The agentic AI readiness diagnostic: 10 questions for the high-performing tail

The 2026 enterprise agentic AI deployment record is bimodal. McKinsey identifies a 6% AI-high-performer cohort with measurable EBIT contribution from AI deployment. The Stanford Digital Economy Lab identifies a 12% high-ROI cohort by a different methodology. The 88-94% residual is at or below break-even. Gartner finds 28% of AI infrastructure projects fully pay off. Cisco finds 83% breach rate with 29% adequate exposure visibility. The shape of the distribution is consistent across independent datasets, which is the signal worth taking seriously.

What the 6-12% high-performing cohorts share is not better models, better vendors, or better timing. They share a measurable governance posture, auditable in under 60 minutes against ten questions.

This is the diagnostic.

Who should run this and when

Run the diagnostic before the next high-impact agentic AI procurement signature. Run it again on a 60-day cadence during active deployment. Run it as part of the EU AI Act preparation cycle ahead of the 2 August 2026 enforcement window.

The diagnostic is a posture audit. It is not a maturity model, a capability framework, or a vendor scorecard. A maturity model that takes a quarter to complete is not actionable on a 14-week regulator runway. The diagnostic is binary on purpose: each question scores YES or NO, and the total YES count maps to one of three posture bands. Partial-credit answers are NO. Aspirational answers are NO. Policy-without-practice answers are NO.

Five voices in the room: CIO or AI governance lead, CISO, CFO or finance partner, legal or compliance lead, the function head whose work the most-deployed agent touches.

The 10 questions

Q1. Non-human identity

The question. Do your AI agents have IAM identities distinct from human identities, with separate scoping, separate rotation cadence, and separate audit trails?

YES requires: each deployed agent has its own non-human identity in the corporate IAM. Tokens are scoped to the actions the agent needs, not to the human owner’s permission set. Rotation cadence is set independently of human credential rotation. Every agent action in the audit log resolves to the agent identity, not to the human who owns the agent.

NO if any of: the agent runs on a human service account, the agent inherits the permission set of its human owner, the agent’s actions show up under the human owner’s name in audit logs, the agent’s tokens rotate on the same cadence as the human’s.

The 92% baseline. The OneIdentity 2026 Identity Security Threat Landscape Report finds 92% of surveyed enterprises had no separate IAM scoping for agents at the time of measurement. The fix is structurally simple but requires platform support. Okta for AI Agents reached general availability on 30 April 2026; Microsoft Entra agent-NHI is in preview; Ping Identity has agent-NHI roadmapped for Q3 2026. An enterprise without one of these primitives in production cannot answer YES on Q1.

The full non-human-identity framework is at /non-human-identity-ai-agents/ (claim AM-037).

Q2. Detection-time

The question. Can you detect agent-initiated incidents in under 4 hours from the initiating event?

YES requires: detection tooling instruments agent action streams, not just network traffic. Alerts trigger on policy violations specific to agentic AI (privilege escalation, action chaining, token misuse, exfiltration via tool calls). The Mean Time To Detect (MTTD) target for agent-initiated incidents is under 4 hours, measured.

NO if any of: detection relies on human review of agent action logs, MTTD for agent-initiated incidents is undefined or unmeasured, alerts trigger only on coarse-grained network or endpoint signals, the security operations team has not received training on agent-specific detection patterns.

The 83% / 29% baseline. The Cisco 2026 Cybersecurity Readiness Index finds 83% of enterprises experienced an AI-related breach in the prior 12 months and 29% had adequate exposure visibility. The MTTD-for-Agents framework specifies layer-by-layer detection-time targets — see the full framework.

Q3. Cost observability

The question. Do you track per-agent, per-task, per-deployment cost on at least a weekly cadence?

YES requires: cost is attributed to the specific agent making the call, the specific task being performed, and the specific deployment owning the budget. The reporting cadence is weekly. The cost is reconciled against the deployment’s ROI hypothesis. A deployment that is over-budget for two consecutive weeks triggers a review with the business sponsor, not a quarterly report.

NO if any of: cost is reported at the model layer or vendor layer, not at the deployment layer; cost is reported monthly or quarterly; cost reporting does not name the agent or the task; the reporting flow does not connect to the deployment’s ROI hypothesis.

The compression baseline. Per-session-hour pricing (Anthropic Managed Agents, 8 cents per session-hour at 2026 pricing) and tool-call pricing both produce cost profiles that are illegible at the model-layer view. McKinsey’s 2026 State of AI finds margin-compression as the dominant cost-management failure mode in struggling deployments, where an apparently-affordable per-call cost compounds into an unaffordable per-month deployment cost over the first quarter of operation.

Q4. Action approval

The question. Are write actions, financial actions, and actions affecting production data gated by named human approval before execution?

YES requires: a published action-policy lists which categories of agent action require approval. Approval is granted by a named individual, not by a role or a team mailbox. The approval event is logged against the agent identity (Q1 dependency). The same individual cannot both deploy the agent and approve its high-impact actions.

NO if any of: approval is implicit in the original deployment authorisation, approval is given by a role rather than a named person, the audit log shows the approver as a service account or system process, the same individual deploys the agent and approves its actions.

The OWASP Agentic AI Top 10 baseline. The OWASP Agentic Security Initiative Top 10 catalogue (2026) lists “unauthorised action execution” as the leading agentic AI vulnerability class. Action approval is the primary control. The full walkthrough is at /owasp-agentic-ai-top-10-walkthrough/.

