← Back to Insights

Beyond the Interaction Layer: Why Agentic AI Governance Requires Decision Design

Trend Micro's Agentic Governance Gateway identifies the Interaction Layer as the new control point for autonomous AI. This article argues that interaction alone is not enough. The remaining governance challenge is authority: who legitimately decides, how judgment is delegated, and where accountability ultimately resides. It introduces Decision Design as a judgment architecture for governing authority in AI-augmented organizations.


Introduction

Agentic AI has changed what software does. Systems that once produced outputs now plan, reason, decide, and act. They call APIs, read sensitive data, trigger workflows, and coordinate with other systems without a human in the path of every step. That shift breaks an assumption most enterprise controls were built on: that software executes what a human has already decided.

Trend Micro examines this shift in its research "From Anarchy to Authority: Closing the Governance Gap in Agentic AI." The paper locates the new risk surface precisely and proposes a control model for it. It is one of the clearest statements available of where AI governance for autonomous agents has to operate. It is also, read closely, an argument that stops one layer short of the question enterprises actually have to answer.

This article follows Trend Micro's reasoning to its edge and then extends it. The contribution of the Interaction Layer is real. Interaction explains where autonomous actions emerge. It does not determine whose institutional authority legitimizes those actions. That distinction becomes decisive once AI begins acting on behalf of an organization. The governance problem the Interaction Layer leaves open is authority: who decides, how far judgment is delegated, and where it must return to a human. Designing that allocation is the work this article calls Decision Design™︎.

Why Trend Micro's Argument Matters

Trend Micro's starting point is that the control point has moved. Most security programs try to extend familiar boundaries: secure the model, secure the application, secure the endpoint. Agentic AI does not stay inside any single boundary. An agent operates through iterative loops, adapts to new inputs and tool outputs, and can act beyond its original instructions. A single manipulated instruction, through prompt injection, tool misuse, or data poisoning, can cascade from initial access to data exfiltration and wider compromise.

The risk, in Trend Micro's framing, lives in how agents communicate, how decisions propagate, and how intent becomes action. It names the place where those movements occur the Interaction Layer: the communication fabric between agents, tools, models, and data, where instructions pass, context is exchanged, intent forms, and actions are triggered. Today that layer is largely ungoverned. The paper's proposed response, the Agentic Governance Gateway, governs behavior at the point where actions are created. It discovers where agents exist and what they can reach, observes how they interact, works to understand the intent and context behind those interactions, detects deviation, enforces policy, and introduces human approval at critical decision points. Its operational guidance is consistent: apply least-privilege and least-agency by default, treat agent tools, skills, and extensions as supply-chain risks, and monitor interaction flows rather than endpoints.

This is a strong contribution to agentic governance because it relocates control to where autonomous behavior is actually decided. It also converges with public policy. Japan's AI Guidelines for Business Ver1.2, issued by the Ministry of Internal Affairs and Communications and the Ministry of Economy, Trade and Industry, define an AI agent as a system that senses its environment and acts autonomously to achieve a goal, and they ask organizations deploying such agents to establish mechanisms that ensure meaningful human judgment, citing risks including unintended behavior and privacy impacts. A private security vendor and a national guideline arrive independently at the same instruction: place a point of human judgment inside the flow of autonomous action.

Interaction Is Not the Final Governance Problem

Agreement on where to intervene is not agreement on how governance resolves. The Interaction Layer tells an organization where an agent's behavior can be seen and stopped. It does not tell the organization who is answerable when the behavior is allowed to proceed.

Consider the Agentic Governance Gateway's most consequential capability: introducing human approval at critical decision points. Placing an approval point is a design act about location. It answers where a decision surfaces. It does not answer who holds the authority to make that decision, or what that person is accountable for once they click approve. Those are separate design problems, and the Interaction Layer does not close them.

Japan's guideline is candid about a related limit. It notes that while explainability matters for auditing an agent's autonomous judgment, the justifications a large language model produces are plausible-sounding outputs rather than an account of the model's internal decision logic. Visibility into interaction, in other words, does not by itself locate accountability. An organization can observe every exchange in the Interaction Layer and still not know who owns the judgment that follows from it.

The Remaining Question: Authority

Strip the problem to its core and one question remains after every interaction control is in place: who decides. How far is judgment delegated to the agent, and at what point does it return to a human. Designing the Interaction Layer and designing authority are different activities. The first governs communication and action. The second governs legitimacy: whose decision it is, and who answers for it.

Approval does not settle this. An approval step defines a moment in a workflow; authority defines whose judgment that moment expresses and what accountability attaches to it. A gateway can route a high-impact action to a human, but the routing is empty until an organization has decided which human holds that institutional authority, which decisions they may delegate, and which they must retain. Trend Micro's Interaction Layer and Japan's human-judgment requirement both mark where a decision happens. Neither draws the line for who is accountable for it. That line is left to each organization, and in most it is left undrawn.

Drawing it deliberately, rather than letting it settle by default, is the discipline this article calls Decision Design.

Why Governance Alone Is Not Enough

Authority allocation looks as if it should already belong to an existing discipline. In practice, none of the adjacent disciplines takes it as its subject. Each occupies a different focus: Governance concerns itself with rules and oversight, DX with digital transformation, Automation with task execution, and AI Ethics with principles. Decision Design is the only one of them whose primary focus is authority allocation.

