Enterprises are racing to deploy agentic systems, and the conversation is shifting from "can we build this" to "can we trust this." Trust is not a compliance checkbox. Internally, it shows up as safe outputs, consistent answers, and controlled costs. Externally, it shows up as audit-ready evidence and satisfied customers.
That was the central theme in a recent AI Explained fireside chat between Fiddler AI CEO Krishna Gade and David Kenny, Executive Chairman of Nielsen. The discussion focused on preventing AI agents from "going rogue," but the practical conclusion was broader: the path to safe, scalable agentic systems runs through a control plane.
The Mistake that Creates “Rogue Behavior”
Most agent failures come from a familiar pattern: teams scale autonomy faster than they scale control.
Agentic systems add layers of behavior that traditional monitoring misses. Problems hide in session handoffs, agent coordination, and probabilistic tool calls, which is why a system can look "healthy" while customers experience incorrect answers, policy violations, or inconsistent outcomes.
To operate agentic systems at enterprise scale, you need runtime trust: the ability to observe, enforce, and improve behavior while the system is running. The solution to this mismatch is what David Kenny calls a control plane: a system that provides continuous visibility and enforcement across your agentic systems.
David offered a simple, practical analogy: a control plane is like "wearables inside your agents." Wearables help athletes improve because they expose what's happening in real time. Control planes do the same for agentic systems.
They provide the telemetry required to:
- Pinpoint the exact source of failure across the agentic hierarchy
- Reduce debugging time through faster root cause analysis
- Prevent harmful outcomes before they reach customers
- Keep cost and latency within bounds
Kenny's guidance on timing was equally direct: build the control plane early. Waiting until after launch slows iteration and delays production readiness. As he put it, "having the data along the way really helps. If we'd had the data a year earlier, we probably would've gotten to market faster and more effective out of the gate."
The Control Plane Blueprint: Three Pillars of Runtime Trust
That telemetry translates into three operational pillars that define what a control plane actually enforces in production: truth, safety, and economics.
Pillar 1: Truth and Consistency, Powered by Fit-for-Purpose AI
For many queries, there is one correct answer, not a creative range.
This was central to Nielsen's design: when a customer asks for a TV rating for a specific show, there's only one valid answer. The one that followed their documented measurement process. That same principle applies in finance, healthcare, compliance, and many operational workflows. When the answer is known, your system must return the same correct answer consistently.
A control plane enforces fit for purpose by instrumenting which model was used for which step, whether a deterministic answer path existed, and whether the system returned stable outputs for stable questions.
Kenny's warning matters for both quality and cost: "People who use LLMs as search engines to get a specific answer are wasting a lot of energy and a lot of costs."
A decision framework for agent workflows:
- Known answer needed: Use deterministic logic, predictive ML, or retrieval, then use an LLM only for language formatting.
- Approximation needed: Use predictive ML, calibrated uncertainty, and guardrails on acceptable bounds.
- Creative generation needed: Use an LLM, but constrain it with policies, safety checks, and evaluation.
This is compound AI in practice. It reduces hallucination risk and avoids unnecessary compute. A control plane makes this routing visible and verifiable across every session.
Pillar 2: Safety and Security, Enforced in Real Time
Where Pillar 1 ensures correctness, Pillar 2 ensures safety, and unlike correctness, safety failures cannot be caught after the fact. Post-hoc review does not protect a customer experience. If an agent produces toxic content, leaks sensitive data, follows a malicious instruction, or gets jailbroken, the damage is immediate.
The control plane must support real-time enforcement for prompt injection, toxicity, policy violations, and adversarial behavior. Guardrails play a first-line defense role, while agentic observability and analytics support deeper investigation and continuous improvement. David emphasized this point for Nielsen: "We needed to make sure agents didn't jailbreak into giving instructions that would be unacceptable to our system. There's always bad actors trying to infiltrate a system."
Pillar 3: Economics, Bounded by Cost and Latency Controls
Agentic systems can burn through budgets fast. Each interaction may trigger multiple model calls, tool invocations, and retrieval steps. Without visibility, costs scale unpredictably and latency can degrade the user experience.
A control plane provides economic guardrails by tracking cost per session, setting budget limits, monitoring latency, and surfacing inefficiencies like redundant model calls or unnecessary tool use. Kenny's warning about using LLMs as search engines applies here too: it's not just a quality issue, it's an economic one.
These three pillars work internally, helping teams build, ship, and operate reliable agentic systems. But enterprises also need to prove trustworthiness externally, to auditors, regulators, and customers. This is where Kenny’s vision for "generally accepted trust principles" (GATP) comes in.
When an agent produces an unsafe or incorrect outcome, leaders can’t simply offload responsibility onto the system. Public company executives attest to standardized definitions and controls because markets run on consistent, auditable truth. David argues AI needs an equivalent foundation, so organizations can define what trustworthy behavior means and prove it with evidence.
He drew the parallel explicitly: "The reason the stock market still works, even with all the craziness in the world, is because we have generally accepted accounting principles. We all agree what defines revenue, what defines operating expense. There are standards boards that everyone follows. In an AI world, how can you get to generally accepted trust principles?"
Designing for auditability means:
- Defining "misbehavior" in your domain across truth, safety, and economics
- Logging model routing and key decisions to demonstrate fit-for-purpose behavior
- Retaining traces that support root cause analysis across the agentic hierarchy
- Applying sampling workflows that compare outputs to trusted data sources
Your control plane captures the evidence needed to validate those standards. This is how trust becomes an operational discipline, not just a policy document — and why enterprises need purpose-built infrastructure to deliver it.
Watch the full AI Explained: How to Prevent AI Agents from Going Rogue webinar for David Kenny's perspective on runtime trust, compound AI, and what it takes to prevent agents from going rogue as you move from pilots to production.
