Agentic AI adoption in the UK: the security, governance and trust challenge
Read this guest blog by Matt Holland, Head of Cyber & AI Security at Kainos, for techUK’s Tech and Innovation Focus Week 2026.
Across the UK, organisations are moving beyond AI experimentation and into the harder phase: deployment at scale. This next step is increasingly agentic. Rather than simply generating content or surfacing insights, agentic AI systems can take action, coordinate tasks, interact with enterprise tools and support more complex workflows with a greater degree of autonomy. That shift has the potential to reshape how work is carried out across both public and private sectors.
The potential changes this creates are significant. [techUK](1) describes agentic AI as a step-change in how AI is embedded into products, services and organisational workflows, with important questions to address around technical readiness, assurance, governance, workforce preparedness and ethical deployment. That framing is helpful. The prize is not just productivity in the abstract, but better outcomes in high-volume, high-complexity environments where people are managing fragmented systems, rising demand and constrained resources. But organisations will only realise that value if they treat security, identity and governance as core enablers of scale, not issues to address after deployment.
Where the biggest opportunities lie
In the public sector, the appeal is clear: agentic systems could help teams manage casework, triage requests, summarise complex records, coordinate actions across departments and reduce the administrative burden that slows service delivery.
In healthcare, there is growing interest in using AI to support patient pathway coordination, administrative automation and clinician-facing workflows, while staying realistic about the sensitivity and complexity of deployment.
In financial services, agentic AI could strengthen customer servicing, support compliance-heavy processes, improve internal knowledge access and help teams manage investigations and exceptions more efficiently.
Across retail, utilities, telecoms and other service-intensive sectors, the most immediate opportunity may be in customer operations. Agentic AI can help orchestrate service interactions, surface relevant information faster, resolve routine issues with less manual intervention and support employees handling more complex cases.
In enterprise IT and professional services, the same pattern appears in internal service management, workflow automation, knowledge work and security operations. The common thread is not replacing people with fully autonomous systems, but redesigning work so that people spend less time navigating fragmented processes and more time on judgement, escalation and higher-value decisions.
That is also why scaling responsibly is harder than piloting successfully. A controlled proof of concept can show what the technology is capable of. Scaling it across real workflows introduces a different set of questions: who owns the agent’s actions, what systems it can access, what data it can process, how decisions are reviewed, how failures are contained and how trust is maintained. This is where many organisations will discover that the real challenge is not model performance alone, but the strength of the technical, organisational and policy foundations around it.
The security and governance foundations for responsible adoption
The first foundation is technical. Identity will matter more than ever as organisations manage growing numbers of non-human actors interacting with enterprise systems. Access controls cannot simply be extended from human users to AI agents without careful thought about scope, context and revocability. Monitoring also needs to evolve. Traditional controls were not designed for systems that can initiate sequences of actions, move across tools and operate at machine speed. Organisations will need clearer visibility into what agents are doing, stronger guardrails around permitted behaviour and more confidence that autonomy remains bounded and accountable.
The second is organisational. [techUK](2) has highlighted the growing importance of responsible AI practitioners and the need for clearer role definitions, structured skills and distributed responsibility across organisations. Agentic AI will only increase that need. Responsible deployment requires cross-functional governance that brings together technology, security, legal, risk, operations and frontline teams. It also requires clearer ownership of agentic systems in life after launch: who is accountable for outcomes, who approves changes, who reviews incidents and who decides where greater autonomy is justified or not.
The third is policy and assurance. [techUK](3) recently argued that, for most organisations, AI enters through procurement rather than internal development, making buying decisions one of the most consequential control points in adoption. That is especially relevant for agentic AI. Questions about transparency, liability, data use, model behaviour, integration risk and post-deployment accountability need to be addressed earlier and more consistently. The UK’s broader regulatory direction also reinforces this need: [GOV.UK](4) continues to emphasise principles such as safety, security, transparency, accountability and redress, while the [ICO](5) has already pointed to novel data protection and governance risks linked to agentic systems. Organisations do not need to wait for perfect regulatory certainty, but they do need a more disciplined approach to assurance, oversight and deployment choices now.
The organisations that scale agentic AI most effectively are unlikely to be those moving fastest with security as a principle consideration. They will be the ones treating trust, control and governance as part of the design challenge from the outset. Across UK sectors, the opportunity is real, but so is the need for stronger foundations.
For leaders looking at what that means in practice, our executive guide, Getting Security-Ready for Agent 365, explores the security, identity and governance considerations involved in preparing for agentic AI at scale.
Author
Matt Holland
Matt Holland
Matt is Head of Cyber & AI Security at Kainos, where he helps organisations securely adopt AI and cloud technologies. He works with enterprise leaders to embed security, governance, and assurance into digital transformation ensuring innovation is both scalable and compliant. Matt brings extensive experience advising organisations on managing risk in emerging technology adoption.
