The Paradox of `Unforgiving Agents`: How One Databricks Tech Lead Raises the AI Trust Floor With Embedded Governance

Encoding rules directly into data infrastructure is fast becoming a practical engineering requirement, not a policy aspiration. With 80 percent of Fortune 500 companies actively using AI agents, many data teams are hitting the natural limits of manual governance workflows. Human employees can adjust when reports are delayed or dashboards look off. They pause, ask questions, and find a workaround. AI agents do none of this. If they receive incomplete or inaccurate data, they ingest it and execute anyway, generating confident answers that do not align with business expectations. Thus, even as governance programs expand, trust in enterprise data continues to decline, exposing a widening gap between policy on paper and enforcement in production.

Enter Sandipan Bhaumik (Sandi) a Data and AI Technical Lead at Databricks, where he helps financial institutions connect data and AI strategy to measurable business outcomes. With 18 years of experience architecting data platforms at Amazon Web Services, Telstra, and the NHS, Sandi has led governance and compliance work across heavily regulated industries. He is also the founder of agentbuild.ai, an educational community where he writes a newsletter on agentic AI development. For Sandi, enterprise governance has long relied on a simple assumption: that whoever consumes the data will know when something is wrong.

"Humans will probably forgive you if you have the wrong data, or if data didn't arrive on time. Agents will not," says Sandi. "They will either confidently tell you the wrong thing or do something that will be detrimental for the business." The implication extends beyond data quality. If autonomous systems are executing tasks without human judgment as a safety net, governance can no longer rely on people catching errors after the fact.

When employees encounter delayed reporting or inaccurate dashboards, they often resort to workarounds, asking colleagues for exports, emailing spreadsheets, or trading files over Slack. The resulting "garbage in, garbage out" reality steadily erodes trust in centralized systems, and a broader lack of data trust remains a primary barrier as enterprises scale intelligent systems. The challenge is redesigning those systems so people do not need to resort to workarounds in the first place, particularly around data access, where governance teams are often perceived as gatekeepers rather than enablers.

• Death by documentation: Sandi traces the core friction to human nature itself. "Humans don't like boring work, and following governance is really boring. You cannot really tame a human being to follow policies that are written on documents. The only way you can do this is by embedding a lot of policies within the architecture itself," he explains. "When it is within the architecture, you are not actually forcing a human to follow it. It's how the system actually works." Rather than expecting compliance through documentation, the argument is for governance that operates as an inherent property of the system.

• Skipping the velvet rope: To reduce these bottlenecks, some organizations are building the semantic and governance layers required to codify security models directly into automated data catalogs. "Cataloging data and giving users access to discover it can all be programmatically delivered. When you do it programmatically, there is no question of a user accessing the wrong dataset," Sandi notes. "There's no question of a user waiting two weeks to get access because they can now go and find the data they need." The approach replaces manual access approval with a system where users discover metadata, request permissions, and receive access through automated workflows.

Programmatic execution changes more than the technology. It reshapes who is accountable for what. Large organizations typically rely on a federated model where central councils set the rules and localized data stewards manage day-to-day access. With embedded policy and performance guarantees applied at the dataset level, governance becomes a measurable discipline with demonstrable ROI. But embedded controls only hold if the data flowing through them meets a clear quality standard, and the reality of autonomous agents is pushing enterprises toward stricter, zero-trust governance strategies to guarantee exactly that.

• Councils and stewards: "In larger organizations, you would have a central governance function represented by a team with leaders, but it would also bring representatives from business units where they use data. There will be ownership within the business units when it comes to the quality of data, the structure of data that they produce, and the frequency at which they produce," Sandi explains. "They will have data stewards who are assigned responsibilities to own the day-to-day management of the data, and they will represent in the central council." The model distributes accountability across the organization rather than concentrating it in a single team.

Distributing accountability and securing the data pipeline is necessary but not sufficient for enterprise AI readiness. Once high-quality data is flowing securely, businesses often find they require a transparent method to monitor how autonomous agents interpret and act upon it. Sandi summarizes the foundational prerequisites for trustworthy AI as a strict triad of time (freshness), access, and security, aligning with global guidance on enterprise readiness.

• The trust floor: When AI systems behave in unexpected ways, engineers and auditors need a way to check the math. In Sandi's view, trustworthy data governance rests on three foundational requirements: the right data must reach the right consumer at the right time, access controls must be programmatic and auditable, and security must be verified before any system reaches production. "The trust only comes from thinking about these three pillars: time, access, and the right security. Everything, you have to work backwards from that," he emphasizes. "It falls apart if you don't follow these three factors within data governance."

• Keeping the receipts: When governance enforces the rules, observability captures the evidence of how AI applied them. Sandi points to a retail chatbot denying a customer refund: legal and audit teams need to see the agent's reasoning logs, which policies it queried, and whether it verified the user's transaction history. Without that transparency, organizations struggle to extract value from enterprise AI deployments. "Without observability, you cannot really productionize AI systems because it's a massive risk to the business," he says. "What observability does is make black-box AI transparent so that businesses can resolve disputes."

The excitement surrounding intelligent agents is real, but Sandi sees a consistent gap: organizations attempt to scale AI applications before fully assessing whether their data infrastructures can support autonomous workloads. Before launching enterprise-scale deployments, leaders need to evaluate whether current data products can reliably serve agent queries, whether programmatic governance is in place, and whether observability tooling can surface problems before they compound.

"You can run some experiments with AI or do some small projects, but when you go to enterprise scale, assess whether you are actually ready in terms of your data infrastructure and building data products, so that agents can query them without failure," he says.

The views and opinions expressed are those of Sandipan Bhaumik and do not represent the official policy or position of any organization.