## Sources

1. [Principal Drift](https://www.oreilly.com/radar/principal-drift/)

---

### Principal Drift – O’Reilly (by Shreshta Shyamsundar)

**Main Arguments**
*   While modern enterprise agent architectures are technically impressive, featuring components like MCP gateways and tool registries, they often fail to identify who the agents are, whose authority they carry, and who is accountable for their errors [1].
*   The core issue is **principal drift**, which is the gradual decoupling in large agent systems between the intended human authority and the actual actor taking action [2].
*   This drift leads to a destructive cascade: **identity collapses** (actions are recorded under generic service principals), **authority erodes** (policies are not formally enforced or updated), and **accountability dissolves** (post-incident reviews cannot pinpoint responsibility) [2].
*   Traditional **Identity and Access Management (IAM)** and governance tools are insufficient because they were built for human timescales and cannot represent the complex, session-based delegation chains of agents [3].
*   Current vendor solutions, such as Microsoft’s Entra Agent ID, act as control planes for access but lack the depth required for a true **governance plane** that can explain agent decisions [4].

**Key Takeaways**
*   Organizations must move beyond just tracking access attempts to capturing the **reasoning** behind agent decisions [4, 5].
*   The "reasoning-grade audit record" is described as the load-bearing primitive of a missing governance layer, acting as a detailed record of human/customer principals, retrieved context, reasoning traces, and tool calls [5].
*   Because reasoning-grade audits are expensive to store and query, they should be applied proportionally, focusing on **high-blast-radius agents** (e.g., those that move money, deploy code, or are regulator-facing) [6].
*   The author advocates for the creation of an **"agent operations" function**—a small, embedded team (four to eight people) tasked with maintaining a registry of production agents and their named human owners [7].
*   Governance is becoming a matter of compliance, as the **EU AI Act** and other regulators will soon require traceability, explainability, and named human accountability for high-risk AI [8].

**Important Details**
*   The identity collapse is illustrated by a refund agent acting as a generic service principal, losing the vital link back to the customer and the customer-service representative who initiated the task [9].
*   Authority erosion occurs when policies reside in prompts or YAML files that are not treated as versioned artifacts, making it impossible to determine who approved a specific policy during an incident review [10].
*   A **reasoning-grade audit record** should include elements like the `human_principal`, `versioned_policy_ref`, `retrieved_context` chunks, and a `reasoning_trace` [5].
*   The proposed "agent operations" team should report to the **CIO or CISO** and be responsible for onboarding agents with signed policies and managing their lifecycle [7].
*   Architects can diagnose principal drift by asking three questions: Whose authority does the agent carry? Where is that authority specified/signed? Who pays when the agent makes a mistake? [11].
*   The ultimate goal is to build an institutional layer above the technical mesh that includes registries, signed policies, and clear human accountability [12].