Agent governance answers "who authorised this agent". It doesn't answer "is this code safe to ship"

Google Cloud Build with AI Agents
, ,
1

A framing question for this community, because I think it is the next hard problem in agentic development and I would genuinely like to hear how teams here are handling it.

Disclosure up front: I work on AI code governance at Quality Clouds, so this is the problem I think about daily. This post is not about our product — it is a framework and a set of questions I would like to pressure-test with people building on the Agent Platform.

The shift we have not fully priced in

Google’s own figure: 75% of code at Google is now AI-generated and approved by engineers, up from 50% a few months earlier. Across the wider industry, roughly 46% of code on GitHub is AI-authored. With the Gemini Enterprise Agent Platform, code generation is no longer an assistant feature. Autonomous agents now write, test, and ship code as part of multi-step workflows.

The Agent Platform governs the agent very well. Agent Identity answers “who authorised this agent”. Agent Registry answers “what is approved”. Agent Gateway and Model Armor police what the agent can reach and what flows in and out. Together they answer one question: is the agent trustworthy?

They do not answer a second, different question: is the code the agent produced trustworthy?

Agent governance is not the same as code governance

AI code governance is the discipline of verifying, recording, and enforcing standards on the code that AI systems generate — before it reaches production — independent of which agent or model produced it.

It sits at a different layer from agent governance:

  • Agent governance asks: who is this agent, what is it allowed to do, and what did it do?

  • Code governance asks: is this specific code secure, compliant, maintainable, and attributable — regardless of how it was generated?

You can have a perfectly governed agent that still ships insecure code. The identity is clean. The audit trail is clean. The code still carries an injection flaw.

Why this matters — the data

  • Veracode’s GenAI Code Security report found 45% of AI-generated code samples introduced an OWASP Top 10 vulnerability.

  • Aikido Security’s 2026 report attributes roughly one in five breaches to AI-generated code.

  • A 2026 study of 6,275 public repositories found unresolved technical debt in AI-authored code climbed past 110,000 surviving issues in about a year.

  • Multiple developer surveys put the share of engineers who review AI-generated code before committing it at under 50%.

The pattern is consistent: AI is excellent at surface quality — syntax, formatting, routine bugs — and measurably worse at deeper security and architectural soundness. Generation speed went up. The review step did not scale with it.

A simple framework — four questions for any AI-generated change

For any piece of code an agent ships, a governance layer should be able to answer four questions:

  1. Provenance — which agent or model produced this, from what prompt or task, and when?

  2. Conformance — does it meet our security, compliance, and engineering standards, checked automatically and consistently?

  3. Accountability — which human reviewed and approved it, and is there an immutable record?

  4. Maintainability — does it add technical debt the team cannot realistically own six months from now?

If you cannot answer all four, you have an agent governance story but not a code governance story.

Where this is heading

As agent fleets scale from one or two to hundreds, manual review stops being viable — there are not enough senior engineers to read everything. The governance step has to move into the pipeline itself: automated, policy-based, and applied as a gate before code merges or deploys, rather than as an audit after the fact.

Questions for the community

I would like to hear from people building on the Agent Platform:

  • How are you checking the code your agents produce before it merges — manual review, automated scanning, policy gates, something else?

  • Do you treat agent-generated code differently from human-written code in your CI pipeline?

  • Has anyone built a real audit trail linking a production change back to the agent and the prompt that produced it?

  • Where does this responsibility sit in your organisation — platform team, security, or the agent builders themselves?

Keen to compare notes.

-– Albert Franquesa, Chief of Strategy & Board Member, Quality Clouds

2

Interesting questions all! Here are my two cents:

In our shop we do still rely on quite a lot of human-led pull request reviews to guarantee human oversight of any code which moves to production. Although its also true that more and more agents are also used to do the Pull Request reviews.

From that point of view, human and AI or Agent generated code are treated exactly the same way.

Currently we are still treating the developer as the owner of the code change. So there is no effort to trace a change to a specific “Agent”. Each commit is done by an individual developer, and they are responsible for it, regardless of wether they used AI or not.

We have not yet made any organisational changes in terms of attributing responsibilities for an agent’s work. Engineering managers retain responsibility for the quality of the code their teams produce.

Maybe all of that will change once we embed coding and other agents in our workflows. Exciting times ahead!