Agent cannot navigate organizational structure to find the right person, team, or process for issue resolution. Cannot follow work across team boundaries or identify correct escalation path.
Navigation failure occurs when an agent must route work to the correct person or team but lacks sufficient understanding of organizational structure, role definitions, team ownership, or process dependencies. The agent becomes "lost" in the organizational maze and either routes work to the wrong destination, escalates to the wrong level, or fails to route at all.
This is distinct from a technical routing problem (network unavailable). Rather, it reflects the agent's inability to navigate an implicit, complex organizational model. In organizations with specialized teams (underwriting, compliance, operations, risk management, legal), an agent managing a loan origination process may not know that a particular compliance issue should route to the "Enterprise Risk" team rather than "Credit Risk," or that a legal issue concerning contract interpretation should escalate to "Securitization Legal" rather than "General Counsel."
Organizations are typically not structured as simple decision trees. Ownership is matrix-based. Teams overlap. Authority boundaries are fuzzy. An agent trained on historical routing patterns may learn that "AML concerns route to Compliance" but not recognize that "Foreign Currency Exchange concerns with AML implications route to Treasury-Compliance Joint Team, not Compliance-only."
A regional bank deploys an agent-based loan origination system that is supposed to route credit decisions through appropriate review channels. The agent understands basic routing (loan greater than $5M routes to Credit Committee, loan less than $1M routes to Commercial Loan Officer). But the bank has a matrix structure where certain teams have specialized authority.
A $3M loan application arrives from a customer with operations in the Middle East. The Loan Origination Agent routes the decision to the standard Commercial Loan Officer for loans in the $1M-$5M range. The Loan Officer approves the loan based on credit quality.
However, because the borrower has Middle East operations, the loan should also have been routed to the "Sanctions and OFAC Compliance" team, which is not part of the standard decision tree for loans under $5M. The Sanctions team would have identified that the borrower has a subsidiary in Iran, triggering OFAC restrictions.
Six months after loan origination, regulators conduct an examination and identify the loan as a sanctions violation. The bank had the sanctions control (the Sanctions team existed and had authority), but the routing logic did not know to involve the team. The bank is cited for an "inadequate loan origination process" that failed to involve required review functions.
| Dimension | Score | Rationale |
|---|---|---|
| D - Detectability | 3 | Routing failures are observable when work arrives at wrong destination or when issues require rework. But root cause (organizational model gap) may not be obvious. |
| A - Autonomy Sensitivity | 2 | Affects autonomous routing agents more. Agents with human review of routing decisions have lower impact. |
| M - Multiplicative Potential | 3 | Affects any routed transaction. Probability depends on whether the agent's organizational model captures actual organizational complexity. |
| A - Attack Surface | 1 | Not an exploitable attack vector. Could be weaponized by deliberately crafting scenarios requiring non-obvious routing, but minimal security risk. |
| G - Governance Gap | 3 | Institutions define routing logic but often do not formalize organizational model or document multi-team dependencies. |
| E - Enterprise Impact | 2 | Operational impact is moderate (rework, delays). Compliance impact depends on whether routing failure results in missed required controls. |
| Composite DAMAGE Score | 2.9 | Moderate. Manageable with standard controls and monitoring. |
How severity changes across the agent architecture spectrum.
| Agent Type | Impact | How This Risk Manifests |
|---|---|---|
| Digital Assistant | Low | Human makes routing decisions. Navigation of organization is human function. |
| Digital Apprentice | Low | Agent routes based on learned patterns but defers to human when uncertain about routing. |
| Autonomous Agent | Medium | Agent makes independent routing decisions based on embedded organizational model. Model incompleteness creates navigation failures. |
| Delegating Agent | Medium | Agent routes to appropriate tools/APIs. If organizational tool map is incomplete, routing to wrong tool. |
| Agent Crew / Pipeline | High | Multi-agent crews require navigation of team assignments and responsibilities. Incorrect navigation results in work going to wrong agent. |
| Agent Mesh / Swarm | Critical | Peer-to-peer mesh requires agents to discover and navigate to appropriate peer agents. No centralized routing means navigation errors are likely. |
| Framework | Coverage | Citation | What It Addresses | What It Misses |
|---|---|---|---|---|
| NIST AI RMF 1.0 | Minimal | GOVERN 6.1 | Governance of AI systems. | Agent routing and organizational navigation. |
| MAS AIRG | Minimal | Governance Framework | Controls and governance. | Routing logic and organizational model requirements. |
| OCC / SR 11-7 | Partial | Third-Party Management | Third-party and vendor management. | Internal agent routing to teams/functions. |
| FDIC Business Continuity | Minimal | Continuity and process design. | Routing robustness and failover. | |
| OWASP Agentic Top 10 | Not Directly | Security-focused. | Routing correctness and organizational model completeness. |
In regulated industries, routing decisions determine whether required control functions are involved. A loan that should trigger compliance review but does not is a control failure. An insurance claim that should trigger fraud review but does not is a control failure.
Navigation failures are particularly dangerous because they are silent. The work gets routed; something happens; the transaction closes. But the required control was never applied. The institution appears to have an effective process, but the agent's incomplete organizational model created a control gap.
Additionally, navigation failures can indicate inadequate process documentation. If an agent cannot navigate the organization to find the right team, the organization itself may not have clear role definitions or decision boundaries. Fixing navigation failures requires the institution to explicitly document organizational model and team ownership in a form the agent can use.
Navigation Failure requires organizational controls that go beyond what existing frameworks provide. Our advisory engagements are purpose-built for banks, insurers, and financial institutions subject to prudential oversight.
Schedule a Briefing