“It Depends” Is Not an Accountability Model
Companion reading for The Verified Intelligence Briefing — reflections on Andy Baldwin’s CXOTalk conversation on AI governance, scaling, and the CIO’s new agenda.

Last week, one of the most senior executives in enterprise consulting was asked a simple question on CXOTalk: when an AI agent makes a costly mistake, who’s accountable — the vendor, the model maker, or the CIO?
Andy Baldwin’s answer was honest, thoughtful, and quietly terrifying: it depends.
He’s right. It does depend — on who built the agent, what role it plays, whether it came out of a box or out of your own dev team. Baldwin runs offerings and growth for a $21 billion consulting business; he has watched more enterprise AI deployments up close than almost anyone, and he gave the only answer the current state of the industry supports.
But sit with that answer for a minute. Because “it depends” is what every industry sounds like right before its accountability crisis.
We’ve Heard “It Depends” Before
Early electronic payments had the same answer. A fraudulent transaction cleared — who eats the loss? The bank, the merchant, the network, the cardholder? It depended. Then the losses scaled, and the industry built chargeback rules, liability shift schedules, and dispute evidence standards that converted “it depends” into “here is exactly who, under exactly these conditions, and here is the record that proves it.”
Early aviation had the same answer. A machine failed in the air — was it the manufacturer, the airline, the pilot, the weather? It depended. Then the industry built the black box, the maintenance log, the investigation regime. Not to prevent every failure, but to guarantee that after any failure, the question of responsibility had an evidentiary answer.
Early cloud had the same answer. A breach in a hosted environment — provider’s fault or customer’s? It depended, right up until pain forced the shared responsibility model into existence: a bright line, published and contractual, that told every party which side of the stack they owned.
Notice the pattern. In every case, accountability didn’t arrive by consensus, goodwill, or maturity. It arrived by instrumentation — the rules, records, and evidence layers that made responsibility legible after the fact. “It depends” is not a stable state. It is the interval between a technology’s arrival and the construction of its accountability infrastructure.
Why Agents Compress That Interval
The reason “it depends” won’t survive long in enterprise AI is arithmetic, and Baldwin supplied the numbers himself.
IBM’s research, cited during the conversation, finds that two-thirds of CIOs are accountable for AI outcomes they don’t fully control — and that major enterprises will be running close to fifteen hundred enterprise agents by the end of 2026. Fifteen hundred autonomous actors, per enterprise, each capable of the “costly mistake” in the closing question.
And Baldwin named the asymmetry that makes this dangerous rather than merely large: prototype agents can now be generated in days, literally from a description of the workflow — while embedding them into legacy systems with real security takes far longer, because that’s the part that requires thought. Generation is instant. Integration, security, and trust are slow.
That gap between how fast agents ship and how fast an institution can verify them has a name: verification debt. And like all debt, it doesn’t sit still while you decide what to do about it. Every agent deployed faster than it can be verified adds principal. Every week without an accountability answer adds interest. “It depends” is what the balance sheet sounds like before anyone has totaled the column.
What the Accountability Stack Actually Requires
If the payments industry needed chargeback rules and aviation needed black boxes, what does the agent economy need? Three layers, and the order matters.
Identity comes first. You cannot hold an agent accountable if you cannot distinguish it from every other agent in your environment — or from an agent nobody authorized at all. Accountability presumes a subject: a verified identity, a known provenance, an answer to who created it, who trained it, and who can revoke it. This is the problem AuthR exists to solve, and it is the foundation everything else stands on.
Observability comes second — and this was Baldwin’s own prescription. Asked where CIOs should start, he pointed to observability and transparency across the agent landscape: which agents, running which models, performing which tasks, for whom. He’s right that it’s the starting point. See the estate before you govern it. But observability, by itself, only tells you what’s running.
Verification is the layer above. Observability answers what happened. Verification answers who’s responsible — and how do we know. It’s the difference between a dashboard and a defensible record: whether what’s running can be trusted, proven continuously, and evidenced to a board, an auditor, or a regulator who was not in the room. The black box didn’t just observe the flight. It made the flight’s story provable.
The Forcing Function Is Already Here
If you’re waiting for market consensus to build this stack, regulated industries won’t give you the time. Baldwin described a surge of board engagement — especially in banking and insurance — with non-executive directors now demanding evidence that systems have been tested before they’re trusted. And he was direct about the regulatory trajectory: wherever agent outputs are probabilistic rather than deterministic, regulators will keep a human in the loop.
Follow that requirement to its logical end. A human in the loop is only a control if you can later prove what that human was shown, by which agent, verified how, and what they decided. Otherwise the human is not a control — the human is a scapegoat with a login. Every regulated deployment therefore needs a continuous, defensible record of the agent-human boundary. “It depends” doesn’t survive an examiner. It never has.
The Confession
Baldwin ended his CXOTalk hour by pointing at “assurance of agents” as an emerging area — how do you have confidence an agent performs consistently, provably, again and again. He named the destination, and he named it accurately. What he couldn’t say from inside a $21 billion consulting business is that the destination has a prerequisite: you have to pay down the verification debt you’re accruing right now, this quarter, with every agent that ships faster than your ability to trust it.
“It depends” was an acceptable answer in 2025. In 2026, with fifteen hundred agents on the books, it’s a confession.
The accountability stack is being built. The only question is whether your organization is building equity in it — or debt.
If you’re accountable for agents you can’t yet see — start by seeing them. Identient helps organizations gain visibility and control of their AI agents, beginning with an assessment of your agent landscape and verification debt, and a strategy to take your governance from policy, to program, to operational. Start the conversation.
Read the framework behind this essay: From Artificial to Verified Intelligence.



