Runtime governance vs pre-deployment review
Pre-deployment review checks what an agent is intended to do; runtime governance bounds what it can actually do. For deterministic software, review at the gate was mostly enough. Agents drift from their reviewed behaviour with every model update, which is why review-only governance keeps being surprised.
| Dimension | Runtime governance | Pre-deployment review |
|---|---|---|
| When it acts | On every action, while the agent runs | Once, before the agent ships |
| Catches | Novel behaviour, drift, prompt injection in the wild | Design flaws, missing controls, bad scoping |
| Assumes | The agent will eventually do something unexpected | Reviewed behaviour is representative of future behaviour |
| Cost shape | Engineering up front, milliseconds per action after | Reviewer time per release |
| Failure mode | Policy gaps; alert fatigue if overdone | Approval theatre; stale by the first model update |
| Evidence produced | Continuous: every allow/deny decision logged | Point-in-time: a signed-off review document |
The verdict
Use both, but weight by autonomy. An agent that drafts text for humans to send can live with review-heavy governance. An agent that executes irreversible actions unsupervised needs runtime controls, because no review can enumerate what a non-deterministic system will do next quarter. A useful rule: review decides whether the agent may exist; runtime governance decides what it may do today.