Agentic AI Controls Monitoring: What It Can and Can't Do

Traditional compliance programmes test controls quarterly at best; many controls are tested annually. Between those tests, a control can fail, through configuration drift, an access policy exception, or a log collection gap, and no one knows until the next scheduled check. By then, the failure may have persisted for months, creating both a compliance gap and an audit finding. The FCA issued £15.7M in regulatory fines in Q1 2026 alone; undetected control failures are the kind of systemic weakness that turns a compliance lapse into an enforcement record.

Continuous controls monitoring changes the testing cadence from periodic to real time. Controls are tested continuously against their defined evidence state, and failures are flagged as they occur rather than at the next review cycle. For frameworks with explicit monitoring obligations, CCM has moved from best practice to regulatory expectation. DORA Article 10 (EU Regulation 2022/2554), in force from 17 January 2025, requires automated detection of ICT anomalies and incidents.

ISO 27001:2022 Clause 9.1 requires monitoring and measurement of information security performance as a mandatory element of the ISMS. Both frameworks embed ongoing monitoring as a mandatory operational baseline.

Agentic AI fits CCM well because the work is structured. At the detection layer, the task is pattern-matching: does the control evidence match the expected state? At the response layer, the task is workflow execution: who owns this control, what severity does this failure represent, who needs to know? Both layers are well-suited to automation, and compliance teams with agentic CCM deployed report 40% faster decision-making, with pre-classified failures arriving at the right person with full context already attached.

The judgement layer sits above both: deciding whether a failure represents a material risk that changes the organisation's compliance posture, whether an exception is acceptable given the full business context, and whether the aggregate control state means what it appears to mean. That layer requires a person, and the regulatory frameworks are explicit about where.

Monitors Control Evidence Feeds

The agent connects to the systems that generate control evidence: cloud infrastructure APIs (AWS Config, Azure Policy, GCP Security Command Center), identity providers (Active Directory, Okta), SIEM platforms, endpoint management tools, and configuration management databases. It polls these sources continuously or on a defined frequency and compares the current state against the expected control state.

The expected state is defined in the control library: a configuration rule (MFA enforced for all privileged accounts), an access policy (admin rights restricted to the approved list), a log collection requirement (all production systems forwarding to SIEM within a 15-minute maximum gap). Any deviation from the expected state is a control event.

Detects Failures and Classifies Severity

Not every control event is a control failure, and not every failure has the same risk weight. The agent classifies events by severity based on the control's assigned risk rating, the nature of the deviation, and the regulatory framework the control belongs to. A configuration drift on a non-critical development system is a different severity class from the same drift on a production system handling customer payment data.

Severity classification drives the downstream workflow. A critical severity failure, for example a logging gap on a system that must generate evidence for DORA Article 10 ICT incident detection, triggers immediate escalation. A low-severity failure, such as a cosmetic policy exception on a non-regulated internal system, is logged and assigned to the control owner for resolution within a defined window. The classification decision, made at the point of detection, is what determines whether the compliance team is managing a crisis or working through a maintenance queue.

Auto-Assigns Remediation Tasks

When a failure is classified, the agent creates a remediation task in the GRC platform, assigns it to the documented control owner, sets a resolution deadline based on severity class, and sends a notification. The control owner receives a task with the failure description, the expected control state, the current state, the severity rating, and the regulatory framework or clause the control maps to.

This removes the manual triage step that sits between detection and assignment in most compliance functions. SureCloud's workflow automation handles task creation and routing through the Gracie AI CCM Persona automatically, with the control owner receiving a structured task with full context attached. The time between failure detection and remediation assignment, previously measured in days in manual programmes, compresses to minutes.

Triggers Escalation Workflows

If a remediation task is not acknowledged within a defined period, or if a failure persists beyond the resolution deadline, the agent escalates. Escalation routes are configured by severity: a critical failure that is unacknowledged after two hours might escalate to the CISO and the risk committee secretariat. A standard failure unresolved after five business days might escalate to the control owner's line manager.

Escalation logic can also be triggered by pattern recognition: the same control failing repeatedly within a short window, or multiple controls within the same domain failing simultaneously, may indicate a systemic issue rather than an isolated exception. The agent flags this pattern for review even if each individual failure would not trigger escalation on its own. Pattern escalation is what separates a monitoring system from a risk management system.

Updates Risk Posture in Real Time

SureCloud's Continuous Controls Monitoring maintains a live risk posture dashboard that reflects where controls stand today, updated continuously as failures are detected and remediated. A compliance leader can see at any point which controls are in a failed state, what the trend looks like over the past period, and which framework requirements are currently at risk.

