← /Blog
PerspectiveJuly 8, 20267 min

The Enterprise Has Solved Intelligence. It Hasn't Solved Control.

Autonomous AI raises an execution question no existing tool was built to answer. Why the next layer of enterprise infrastructure is a sovereign, vendor-neutral control plane — and why it must be owned by the organizations it governs.

By Weynand Kuijpers — Co-founder & CTO, Skipr

The Enterprise Has Solved Intelligence. It Hasn't Solved Control.

A manifesto on why autonomous AI requires a new layer of infrastructure — and why that layer must be sovereign.

Enterprises can now deploy intelligence almost instantly. They still struggle to deploy it with confidence.

That gap — between what AI can do and what organizations can safely allow it to do — is becoming the defining infrastructure problem of this decade. It will not be solved by better models. It will be solved by a new control layer.

Every technological shift creates a coordination problem

The pattern is consistent.

Cloud computing created a resource-coordination problem. The answer was cloud orchestration.

Containers created a scheduling and lifecycle problem. The answer was Kubernetes — a control plane that did not make containers smarter, but made them governable at scale.

Identity dissolved the network perimeter. When cloud and mobile ended the era of the trusted internal network, identity became the new control plane, and Zero Trust became the operating doctrine.

Autonomous AI is creating a problem of the same shape. But it is not the same problem.

AI scales differently from software

Software executes instructions.

AI makes decisions.

That distinction changes everything about how it must be governed.

Every security architecture in production today — IAM, PAM, Zero Trust, SIEM — was built to answer one question: is this known actor allowed to access this resource? It is an access question, asked about deterministic systems, where the same input produces the same output, and where the actor is a human or a piece of software behaving like one.

Autonomous agents break each of those assumptions.

  • They are non-deterministic: the same input can produce different actions.
  • They are ephemeral: created and destroyed thousands of times per day, faster than any identity lifecycle process was designed to handle.
  • They delegate: agents orchestrate other agents, so a single weakly-governed permission can cascade across systems no human ever approved.

And they already outnumber us. Machine identities exceed human identities by 82 to 1 in the average enterprise, and Gartner projects the average Fortune 500 company will operate more than 150,000 agents by 2028 — up from fewer than fifteen in 2025. Most organizations concede they lack identity security controls for AI at all.

The question enterprises now face is not an access question. It is an execution question:

Should this reasoning, acting, non-deterministic system be permitted to execute this decision — right now, provably, within boundaries the organization actually controls?

No layer of the current stack was designed to answer it.

Policy-aware execution

We call the capability that answers it policy-aware execution: the ability to evaluate every autonomous action — by any agent, from any vendor, against any system — at the moment of execution, under policy the organization defines, with evidence the organization retains.

Policy-aware execution is not monitoring. Monitoring tells you what happened. Policy-aware execution decides what is allowed to happen.

It is not orchestration. Orchestration coordinates work. Policy-aware execution governs whether the work should occur.

And it is not a feature that can live inside any single vendor's platform — for a structural reason.

The neutrality problem

Every major platform is now building agent governance. Each of them governs its own estate.

The identity provider governs agents inside its tenant. The cloud provider governs agents that route through its runtime. The security platform inspects the traffic it can see. The reasoning platform governs decisions made inside its ontology.

Each is rational. Each is partial. An enterprise running agents across three clouds, four SaaS platforms, and a dozen frameworks has no single point where policy is enforced and evidence is produced — only a patchwork of controls, each bounded by the commercial interests of the vendor that supplies it.

A control plane that governs everything cannot belong to any of the things it governs. The layer must be neutral, or it is not a control layer at all.

The sovereignty problem

There is a second structural requirement, and it is the one most of the industry is quietly avoiding.

For governments, critical infrastructure, telecommunications operators, and regulated enterprises, it is not enough for AI governance to be effective. It must be theirs.

Sovereignty is no longer a policy preference. It is becoming a runtime requirement — written into law. The EU AI Act attaches penalties of up to three percent of global turnover to ungoverned high-risk AI in critical infrastructure. Turkey requires public institutions and critical-infrastructure operators to keep data on domestic infrastructure. The UAE has moved from voluntary guidance to mandatory cyber-resilience for critical systems. Sovereign cloud infrastructure spending will reach $80 billion in 2026, growing fastest in precisely the regions building national AI capacity: the Middle East, Africa, and Asia.

A governance layer operated from someone else's cloud, under someone else's jurisdiction, dependent on someone else's continued goodwill, does not satisfy that requirement — no matter how capable it is. If your control plane can be switched off, priced up, or subpoenaed by someone who is not you, it is their control plane. You are merely a tenant in it.

This defines the missing layer precisely. It must be:

  • Sovereign — running entirely within infrastructure the customer controls, with no operational dependency on the vendor.
  • Cross-vendor — governing any agent, from any provider, against any system.
  • Runtime — enforcing policy at the moment of execution, not auditing it afterward.

We describe the resulting architecture as a sovereign compute mesh: a fabric of governed execution that spans an organization's entire digital estate — every identity, agent, workload, and system — where policy is enforced locally, evidence is generated continuously, and nothing depends on infrastructure the organization does not own.

Govern, secure, prove

Three capabilities define the layer.

  • Govern. Every actor — human, agent, or machine — carries a verifiable identity. Every action is evaluated against policy before it executes. Autonomy is bounded by enforcement, not by documentation.
  • Secure. Access is ephemeral and scoped to the task. Privileges expire when the work ends. There is no standing access for systems that reason.
  • Prove. Every decision produces evidence: what acted, on what authority, under which policy, with what outcome. Not logs to be assembled after an incident — proof, generated as a property of execution itself.

The third verb is the one the industry has neglected. Plenty of tools observe. Few can prove. For a regulator, an auditor, or a board, the difference is everything: observation describes; proof withstands.

What this means

Autonomous AI will be adopted at the speed organizations can trust it — and trust, at scale, is not a feeling. It is infrastructure.

The organizations that solve this early will deploy autonomous systems with confidence: faster than their competitors, within the law, and on their own terms. The nations that solve it will treat sovereign AI governance the way they treat the power grid — as critical national infrastructure, operated domestically, answerable to no foreign platform.

Those that don't will discover an uncomfortable asymmetry: intelligence scales faster than governance. The models will keep improving whether or not the control layer exists. The gap only grows.

Every era of computing eventually produced its control plane. The autonomous era will produce one too.

The only open question is who it answers to.

FAQ

Frequently asked

What is a sovereign AI control plane?
A sovereign AI control plane is a layer of infrastructure that governs what autonomous AI systems are permitted to do — evaluating every action against policy at the moment of execution — while running entirely inside infrastructure the customer owns and controls, with no operational dependency on the vendor that provides it.
How is this different from AI monitoring or observability?
Monitoring describes what already happened. A control plane decides what is allowed to happen, before it happens, and enforces that decision at runtime. Observation describes; enforcement prevents.
Why does AI governance need to be \"sovereign\"?
For governments, critical infrastructure, telcos, and regulated enterprises, effective governance is not enough — it must also be under their own control and jurisdiction. A governance layer that can be switched off, repriced, or subpoenaed by an external vendor is not sovereign, regardless of how capable it is. Regulations including the EU AI Act and national data mandates are increasingly making this a legal requirement rather than a preference.
What does \"policy-aware execution\" mean?
Policy-aware execution is the ability to evaluate every autonomous action — by any agent, from any vendor, against any system — at the moment it executes, under policy the organization defines, with auditable evidence the organization retains.
sovereign AIAI control planeAI agent governancepolicy-aware executionruntime sovereigntymachine identityzero trust