Organization becomes dependent on specific agent implementations. Switching costs escalate. Agent becomes critical infrastructure without governance maturity to match.
When an organization deploys an agent, it makes investments in integration, training, and process redesign. Data pipelines are built to feed the agent. Downstream systems are modified to accept the agent's outputs. Staff are trained on the agent's interface and behaviors. These investments create switching costs: moving to a different agent or reverting to human operations becomes expensive.
As the agent becomes successful, the organization deploys the agent to additional processes. Dependencies deepen. The agent becomes critical infrastructure: many business processes depend on the agent's continued operation. The organization has become "locked in" to the specific agent implementation.
The lock-in risk is that the organization's dependence on the agent escalates faster than the organization's governance maturity. The agent becomes business-critical before governance structures, oversight mechanisms, and contingency plans are in place. If the agent fails, the organization is vulnerable because it lacks the governance and operational backup to recover.
Moreover, lock-in reduces the organization's ability to upgrade, switch vendors, or respond to regulatory requirements. If regulators demand changes to how the agent operates, the organization faces high switching costs. If a better agent becomes available, the switching costs are prohibitive. The organization becomes trapped using an agent that is no longer optimal.
A large bank implements an agentic system for trading recommendations. The system analyzes market data, identifies trading opportunities, and recommends trades to traders. The system is successful; trading revenue increases. The bank expands the system to additional trading desks.
After three years, the system is handling trading recommendations for 40% of the bank's trading volume. The system has been integrated into the bank's risk systems (position limits are updated based on agent recommendations), reporting systems (trading volume metrics include agent-recommended trades), and compensation systems (traders' bonuses are partly based on how well they follow agent recommendations).
One day, the system's core model exhibits unexpected behavior. Market conditions have changed, and the model is not adapting. The system begins recommending trades that are consistently unprofitable. Trading losses mount.
The bank's risk team identifies the problem and wants to disable the system. But disabling the system would be extremely disruptive. Trading operations depend on agent recommendations for 40% of order flow. Disabling the system would require traders to manually generate these orders, doubling their workload and delaying executions. Risk management relies on agent recommendations to forecast position levels. Reporting systems are configured to include agent-recommended trades in daily reports. Compensation systems calculate bonuses partly based on agent recommendation volume. Traders have adapted their workflows around agent recommendations, and many no longer maintain the skills to generate recommendations independently.
The bank attempts to disable the system, but the interdependencies are so extensive that it takes two weeks to fully remove the agent from all systems. During these two weeks, trading operations are degraded, risk management is unreliable, and reporting is manual and error-prone.
More critically, the bank realizes that it has no alternative if the agent fails. If the agent had failed completely (not just been producing bad recommendations), the bank would have faced a trading halt. The agent has become critical infrastructure without adequate governance. Regulators scrutinize why a system that had become so business-critical was not subject to more rigorous governance, monitoring, and contingency planning.
| Dimension | Score | Rationale |
|---|---|---|
| D - Detectability | 3 | Lock-in is not visible until the organization attempts to change or remove the agent. Dependency escalates invisibly as the agent becomes integrated into more processes. |
| A - Autonomy Sensitivity | 3 | Lock-in affects autonomous agents more severely because the organization is more dependent on continued agent operation. |
| M - Multiplicative Potential | 4 | Lock-in compounds as the agent's scope expands. Each new process the agent touches adds dependencies. |
| A - Attack Surface | 3 | Lock-in is not a direct security vulnerability. However, lock-in creates vulnerability to disruptions: if the agent is compromised or fails, the organization is unable to quickly recover. |
| G - Governance Gap | 4 | Most organizations do not adequately assess switching costs or dependencies when deploying agents. Governance processes do not mandate assessment of critical infrastructure status. |
| E - Enterprise Impact | 4 | Lock-in can lead to inability to change or upgrade systems, inability to comply with regulatory requirements, and vulnerability to system failures. Impact is high but becomes apparent only when change is needed. |
| Composite DAMAGE Score | 3.6 | High. Requires proactive dependency monitoring and contingency planning. |
How severity changes across the agent architecture spectrum.
| Agent Type | Impact | How This Risk Manifests |
|---|---|---|
| Digital Assistant | Low | DA augments human work. Humans can operate without the DA. Lock-in is minimal. |
| Digital Apprentice | Low | AP is supervised. Supervisors can continue to operate without the AP. Lock-in is minimal. |
| Autonomous Agent | High | AA operates independently. If the AA becomes widely used, the organization becomes dependent on it. Lock-in escalates as use expands. |
| Delegating Agent | Medium | DL invokes tools. Downstream systems become dependent on the agent for tool invocations. Lock-in increases with the number of tool invocations. |
| Agent Crew / Pipeline | High | CR chains multiple agents. Each agent in the pipeline becomes dependent on the others. Lock-in is cascading: disabling one agent disables the entire pipeline. |
| Agent Mesh / Swarm | Critical | MS features dynamic peer-to-peer delegation. The mesh is a unified system. Disabling any agent in the mesh affects the entire mesh. Lock-in is total. |
| Framework | Coverage | Citation | What It Addresses | What It Misses |
|---|---|---|---|---|
| NIST AI RMF 1.0 | Partial | MANAGE | Recommends ongoing management and monitoring of AI systems. | No guidance on assessing dependency or lock-in risk. |
| DORA | High | Article 12 (Critical digital operational resilience) | Requires firms ensure operational resilience of critical systems. Agents can be critical systems. | Does not specifically address agent dependency or lock-in. |
| MAS AIRG | Partial | Section 2 (Strategy) | Requires firms assess strategic implications of AI deployment. | No specific guidance on assessing or managing lock-in. |
| SR 11-7 | Minimal | N/A | Model risk governance focus. | Predates widespread agent deployment as critical infrastructure. |
| ISO 42001 | Partial | Section 6 (AI management system) | Requires governance and monitoring of AI systems. | No guidance on assessing dependency or lock-in risk. |
| OCC Guidance | Partial | Third-party risk management | Requires firms reduce dependencies on single vendors. | Predates widespread agent deployment. |
In banking and capital markets, regulators expect that critical infrastructure (trading systems, settlement systems, payment processing) is subject to rigorous governance, monitoring, and contingency planning. If an agent becomes critical infrastructure without adequate governance, regulators will view this as a deficiency. If the organization cannot easily switch to an alternative or revert to manual operations, regulators will view this as unacceptable operational risk.
In insurance, if an agent becomes critical to claims processing or underwriting, the insurer is vulnerable to claims processing disruptions if the agent fails. Regulators expect that insurers can continue claims processing even if systems fail.
In healthcare, if an agent becomes critical to clinical decision-making, the healthcare system is vulnerable if the agent fails. Regulators expect that healthcare providers can continue to provide care even if systems fail.
Agent Dependency Lock-In requires proactive dependency monitoring and contingency planning that goes beyond what existing frameworks provide. Our advisory engagements are purpose-built for banks, insurers, and financial institutions subject to prudential oversight.
Schedule a Briefing