Research · Academic & arXiv
Back to sweepResearch sweep · deep · 2025 – present
AI Dark Code — Organisational Accountability and Control
AI-generated and agent-produced code ("dark code") in enterprise settings June 2025–April 2026: organisational accountability structures, failure and adaptation of established management frameworks, technical and governance controls, observability and discoverability of agent logic, and documented outcomes from early enterprise adoption.
- financial
- frontier
- academic
- vc
- substack
Synthesised 2026-04-13
Narrative
The academic and arXiv literature from 2025–2026 reveals a field grappling with a fundamental governance discontinuity: as agentic systems begin autonomously authoring, deploying, and modifying production code, the theoretical and operational frameworks enterprises relied upon—RACI matrices, principal-agent economics, ITIL change advisory boards, model cards—all exhibit structural failures that researchers are only beginning to catalogue. The most theoretically significant work comes from two converging streams. First, management-theory papers (Humberd et al. in the Journal of Management Studies; Jarrahi et al. in California Management Review) apply agency theory to agentic AI and conclude that at the agentic stage, information asymmetry, divergent risk preferences, and goal conflict can exceed what any human-principal monitoring-and-incentive structure was designed to handle. Second, liability papers on arXiv (Xian et al., arXiv 2504.03255) demonstrate that classic legal frameworks for negligent selection and supervision map onto LLM agent deployment only imperfectly, with opacity pushing toward strict product-liability models. On the technical side, provenance and observability emerge as the critical unsolved problem: PROV-AGENT (Souza et al., IEEE e-Science 2025) and the LLM Agents for Interactive Workflow Provenance paper (arXiv 2509.13978) are the first concrete systems extending W3C PROV standards to capture prompt, response, and decision metadata in agentic pipelines—but they remain research prototypes, not enterprise-deployed standards. Governance frameworks have proliferated (the Unified Control Framework, ARGO, TRiSM-for-agents) but empirical studies consistently find an implementation gap: organisations know what governance principles are required but cannot operationalise them at agentic speed and scale. The security data is stark: Veracode's 2025 GenAI Code Security Report found 45% of AI-generated code contains vulnerabilities; agentic AI CVEs grew 255% year-over-year in 2025 per Trend Micro; and the EchoLeak exploit (CVE-2025-32711) against Microsoft Copilot in mid-2025 provided the first documented production incident directly attributable to agentic code execution without adequate governance controls. No academic consensus on a single replacement management framework has emerged; instead, the literature is converging on safety-case and model risk management analogies from aviation and financial services as the most resilient prior art.
Sources
| ID | Title | Outlet | Date | Significance |
|---|---|---|---|---|
| a1 | Inherent and Emergent Liability Issues in LLM-based Agentic Systems: A Principal-Agent Perspective | arXiv (cs.AI) | 2025-06 | Directly applies principal-agent theory to LLM agent liability, examining how classic agency problems mutate—information asymmetry, goal conflict, negligent selection—when the agent is an LLM system, providing the closest academic treatment of why traditional management frameworks break down for agentic code. |
| a2 | When AI Becomes an Agent of the Firm: Examining the Evolution of AI in Organizations Through an Agency Theory Lens | Journal of Management Studies | 2025-08 | Traces five evolutionary stages from routine to agentic AI through agency theory, arguing that at the agentic stage classical monitoring-and-incentive mechanisms face a genuine agency problem with information asymmetry and potential goal conflict exceeding human-agent norms. |
| a3 | The Unified Control Framework: Establishing a Common Foundation for Enterprise AI Governance, Risk Management and Regulatory Compliance | arXiv (cs.CY) | 2025-03 | Proposes a 42-control unified governance architecture that synthesises fragmented regulatory requirements (EU AI Act, Colorado SB, NIST AI RMF) into a single parsimonious framework, directly addressing the governance gap enterprises face when managing AI-generated artefacts across jurisdictions. |
