The Empty Quadrant
On the missing layer of enterprise AI, and why nobody seems to be building it.
I’ve been spending most of my time recently talking to security leaders about AI agents, and the same conversation keeps happening.
We talk for thirty minutes about their AI strategy. Models, vendors, copilots, pilot programs, the whole roadmap. Then I ask one question — “if one of these agents did something your policy forbids, would you know before it happened, or after?” — and the conversation changes.
The honest answer, from almost everyone, is “after.”
The interesting part is what comes next. Once you say the quiet part out loud, the rest of the conversation gets sharper. They start naming specific worries. The agent that has CRM write access because it needed read access and the permission grant was too coarse. The customer-service bot that nobody’s entirely sure won’t promise something on regulated topics. The internal copilot that someone added to a Slack channel six months ago and nobody’s audited since. They know they have a governance problem. They don’t have a vocabulary for it yet, and they don’t have a place on the org chart for the person who owns it.
This is what infrastructure gaps look like before they have names.
A Diagram I Keep Coming Back To
Here’s how I’ve started drawing the problem when people ask:
Six layers, from the humans at the top down through agents, governance, execution, enterprise systems, and infrastructure. Four engines inside the governance layer — discover what’s running, translate policies into rules, govern actions in real time, prove compliance continuously. A flow strip at the bottom showing what runtime governance actually does: intercept, evaluate, enforce, audit.
The column on the right is the one I want you to look at.
Every layer in this diagram has incumbents. Discovery has Wiz and Palo Alto and the hyperscalers. Translation has IBM and Microsoft. Compliance reporting has Vanta and Drata. The infrastructure foundation has all the names you’d expect — AWS, Azure, Okta, Cloudflare.
The governance layer — the one that decides, in real time, whether an autonomous agent is allowed to do what it’s about to do — has nobody.
This is not because nobody’s looked. The category is conspicuously empty. And the reason it’s empty is the thing I’ve been wanting to write about.
The Vocabulary Problem
Part of what’s slowing this category down is that we don’t have a shared word for it yet.
The closest existing term is “AI governance,” which is doing too much work. It refers, depending on who’s saying it, to model evaluation, bias auditing, policy frameworks, GRC reporting, observability dashboards, content moderation, and the EU AI Act. Some of those things happen before an agent acts. Most happen after. A few don’t really happen at all, in the sense of producing enforceable outcomes — they happen in documents.
Security architects already have a perfectly good word for what I’m describing: a Policy Decision Point, the PDP/PEP pattern from XACML that OPA and Cedar formalized for cloud-native systems. The pattern is twenty years old. The application to autonomous agents is new. The novelty isn’t the architecture; it’s the recognition that the systems we’re now deploying — reasoning systems with tool access — need to be governed at the same architectural layer where we govern microservices and Kubernetes admission, not at the layer where we generate audit reports.
This is a small terminological point with a big consequence. As long as runtime governance and observability are both called “AI governance,” CISOs will treat them as substitutes when they’re actually complements. As long as runtime governance and GRC reporting are both called “compliance,” the people writing the policies and the people enforcing them will keep working in separate tools that don’t speak to each other.
A category that doesn’t have its own word gets absorbed by the adjacent categories that do. I think that’s part of what’s happened here.
Why The Adjacent Players Won’t Fill The Gap
I get asked some version of this question every week: won’t OpenAI or Anthropic or Microsoft just ship this? Won’t Wiz or Palo Alto extend into it? Won’t Vanta add an enforcement module?
Each of these is structurally unlikely, for different reasons, and the reasons are worth understanding because they’re the same reasons the quadrant has stayed empty.
Model vendors won’t own it because enterprises run multiple models and won’t accept four governance consoles. This is the Okta argument applied to agents. Identity governance had to be vendor-neutral to be useful, and runtime AI governance has the same structural requirement.
