The conversation that started it

A risk committee call, late 2024. A regulated buyer was eight months into an agentic deployment the engineering team had every reason to be proud of. The agent worked. It cleared the demo. It cleared the pilot. The audit committee chair asked one question.

Can we evidence, step by step, why the agent was allowed to act the way it acted last quarter.

The room went quiet. The head of risk had the AI policy. The head of engineering had the model traces. Neither document answered the question on the table. The policy described intent. The traces described output. Nothing in the stack recorded why each agent action had been permitted at the moment it ran.

That call is the one I remember. We had been hearing variants of it across regulated enterprises through 2024. Same shape every time. The governance work and the deployment work were running in two different rooms, on two different timetables, with two different vocabularies, and the supervisor's question lived in the space between them.

We did not start by saying "we should build a company." We started by saying "the stack has a layer missing." The company came after.

The architectural insight

Three of us were looking at the same problem from three different angles in 2024, and the angles converged before the company did.

I was working the market thesis. The buyer conversation across regulated enterprises kept landing on the same gap. AI procurement was being unbundled. Governance was no longer a sub-line under GRC, and observability was no longer the answer for agent behaviour. Heads of AI Risk wanted a separate budget line for the layer that sat in front of the agent action. They could describe it in procurement language before any vendor had named it.

Cyril, our COO, was working the operator and compliance angle. He had lived the audit conversation from inside regulated operations long enough to know what the supervisor actually opens the file to read after a serious incident. The AI policy on the intranet does not testify. The committee minute does not testify. The model trace records output, not justification. Cyril could draw the missing artefact on a whiteboard before there was a product to attach to it.

Manish, our CTO, was working the architectural angle. The existing tools were either policy registers running point-in-time reports or observability platforms tracing model output after the fact. Neither was built around the agent action as the unit of governance. Manish's view from the start was that the testing engine had to sit at the agent decision boundary, not at the model output boundary. That is a different system to design.

By early 2025 the three angles were one conversation. The layer that needed to exist sat in front of the agent action, not behind it. It had to test the agent against adversarial inputs continuously, not as a launch gate. It had to enforce policy at runtime, inline, in the path of the action. It had to produce a record, step by step, that a supervisor would read as evidence and not as policy. That layer was not a feature of an existing category. It was a new one.

Why agentic AI broke the old assumption

The old enterprise AI stack rested on an assumption: a human reviews every consequential decision the model contributes to. As long as that held, governance could live in the human's workflow. The policy register, the four-eyes check, the committee sign-off; all of it sat in the human path.

Agentic AI broke the assumption in 2024. Agents act. They call tools, query systems of record, write back, and spawn sub-agents that act in turn. The volume and velocity moved past anything a human reviewer can sit inside, and the consequential decisions started happening at the agent layer, not at the human layer.

That is the moment the control surface has to move with the action. PowerPoint Governance, the policy register that reads like oversight and answers none of the questions a supervisor asks, stopped being merely insufficient and started being the structural failure mode of the AI stack. Agentic Theatre became the operational symptom: agents performing oversight in production that the runtime does not actually enforce.

Article 9 of the EU AI Act is explicit that risk management has to be continuous, documented, and lifecycle-wide. Article 12 and ISO/IEC 42001:2023 land on the same point through different language: the firm has to evidence behaviour across the lifecycle, not at the launch gate.

Your governance committee meets quarterly. Your AI misbehaves in milliseconds.

The category we built

By the time we incorporated, the category was already legible. We did not have to argue for it. We had to build it.

Disseqt is an Agentic AI Governance & Compliance Platform for Enterprises. The Assurance Layer for Enterprise AI. One Window for the Full AI Assurance Lifecycle, organised around three governance verbs running on one data model.

Test & Detect. Continuous testing across the agentic stack, before deployment and after. Vulnerability detection that surfaces failure modes before regulators do. Built around the agent action, not the model output. This is the pillar Manish architected from the agent-decision boundary outward.

Protect & Enforce. Run-time protection at the inference layer. Inline policy enforcement on every agent decision. Continuous monitoring while the AI is live. This is the pillar that closes PowerPoint Governance: the policy is no longer a deck; it is enforced in the path of the action.

Prove & Comply. Automated compliance reporting mapped to EU AI Act, FCA, SEC, and ISO/IEC 42001. Audit-ready evidence with enterprise-grade auditability and explainability (SOC2, SSO/SCIM, RBAC). The artefact a supervisor reads.

Three pillars. One platform. One evidence record end-to-end across the AI Assurance Lifecycle, built for the conversation that started this in late 2024.

Why now

The reason the category landed in 2026 and not in 2022 is straightforward. The regulatory floor moved. EU supervisors started asking for evidence, not policy. The FCA extended model risk into AI territory. The SEC kept asking listed firms how they manage AI risk inside investment decisions.

At the same time, the agentic AI surface multiplied. Single-model evaluation stopped being sufficient the moment one agent's output became another's instruction. The procurement sheet at regulated enterprises caught up by mid-2026. A separate budget line for the assurance layer now sits alongside GRC and observability, not inside either.

We built Disseqt because the architecture demanded a new layer, and because the buyer's question in late 2024 had no answer in the existing stack.

Bottom Line

The Agentic AI Governance and Compliance Platform for Enterprises is the category the architecture asked for. Three co-founders saw it from three angles in 2024. Agentic AI made the gap untenable in the same year. The supervisor's question in the room where this started is the question Disseqt was built to answer.

See the platform