This real-time visibility is the operational return on continuous monitoring. SureCloud customers report 50-65% reductions in manual evidence collection once automated feeds replace the manual gathering that consumed most of the compliance team's pre-audit week. The compliance programme reflects actual current control performance, which changes the conversation with auditors from 'here is what we found at the last review' to 'here is the state of controls as of this morning.'

Some of these boundaries are permanent: they reflect accountability structures in financial services regulation built around individual named responsibility. Others are current technical limits that CCM vendors are actively working to extend. Knowing which is which shapes what you automate and what you staff.

Regulatory Attestations Require Human Sign-Off

Regulated firms regularly produce attestations: signed declarations that controls are operating effectively, submitted to auditors, regulators, or boards. The FCA's Senior Managers and Certification Regime (SMCR) places personal liability on named senior managers for compliance outcomes. The EBA's guidelines on internal governance (EBA/GL/2021/05) require management body members to take responsibility for ICT risk management decisions. SOC 2 reports require a management assertion signed by the service organisation.

An agentic CCM system can prepare the documentation, pull the evidence, and produce a draft attestation. It cannot sign it. What the system produces is a data pull against configured thresholds; what the attestation certifies is that a named individual has reviewed the evidence, applied professional judgement, and accepts personal accountability for the declaration. SMCR creates personal liability, and personal liability requires a person.

Material Exception Decisions Require Judgement

When a control fails and an exception is requested, for example a business unit needing a temporary deviation from an access control policy, the decision to accept that exception involves risk judgement. The agent presents the exception request with the relevant context: which control, which framework, the risk rating, the last test history. The unrecorded business rationale lives outside the GRC platform: the commercial reason the deviation is necessary, or the pattern of similar requests that signals a systemic policy problem rather than an isolated case. Those judgements require a qualified human with full organisational context.

Certified Compliance Status Requires Professional Determination

CCM tells you whether individual controls are passing or failing. Whether the aggregate state satisfies the overall framework requirement is a different question. Compliance frameworks use terms like 'adequate,' 'appropriate,' and 'proportionate': judgement terms measured against configured thresholds, where the threshold-setting itself requires professional interpretation. Whether those thresholds are right for this organisation's risk profile, sector, and maturity requires a qualified professional, and for certification standards, an accredited external auditor.

Novel Control Failure Patterns Need Human Interpretation

An agentic system detects deviations from an expected state and can flag pattern anomalies. What it can tell you is that a failure falls outside configured patterns; what that means requires a human to determine. When a control fails in a way that sits outside any configured severity rule, the agent routes it for human review. Systems with a gap in this escalation path create a specific risk: novel failures receive a default classification and bypass the human review they need.

The table below maps each CCM capability against what an agentic system handles and where human involvement is required.

DORA Article 10: Automated Anomaly Detection Is Now a Legal Requirement

DORA Article 10 requires in-scope financial entities to implement automated tools to enable rapid detection of anomalous activities, including ICT security incidents, and to identify potential single points of failure. An agentic CCM system directly satisfies this requirement at the detection layer. The system must be configured to cover ICT systems in scope of DORA, which under Article 3 includes all systems critical to the provision of the financial service.

The key implementation question for DORA Article 10 is coverage: which systems are connected to the monitoring agent, and which are excluded. A gap in coverage at the system level is a gap in regulatory compliance. Organisations should document their CCM scope and the rationale for any exclusions as part of the ICT risk management framework required under DORA Article 5.

ISO 27001:2022 Clause 9.1: Continuous Measurement as a Mandatory ISMS Requirement

ISO 27001:2022 Clause 9.1 requires organisations to determine what needs to be monitored and measured, the methods for analysis and evaluation, and when results shall be analysed and evaluated. An agentic CCM programme operationalises this clause directly: it defines the monitoring scope, implements continuous measurement, and produces evaluable outputs on control performance.

The Clause 9.1 requirement to retain documented information as evidence of results is satisfied by the audit trail the CCM system maintains. Each control test, failure detection, task assignment, and remediation closure is timestamped and linked to the relevant control, creating a continuous evidence record rather than a periodic snapshot.

NIS2 Article 21: Incident and Continuity Controls Under Live Monitoring

NIS2 Article 23 requires in-scope entities to issue an early warning within 24 hours of becoming aware of a significant incident. If a detection control is silently failing between periodic tests, an organisation may miss the reporting window. CCM removes that exposure by monitoring incident detection and reporting controls continuously.

NIS2 Article 21(2)(b) includes incident handling as a mandatory security measure, and Article 21(2)(e) includes business continuity and crisis management. An agentic CCM system that detects failures in incident management controls and business continuity controls in real time satisfies both sub-clauses operationally.