| a4 | PROV-AGENT: Unified Provenance for Tracking AI Agent Interactions in Agentic Workflows | arXiv / IEEE e-Science 2025 | 2025-08 | Presents the first provenance model extending W3C PROV with Model Context Protocol concepts to capture prompt, response, and decision metadata in agentic workflows, directly addressing the observability and discoverability gap for agent-produced outputs. |
| a5 | From Prompt–Response to Goal-Directed Systems: The Evolution of Agentic AI Software Architecture | arXiv (cs.SE) | 2026-02 | Provides a layered reference architecture for agentic AI systems with governance-by-construction, specifying that every tool invocation must be versioned, policy-mediated, and produce a provenance trace—directly mapping to dark code observability requirements. |
| a6 | TRiSM for Agentic AI: A Review of Trust, Risk, and Security Management in LLM-based Agentic Multi-Agent Systems | arXiv (cs.AI) | 2025-06 | Systematic review of TRiSM (Trust, Risk, Security Management) applied to multi-agent LLM systems, noting that by mid-2025 over 70% of enterprise AI deployments involve multi-agent configurations, and identifying ModelOps lifecycle governance as a critical unsolved control problem. |
| a7 | An Adaptive Responsible AI Governance Framework for Decentralized Organizations (ARGO) | arXiv (cs.AI / AAAI 2025 Workshop) | 2025-10 | Reports empirical findings from deploying a flexible RAI governance framework in a globally decentralized enterprise, finding that practical implementation—tool integration into workflows and role clarity—matters more than policy articulation, and that modular resources are required for diverse operational contexts. |
| a8 | A Framework for Responsible AI Systems: Building Societal Trust through Domain Definition, Trustworthy AI Design, Auditability, Accountability, and Governance | arXiv (cs.AI) | 2026-01 | Argues that current audit practices are fragmented and underdeveloped, advocating for independent AI audit standards boards modelled on aviation safety culture, with auditability embedded as a proactive lifecycle property rather than a post-hoc check. |
| a9 | Agentic AI Systems Applied to Tasks in Financial Services: Modeling and Model Risk Management Crews | arXiv (cs.AI / q-fin) | 2025-02 | Demonstrates how financial services model risk management (MRM) frameworks—including compliance documentation checks and model replication—can be operationalised by agentic crews, offering a concrete example of established risk-based frameworks adapting to agent-produced artefacts. |
| a10 | The Agentic Regulator: Risks for AI in Finance and a Proposed Agent-based Framework for Governance | arXiv (cs.AI / q-fin) | 2025-12 | Proposes firm-level governance modules that ingest real-time telemetry from thousands of agent self-regulation modules and trigger circuit breakers when risk indicators breach tolerances, grounding governance in financial-sector SR 11-7 and Basel Principles. |
| a11 | AI and Agile Software Development: A Research Roadmap from the XP2025 Workshop | arXiv / XP 2025 Workshop | 2025-08 | Practitioner workshop findings document that over three-quarters of agile teams cite 'too many tools, unclear which to use' as a primary governance pain point, and that unclear data-handling policies and opaque GDPR compliance for AI-generated artefacts are their chief compliance worries. |
| a12 | Approaches to Responsible Governance of GenAI in Organizations | arXiv / IEEE ISTAS 2025 | 2025-09 | Drawing on industry roundtable discussions, identifies adaptable risk assessment tools and continuous monitoring as core pillars of responsible GenAI governance, providing a practitioner-grounded counterpart to purely theoretical frameworks. |
| a13 | ArGen: Auto-Regulation of Generative AI via GRPO and Policy-as-Code | arXiv (cs.AI) | 2025-09 | Introduces a policy-as-code architecture integrating OPA-style governance into RL training loops, offering a technical alternative to post-hoc XAI that directly addresses the auditability gap for agent-produced outputs by making policies explicit and machine-testable. |
| a14 | Trustworthy Orchestration Artificial Intelligence by the Ten Criteria with Control-Plane Governance | arXiv (cs.AI) | 2025-12 | Presents a ten-criteria assurance framework integrating audit and provenance integrity into a control-plane architecture for orchestrated AI, addressing the gap between AI-to-AI coordination systems and the governance of their outputs. |