Further reading:
-
techUK – Scaling responsible adoption of agentic AI [techuk.org]
-
techUK – Mapping the Responsible AI Profession: A Field in Formation [techuk.org]
-
techUK – Lessons from the AI procurement frontline: Beyond the contract and buying blind [techuk.org]
-
ICO – ICO Tech Futures: Agentic AI [ico.org.uk]
techUK - Seizing the AI Opportunity
The UK is a global leader in AI innovation, development and adoption.
AI has the potential to boost UK GDP by £550 billion by 2035, making adoption an urgent economic priority. techUK and our members are committed to working with the Government to turn the AI Opportunities Action Plan into reality. Together we can ensure the UK seizes the opportunities presented by AI technology and continues to be a world leader in AI development.
Get involved: techUK runs a busy calendar of activities including events, reports, and insights to demonstrate some of the most significant AI opportunities for the UK. Our AI Hub is where you will find details of all upcoming activity. We also send a monthly AI newsletter which you can subscribe to here.
Upcoming AI Events
Latest news and insights
Subscribe to our AI newsletter
AI and Data Analytics updates
Sign-up to our monthly newsletter to get the latest updates and opportunities from our AI and Data Analytics Programme straight to your inbox.
Contact the team
Kir Nuthi
Kir Nuthi
Kir Nuthi is the Head of AI and Data at techUK.
She holds over seven years of Government Affairs and Tech Policy experience in the US and UK. Kir previously headed up the regulatory portfolio at a UK advocacy group for tech startups and held various public affairs in US tech policy. All involved policy research and campaigns on competition, artificial intelligence, access to data, and pro-innovation regulation.
Kir has an MSc in International Public Policy from University College London and a BA in both Political Science (International Relations) and Economics from the University of California San Diego.
Outside of techUK, you are likely to find her attempting studies at art galleries, attempting an elusive headstand at yoga, mending and binding books, or chasing her dog Maya around South London's many parks.
- Email:
- [email protected]
Usman Ikhlaq
Usman Ikhlaq
Usman joined techUK in January 2024 as Programme Manager for Artificial Intelligence.
He leads techUK’s AI Adoption programme, supporting members of all sizes and sectors in adopting AI at scale. His work involves identifying barriers to adoption, exploring solutions, and helping to unlock AI’s transformative potential, particularly its benefits for people, the economy, society, and the planet. He is also committed to advancing the UK’s AI sector and ensuring the UK remains a global leader in AI by working closely with techUK members, the UK Government, regulators, and devolved and local authorities.
Since joining techUK, Usman has delivered a regular drumbeat of activity to engage members and advance techUK's AI programme. This has included two campaign weeks, the creation of the AI Adoption Hub (now the AI Hub), the AI Leader's Event Series, the Putting AI into Action webinar series and the Industrial AI sprint campaign.
Before joining techUK, Usman worked as a policy, regulatory and government/public affairs professional in the advertising sector. He has also worked in sales, marketing, and FinTech.
Usman holds an MSc from the London School of Economics and Political Science (LSE), a GDL and LLB from BPP Law School, and a BA from Queen Mary University of London.
When he isn’t working, Usman enjoys spending time with his family and friends. He also has a keen interest in running, reading and travelling.
Sue Daley OBE
Sue Daley OBE
Sue leads techUK's Technology and Innovation work. This includes work programmes on AI, Cloud, Data, Quantum, Semiconductors, Digital ID and Digital ethics as well as emerging and transformative technologies and innovation policy. In 2025, Sue was honoured with an Order of the British Empire (OBE) for services to the Technology Industry in the New Year Honours List. She has also been recognised as one of the most influential people in UK tech by Computer Weekly's UKtech50 Longlist and was inducted into the Computer Weekly Most Influential Women in UK Tech Hall of Fame.
A key influencer in driving forward the tech agenda in the UK, in December 2025 Sue was appointed to the UK Government’s Women in Tech Taskforce by the Technology Secretary of State. She also sits on the UK Government’s Smart Data Council, Satellite Applications Catapult Advisory Group, Bank of England’s AI Consortium and BSI’s Digital Strategic Advisory Group. Previously, Sue was a member of the Independent Future of Compute Review and co-chaired the National Data Strategy Forum. As well as being recognised in the UK's Big Data 100 and the Global Top 100 Data Visionaries in 2020, Sue has been shortlisted for the Milton Keynes Women Leaders Awards and has been a judge for the Loebner Prize in AI, the UK Tech 50 and annual UK Cloud Awards. She is a regular industry speaker on issues including AI ethics, data protection and cyber security.
Prior to joining techUK in January 2015, Sue was responsible for Symantec's Government Relations in the UK and Ireland. Before that, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Master’s Degree in International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel.
- Email:
- [email protected]
- Phone:
- 020 7331 2055
- Twitter:
- @ChannelSwimSue
Visit our AI Hub - the home of all our AI content:
Enquire about membership:
Authors
