actually stops it when it drifts toward one.

None of that is exotic. It is the same discovery discipline good teams have always owed their projects, now with higher stakes because the thing on the other end acts autonomously and fast. We laid out the broader method in what requirements intelligence actually is, and the governance mechanics specifically in AI governance for requirements. The short version: an agent cannot be held to a goal nobody pinned down, and it cannot be bounded by a rule nobody wrote. Requirements intelligence is the structured, multi-expert discovery that produces those answers on purpose, so the governance brief exists before the launch review instead of getting reverse-engineered after the first incident.

Same model. Two outcomes. The difference is upstream. STALLED IN "ALMOST READY" ✗  What may it decide alone? ✗  Who signs off on its actions? ✗  What does "done" mean? ✗  What does "safe" mean? Pilot, month 8 SHIPPED TO PRODUCTION ✓  Decision rights defined ✓  Accountability assigned ✓  "Done" is specified and measurable ✓  Risk controls and kill switch set Live, governed
The gate between pilot and production is not technical. It is a set of requirements the agent can be held to.
From the field

DBS Bank in Singapore is the cleanest example of governance going first and deployment following. By early 2026 it was running more than 1,500 artificial intelligence models in production, all of them passing through a single governance framework the bank calls PURE: every use case has to be Purposeful, Unsurprising, Respectful, and Explainable before it goes live (DBS Bank, Agentic AI is here: are we ready to govern it?).

PURE is not a slogan. It is a set of questions answered before a model ships, backed by a Responsible AI Committee, a tiered risk model with a materiality assessment, an AI registry, and, for higher-risk use cases, real-time monitoring with automated kill switches. When DBS turned toward agentic AI, it did not start from zero. It extended the same governance substrate, which is why it describes that foundation as the firm footing for deploying agents safely (Computer Weekly, DBS rewires operating models for the AI reasoning era).

That is the whole thesis in one institution. DBS is on the 17% side of the line not because it had better models, but because it had answered, in writing and years in advance, what each system was allowed to do and who stood behind it. The governance was the requirement. The requirement was the readiness.

How is a stalled launch different from a cancelled project?

One never starts. The other gets killed. It is worth keeping them distinct, because they look similar from a distance and they are not the same failure. A cancelled project got funded, launched, and then shut down for cost, fuzzy value, or weak controls. Gartner predicts more than 40% of agentic AI projects meet that end by the close of 2027, and we walked through why in why 40% of agentic AI projects will be cancelled. That is a story about programs that crossed the start line and could not prove they should keep running.

The 17% number is a story about the start line itself. These pilots never cross it. They do not get cancelled in a board meeting; they just quietly never go live, accumulating in that purgatory of "almost ready" where the model works and the launch never comes. Different timing, same root. One organization discovers its requirements were ungoverned after launch, when the value will not materialize. The other discovers it before launch, when no one can sign the gate. Fix the requirements upstream and you move the needle on both numbers at once, because you are treating the thing that was poisoning each of them.

How does this connect to the August 2 EU AI Act deadline?

The deadline turns readiness into law. August 2, 2026 is a live enforcement date under the EU AI Act, with obligations for general-purpose AI beginning then and governance, logging, and human-oversight duties attaching to systems classed as high-risk. As of late June, that is about five weeks away. A provisional Digital Omnibus agreement reached on May 7, 2026 would defer some high-risk obligations to December 2027, but it has not been formally adopted, so the August date remains legally active and the general-purpose duties begin regardless. We tracked the moving pieces in the EU AI Act compliance guide.

Here is why that matters for the adoption gap. The artifacts a regulator will ask an organization to produce are the same artifacts that make an agent deployable in the first place. Validated inputs. Traceable decisions. Documented risk controls. A clear line of human accountability. A team that closed its readiness gap to ship an agent has, almost by accident, done most of the compliance homework. And a team that ignored the readiness gap now has two deadlines bearing down on it at once: the one its own launch review keeps failing, and the one the law just set. Governed requirements answer both. That is not a coincidence. It is the same homework, graded by two different examiners.

The gap is not the model. It is the requirements an agent can be held to.

