top of page

Stronger Identity,
Happier Customers.

Ready to modernize your identity infrastructure?

Let's secure your growth together.

Agentic AI: Navigating the New Frontier of Data Purpose Governance

  • Writer: Paul McKeown
    Paul McKeown
  • May 6, 2025
  • 2 min read

Updated: Sep 19, 2025

Challenges & Opportunities

As the CEO of Midships, I have the privilege of engaging with customers worldwide. While our primary discussions often revolve around Identity & Access Management, a recurring theme has emerged: the integration of Agentic AI into enterprise operations. 

At Midships, we’re exploring the potential of Agentic AI to enhance our development teams. Our clients share similar aspirations, envisioning Agentic AI not just in development but as a tool for executing dynamic queries in production environments.

However, this evolution brings forth significant concerns. Drawing parallels to the early days of GraphQL, we must ask: Could Agentic AI become a new vector for data breaches, both internal and external? How do we mitigate such risks?

Consider a legal firm employing Agentic AI to evaluate cases, accessing confidential client data. How can we ensure that the AI doesn’t inadvertently retrieve or use data beyond its intended purpose?


Purpose-Based Access Control

To address these challenges, Midships is pioneering the concept of “data rooms” accessible to Agentic AI agents. We’re developing a ComplianceAI Agent that integrates with an API gateway, acting as an intermediary between the Agentic AI and the data room. This agent will validate:

  1. Authorization – Is the Agentic AI permitted to access the data room?

  2. Intent Alignment – Is the Agent truly acting within its stated purpose?

  3. Data Aggregation Risk – Is it combining data sets that should not be linked?

  4. Behavioral Patterns – Do its historical and current requests raise red flags requiring human intervention?

  5. Purpose-Based Access Control (PBAC) – Are requests being made and evaluated not just on access rights, but on the declared and allowed purpose for data use?

By integrating PBAC into our ComplianceAI Agent, we’re addressing the growing need for data use governance, not just data access control. 


Building Trustworthy Agentic AI Systems

Agentic AI systems differ from conventional software—they are adaptive, autonomous, and may collaborate with other agents to creatively achieve their goals. This makes traditional governance approaches insufficient. Our approach includes:

  • Dynamic Policy Enforcement to account for context-aware behavior.

  • Continuous Monitoring & Auditing for real-time oversight.

  • Human-in-the-Loop Design for scenarios requiring ethical judgment.

  • Transparency & Explainability to foster auditability and trust.

  • Ethical and Purpose Alignment Frameworks to guide design and deployment.


Conclusion 

Agentic AI opens up enormous potential—but it also demands a more rigorous, intelligent approach to data governance. We believe governance should evolve alongside capability. As these systems become more powerful and more “agentic,” the question is not just “can they access the data?”—but “are they using it for what we intended?”

To learn more about how we’re building safer, purpose-aligned Agentic AI systems, visit www.midships.io or get in touch.


Writer’s Overview

Paul McKeown – Chief Technology Officer, Midships

Paul is a seasoned engineering leader with 19 years in IAM, DevOps, and continuous delivery, with a specialty in ForgeRock and secure banking platforms. He’s delivered CIAM on Kubernetes for major banks in New Zealand and Australia.

Short bio: Paul blends engineering rigor with coaching excellence, driving Midships' technical strategy and delivery risk reduction practices across markets.

Comments

bottom of page