| a15 | A Survey of Agentic AI and Cybersecurity: Challenges, Opportunities and Use-case Prototypes | arXiv (cs.CR) | 2026-01 | Comprehensive survey cataloguing agentic security failure modes (agent compromise, memory poisoning, multi-agent jailbreaks) and governance responses (TRiSM, blockchain logging, runtime policy checks), with emphasis on why classical SIEM monitoring is insufficient for agentic environments. |
| a16 | Agentic AI Security: Threats, Defenses, Evaluation, and Open Challenges | arXiv (cs.CR) | 2025-10 | Documents a real mid-2025 incident (EchoLeak CVE-2025-32711 against Microsoft Copilot) and reviews runtime governance tools including GuardAgent and AgentSpec, providing empirical grounding for the claim that agent-produced code creates novel production security failure modes. |
| a17 | A Safety and Security Framework for Real-World Agentic Systems | arXiv (cs.AI / NVIDIA Research) | 2025-11 | NVIDIA research paper defining trustworthiness for agentic systems as combining safety, security, and policy conformance, with empirical evaluation of risk propagation across components and an explicit treatment of non-repudiation and lack of traceable audit trails. |
| a18 | LLM-Based Multi-Agent Systems for Software Engineering: Literature Review, Vision and the Road Ahead | ACM Transactions on Software Engineering and Methodology | 2025 | Systematic literature review of LLM-based multi-agent SE systems, identifying the lack of research on agent-oriented accountability structures and noting that existing approaches emphasize human readability over governance, with implications for dark code discoverability. |
| a19 | Facilitating Trustworthy Human-Agent Collaboration in LLM-based Multi-Agent System Oriented Software Engineering | ACM FSE 2025 | 2025-07 | Proposes a RACI-based framework for allocating tasks between humans and LLM-based MAS in SE, directly tackling the accountability gap by specifying who is Responsible, Accountable, Consulted, and Informed when agents produce code artefacts. |
| a20 | The 2025 AI Agent Index: Documenting Technical and Safety Features of Deployed Agentic AI Systems | arXiv (cs.AI) | 2026-02 | Empirical index of deployed agentic systems revealing ecosystem-wide concentration on three foundation model families (GPT, Claude, Gemini), creating single points of governance failure, with systematic documentation of what safety and auditability features are and are not present in production systems. |
| a21 | The Future of Generative AI in Software Engineering: A Vision from Industry and Academia in the European GENIUS Project | arXiv / AIware 2025 (IEEE/ACM) | 2025-11 | Documents the practical impact of LLM-generated code at scale: increased code duplication, decline in refactoring, and absence of any framework for evaluating the full organisational impact of deploying GenAI in production SDLC pipelines. |
| a22 | Reconfiguring Digital Accountability: AI-Powered Innovations and Transnational Governance in a Postnational Accounting Context | arXiv (cs.CY / econ.GN) | 2025-06 | Applies Actor-Network Theory and institutional theory to examine how AI-powered innovations destabilise traditional accountability mechanisms based on control, transparency, and auditability, proposing that accountability must be reconceptualised as a relational and emergent property. |
| a23 | LLM Agents for Interactive Workflow Provenance: Reference Architecture and Evaluation Methodology | arXiv (cs.DC) | 2025-09 | Presents a reference architecture for LLM-powered provenance agents enabling natural language querying of runtime workflow lineage, evaluated across GPT-4, LLaMA, and Claude models, offering concrete tooling for making agent-generated logic discoverable and inspectable. |
| a24 | Agentic Artificial Intelligence (AI): Architectures, Taxonomies, and Evaluation of Large Language Model Agents | arXiv (cs.AI) | 2026-01 | Comprehensive taxonomy noting that enterprise deployment requires auditability (trace logs), data governance, and failure recovery—dimensions absent from general benchmarks—and that SWE-Bench Pro exposes bottlenecks like context exhaustion that directly affect dark code reliability. |
| a25 | Rethinking AI Agents: A Principal-Agent Perspective (Balancing Autonomy and Accountability in Organizations) | California Management Review | 2025-07 | Management-theory article reframing AI agent deployment through principal-agent economics, arguing that specialised multi-agent swarms resemble managing multi-disciplinary professional teams and that governance must evolve correspondingly, bridging management theory and technical practice. |