Governance establishes rules and oversight, but it does not specify which decisions a given actor is entitled to make. Digital transformation moves work into digital systems; reallocating judgment authority is not its object. Automation executes tasks and rarely asks where autonomous judgment should stop. AI Ethics states the principles a system should honor without assigning who owns each concrete decision.

Governance, DX, Automation, and AI Ethics remain essential. However, none explicitly designs institutional judgment authority. Decision Design complements these disciplines by addressing that missing architectural layer.

Decision Design™︎ as Judgment Architecture

Decision Design™︎ treats the act of judgment itself as an object of design. Its purpose is to specify, before an agent is deployed, how judgment authority is allocated across humans and autonomous systems, and to make that allocation explicit, reviewable, and accountable. Decision Design is not about improving decisions alone; it is about designing the institutional authority structure within which decisions become legitimate.

What Decision Design designs

Decision Design designs the allocation of judgment authority. It specifies which decisions an agentic AI system may make, which decisions a named human retains, and how accountability attaches to each. It converts an implicit boundary into an explicit one, so that "how far the agent is trusted" is a documented institutional choice rather than an accident of configuration.

What Decision Design is not

Decision Design is not model accuracy work. It is not interaction visibility. It is not an approval interface. It is not a statement of ethical principles. Each of those governs the location, quality, or appearance of a decision. None of them allocates the authority behind it.

What governance problem Decision Design addresses

Decision Design addresses the problem of authority left unassigned when autonomous systems begin to act. When an agent can execute, most organizations start operating before they have written down which decisions were delegated and which were retained. Decision Design takes that gap as its subject and closes it as a matter of institutional governance rather than technical configuration.

Decision Boundary™︎

The central construct of Decision Design™︎ is the Decision Boundary™︎. A Decision Boundary governs authority allocation, delegation, escalation, and override. It states which decisions fall to the agent, which delegations are permitted and under what conditions, when a decision must escalate to a human, and who may override an autonomous action after the fact. Decision Boundaries are not operational thresholds; they are institutional demarcations of legitimate authority.

A workflow routes work. A Decision Boundary™︎ allocates authority. Those are not the same thing. A threshold that sends a high-value payment to a reviewer is an operational rule; it becomes a Governance Decision Boundary only once the organization has established whose authority that review expresses and what the reviewer is accountable for. Reduce it to a workflow step and you lose exactly the part that carries accountability.

Decision Log

Decision Design also depends on a Decision Log, and a Decision Log is governance infrastructure rather than an audit trail. An audit trail records what a system did. A Decision Log preserves who held authority over each judgment, what was delegated, where escalation occurred, and how accountability moved as work passed between agents and humans. Decision Logs do not merely record outputs; they preserve accountability continuity across distributed judgment processes. In a system where judgment is distributed across multiple agents and several people, that continuity is what allows an organization to answer, after the fact, whose decision a given outcome was.

A Decision Log is, in this sense, authority memory. Without Decision Logs, authority disappears once the workflow finishes. Organizations remember what happened. They no longer know who owned the judgment.

Practical Implications

Decision Design is concrete at the point of deployment. In each case below, the design object is neither the model nor the interface; it is the boundary of legitimate authority.

Enterprise AI agents. The Decision Boundary™︎ specifies:

The Interaction Layer enforces execution. The Decision Boundary™︎ legitimizes institutional authority. This is Trend Micro's least-agency principle expressed as an authority boundary rather than a permission setting.

In hiring, sourcing, screening, and ranking can be delegated to an agent, while the decision to advance, reject, or make an exception is retained by a hiring authority who is accountable for it. The boundary keeps the rejection decision attributable.

In credit approval, routine scoring is delegated, while exceptions to limits and final declines return to a human whose authority and accountability are defined in advance.

In healthcare, triage suggestions and candidate options can be produced by an agent, while diagnosis and any invasive intervention remain human decisions. This is also where over-reliance is most dangerous. When a human rubber-stamps an agent's judgment through automation bias, human oversight becomes nominal, a risk Japan's AI Guidelines for Business Ver1.2 record directly. A Decision Boundary that narrows what the human is asked to decide keeps that oversight meaningful.

In public administration, authority is separated by amount and by irreversibility. Reversible decisions are delegated to the agent; irreversible ones are retained by an accountable official. The escalation and override rules of the Decision Boundary make that separation enforceable rather than aspirational.

Conclusion

Trend Micro's research makes a durable contribution: to govern autonomous agents, an organization has to see, control, and intervene at the Interaction Layer. That is correct, and it is where agentic governance operates. But the final design problem is not interaction. It is judgment authority. Who legitimately decides. Who may delegate. Who remains accountable. That line is the Decision Boundary™︎, and drawing it deliberately is Decision Design™︎.

An organization can control the Interaction Layer completely and still leave every approval point without an owner, because controlling interaction does not allocate authority. The next question in AI governance is not where decisions happen. It is who holds the institutional authority to make them. Governance now has to move through three layers: the Interaction Layer, where autonomous actions emerge; the Authority Layer, where legitimacy is assigned; and Judgment Architecture, where the two are designed together. That is the layer Decision Design™︎ exists to build.

Decision Design is a judgment architecture framework proposed by Ryoji Morii, founder of Insynergy Inc., for structuring authority, accountability, and decision boundaries in AI-augmented organizations.

Japanese version is available on note.

Open Japanese version →