Only 17% of organizations have deployed AI agents while more than 60% plan to, the widest intent-to-deployment gap of 2026. That 43-point spread is a readiness gap, and readiness is governed requirements: a clear objective, validated inputs, traceable decisions, and risk controls a reviewer can sign off on before launch.

Pilots stall because the model is ready months before those requirements are. Deloitte found only 21% of organizations have a mature agent-governance model; Cisco found only 24% can actually control agent actions with guardrails and monitoring. The teams crossing the line, like DBS Bank, answered what "done" and "safe" mean in writing first. The August 2 EU AI Act deadline makes that same homework a legal requirement, not just an operational one.

I keep coming back to that insurance pilot, because it was so ordinary. No villain, no broken model, no dramatic failure. Just a capable agent and an empty space where its requirements should have been, and eight months draining away into that space one steering review at a time. The teams on the 17% side of the line are not smarter or better funded. They did the cheap, unglamorous thing first. They decided, in writing, what the agent was allowed to do before they asked it to do anything at all.

What are the most common questions about deploying agentic AI?

Gartner's 2026 survey of more than 2,500 Chief Information Officers and technology executives found that only 17% of organizations have deployed AI agents, while more than 60% expect to within two years. That 43-point gap is the widest distance between intent and deployment Gartner has measured for any emerging technology. It is not a gap in ambition or budget. It is a readiness gap. The teams that cannot ship are usually the teams that cannot yet specify, in writing, what the agent is allowed to do and who is accountable when it acts.
Because the model works long before the requirements do. A pilot demos cleanly, then stalls at the launch gate on questions a demo never has to answer: what may this agent decide on its own, what counts as done, what counts as safe, and who signs their name under that. Deloitte's 2026 State of AI in the Enterprise found only 21% of organizations have a mature governance model for autonomous agents, even as 74% expect to use them within two years. The pilot is not blocked by the technology. It is blocked by the absence of governed requirements the agent can be held to.
Agent-ready requirements answer four questions before launch. Objective: what outcome is this agent responsible for, stated precisely enough to measure. Inputs: which data and sources are validated and in bounds. Decisions: which actions it may take autonomously, which need a human, and how each one is logged. Risk controls: what it must never do, and what stops it when it tries. An agent cannot be held to a goal nobody pinned down. Requirements intelligence produces that brief through structured, multi-expert discovery, so the governance answer exists before the launch review, not after the incident.
A cancelled project got funded, launched, and then killed for cost, unclear value, or weak controls. Gartner predicts more than 40% of agentic projects meet that fate by the end of 2027. A stalled pilot never crosses the line at all. It sits in almost-ready, burning attention rather than budget, because no one can write down what done and safe mean. The two failures share a root: ungoverned requirements. One surfaces after launch as unprovable value. The other surfaces before launch as a gate nobody can pass. Fixing the requirements upstream addresses both.
The EU AI Act sets August 2, 2026 as a live enforcement date, with obligations for general-purpose AI beginning then and governance, logging, and human-oversight duties attached to high-risk systems. A provisional Digital Omnibus agreement reached on May 7, 2026 would defer some high-risk Annex III obligations to December 2027, but it is not yet formally adopted, so August 2, 2026 remains the legally active date. The same artifacts that make an agent deployable, validated inputs, traceable decisions, and documented risk controls, are the artifacts a regulator asks for. Readiness and compliance are the same homework.

Related reading

Why 40% of Agentic AI Projects Will Be Cancelled by 2027

The flip side of the adoption gap: what happens to the agentic programs that do launch, and why ungoverned requirements get them killed after the fact.

AI Governance for Requirements

Why your audit trail starts at the requirements layer, and how traceable decisions turn an ungovernable agent into a deployable one.
Nicolas Payette, CEO and Founder of Specira AI
Nicolas Payette
CEO and Founder, Specira AI

Nicolas Payette has spent 25 years in enterprise software delivery, leading digital transformations at companies like Technology Evaluation Centers and Optimal Solutions. He founded Specira AI to solve the root cause of project failure: unclear requirements, not slow code.