Security vendors won’t own it because the policy semantics aren’t security semantics. “Don’t let this agent issue a refund above $500 without human approval” is not a firewall rule, an EDR signature, or a SIEM correlation. It’s a business rule that has to be enforced at the agent’s tool-call layer, in single-digit milliseconds, with a policy language that understands what the agent is trying to do rather than just what packets it’s sending.
GRC vendors won’t own it because the speed requirement breaks their architecture. The Vanta and Drata category produces excellent audit artifacts on a daily or weekly cadence. They are not built to make a permit/deny decision while an agent is mid-execution, and retrofitting that into their data model would require rebuilding the product.
The empty quadrant isn’t unclaimed because nobody’s noticed. It’s unclaimed because filling it requires building something that doesn’t look like any of the adjacent categories.
What I Think Is Coming
A few predictions, for the record, that I’ll revisit in future posts as the category develops.
I think the runtime governance category will get its own name within twelve months, and once it does, the conversation will move quickly. Naming a thing tends to do that.
I think the first wave of serious adoption will come from regulated industries that have already lived through one chatbot-related lawsuit — insurance, financial services, healthcare — where the compliance function has enough organizational weight to require enforcement before the engineering function ships the agent. Moffatt v. Air Canada in 2024 was a small claims judgment, but it established the principle that companies are responsible for what their agents say. The next ten cases will be larger. Some of them will involve actions, not just statements.
I think the second wave will come from incidents that look like the Replit database deletion in July 2025, scaled up. An AI coding agent that deletes a database during a code freeze is bad. An AI agent with production access to a system of record at a larger company, doing something similar, becomes a board-level event. The board-level events change procurement faster than thought leadership does.
I think the platform shift in AI infrastructure over the next three years will be that the runtime governance layer becomes assumed — the way TLS, SSO, and RBAC became assumed in previous waves — and nobody will quite remember a time when it wasn’t there. We’re early in that shift. Most enterprises haven’t even said the words “runtime governance” yet, let alone written budget for it.
And I think the companies that get this right will look more like Okta and Cloudflare in their go-to-market than like the AI observability vendors that are dominating the conversation right now. They will be horizontal infrastructure plays sitting in the request path, sold to security and platform teams, with developer-first integration motions and enterprise-grade compliance posture. The AI observability category will continue to do well, but it will be a complement to runtime governance, not a substitute for it.
I’ll be wrong about some of these. The interesting question is which.
Why I’m Writing About This
A note on what this newsletter is going to be about.
I’m Fed Alcius. I spent fifteen years working in urban planning and regulatory compliance before moving into tech, and a lot of what shapes how I think about AI governance comes from that earlier work. Building inspectors don’t write reports about collapsed buildings — they show up before the concrete cures. That’s a strange sentence to find at the top of an essay about AI infrastructure, but it’s the part that keeps connecting for me. Most of what we currently call AI governance is the report. The interesting work, and the work I’m trying to do, is the part that happens before the concrete cures.
I’m the founder of Rends.ai, which is one answer to the empty-quadrant problem I described above. I’ll talk about Rends in this newsletter when it’s relevant, but I’m not going to make it the subject — there are enough founder newsletters that are thinly disguised company blogs and I don’t want to add to the pile. The subject here is the broader shift: what happens when autonomous systems become enterprise infrastructure, what the missing pieces look like, and what we should be building.
Next week I want to dig into the translate layer specifically. Most of the policy-as-code conversation happening right now is wrong, or at least incomplete, and I think there’s a worthwhile essay in untangling why. The week after that, probably something on the new shape of the security org chart — which roles exist already, which ones don’t yet, and which ones I think will exist by this time next year.
If any of that sounds interesting, subscribe. If you’re working on adjacent problems and want to compare notes, send me a note. The conversations I’ve been having with security leaders and AI infra builders over the last several months have been the most generative ones I’ve had in years, and I’d like to keep having them.
We’re in the early innings of something. Worth paying attention.
— Fed