Every Agent Is a SOX Risk
Here is the sentence that should be keeping finance leaders up at night: the moment an AI agent can post a journal entry, change vendor master data, or approve a transaction, it is no longer automation. It is a control. And controls get audited.
Most companies are not treating it that way yet. They're stacking agents on top of ERP the way they stacked macros on top of spreadsheets, fast and ungoverned, and they will find out the hard way that an auditor does not care whether the thing that touched the general ledger was a person or a process.
The non-human identity problem
The scale is the part people miss. In the average enterprise, non-human identities already outnumber human users by roughly 80 to 1. One large financial institution reportedly had over 4.2 million non-human identities against about 50,000 human accounts. Nearly two-thirds of organizations apply weaker controls to those identities than to their employees.
That is a segregation-of-duties failure waiting to be written up. If an agent can both create a vendor and approve a payment to it, you have a problem, and it does not matter that the agent had no intent.
Every agent that touches a financial system needs the same discipline a human user gets: a real identity, least-privilege scope, and a joiner-mover-leaver lifecycle. Provisioned when it's deployed. Re-scoped when its job changes. Revoked when it's retired.
The clock is real
By August 2026, most obligations for high-risk AI systems under the EU AI Act become enforceable: risk management, technical documentation, logging, and post-market monitoring. The SEC's cyber disclosure rules already force material incidents onto an 8-K within four business days. The regulatory environment is not waiting for enterprises to figure out agent governance.
The honest guidance for this year is unglamorous: agentic AI belongs in human-supervised roles for control work, not autonomous agent-led testing. Let agents draft, collect evidence, and reconcile. Keep a human on the sign-off until the audit trail proves itself.
The companies that win the next finance cycle won't be the ones with the most agents. They'll be the ones who can prove, on demand, exactly what every agent did and why it was allowed to. That proof is the product. Everything else is a demo waiting to fail an audit.