Q5. Audit evidence

The question. Can you produce a complete agent decision audit trail for any single deployment within 4 business hours of regulator request?

YES requires: every agent decision is logged with input, model output, tool calls, action taken, and the human approval reference if applicable. The logs are queryable, retained for the period mandated by the applicable regulation (typically 5 to 7 years), and exportable in a format the regulator will accept. The 4-hour window includes assembly, redaction of any PII not relevant to the inquiry, and delivery to legal.

NO if any of: agent decision logs are scattered across vendor platforms with no consolidated query interface; the retention period is shorter than the regulatory requirement; the export format is not specified or has not been tested; the assembly time has not been measured against an internal drill.

The Article 12 baseline. EU AI Act Article 12 requires automatic recording of events for high-risk AI systems sufficient to ensure traceability of the system’s functioning. The 4-hour evidence-assembly target is the practical bar for responding to an unscheduled regulator inquiry without burning a week of legal time. The full audit-evidence template is at /eu-ai-act-article-12-audit-evidence/ (claim AM-046).

Q6. Vendor accountability

The question. Does your vendor contract specify the vendor’s liability for agent malfunction, hallucination, and unauthorised action?

YES requires: the contract names liability allocation for each of the three failure classes. The allocation is not “vendor disclaims all liability” or “limited to fees paid in the prior 12 months” without exception. There is a specified path for indemnification when the failure is caused by vendor-controlled components (model errata, platform outage, security flaw in vendor-provided tooling). The contract has been reviewed by counsel competent in AI procurement, not generic technology procurement.

NO if any of: the contract is the vendor’s standard SaaS template with no agentic-AI-specific liability terms; liability is capped at fees paid with no carve-outs; the contract is silent on hallucination liability; counsel review was generic.

The 60-question RFP baseline. Section 6 of the 60-question agentic AI RFP covers vendor accountability when something goes wrong. The full RFP is at /the-enterprise-agentic-ai-rfp-60-questions/ (claim AM-026).

Q7. ROI measurement

The question. Do you measure agent ROI on a 90-day cadence with a documented kill criterion, not on aspirational annualised savings?

YES requires: the deployment has a 90-day ROI checkpoint with a measurable target. The kill criterion is documented in advance: a deployment that misses the target by more than X percent at the 90-day checkpoint is killed or pivoted, not extended. The ROI calculation reconciles claimed savings against booked savings, with the finance partner signing the reconciliation.

NO if any of: ROI is reported as annualised projections only; there is no kill criterion; the kill criterion exists but has never been enforced; the reconciliation is informal; finance is not in the loop.

The 28% baseline. Gartner’s 2026 AI infrastructure project tracking finds 28% fully pay off, the rest break even or fail. The 90-day cadence with a kill criterion is the operating discipline that distinguishes the 28% from the 72%. McKinsey’s 2026 State of AI finds the median high-performer kills approximately 23% of AI deployments at or before the 90-day checkpoint, against 9% in the struggling cohort, where deployments tend to extend on aspirational projections.

Q8. Change management

The question. Have the teams whose work the agent touches been trained, given a documented opt-out path, and signed off on the deployment?

YES requires: training is delivered before deployment, not as documentation. The opt-out path is named and tested. Sign-off is captured from the team’s accountable lead, not as silence-implies-consent. The deployment owner has a published commitment that the agent will not replace named individuals during the first deployment cycle.

NO if any of: training is read-only documentation; the opt-out path is undocumented; sign-off is silence-implies-consent; the team’s accountable lead has not seen the deployment.

The 30% baseline. Carnegie Mellon’s 2026 agentic AI work (including the TheAgentCompany benchmark) finds approximately 30% of agentic deployment failures are change-management failures, not technical failures. The agent works; the team rejects it; the deployment is rolled back. The change-management posture is the predictor.

Q9. Multi-jurisdiction posture

The question. Do you have a documented compliance posture for the EU AI Act, the U.S. state AI laws relevant to your operations, and the sector-specific regulations (HIPAA, GLBA, FERPA, GDPR, NIS2) that apply?

YES requires: a single document, owned by the legal or compliance function, mapping each applicable regulation to the controls in place. The document names which deployments are in scope for which regulations. The document has been reviewed in the past 90 days. Cross-jurisdictional inconsistencies are resolved or explicitly flagged with risk acceptance.

NO if any of: there is no consolidated mapping document; the document exists but has not been reviewed in 90+ days; cross-jurisdictional inconsistencies are unresolved and unflagged; the deployment scope is not named at the regulation level.

The OCR / state baseline. The HHS Office for Civil Rights logged a 340% spike in AI-related discrimination complaints in 2025, with HIPAA-AI overlap as the leading complaint pattern. State AI laws (Colorado SB24-205, Utah AI Act, the New York City AEDT rule, the California ADMT regulations) create overlapping obligations that the EU AI Act does not pre-empt. The full EU AI Act preparation track is at /eu-ai-act-agentic-ai-compliance/ (claim AM-035).

Q10. Named accountable governance

The question. Is there a single named individual accountable for AI governance across the enterprise, with budget authority and a direct reporting line to the executive committee?

YES requires: the role is named (Head of AI Governance, Chief AI Officer, VP AI Strategy, depending on the enterprise’s title convention). The individual has budget authority sufficient to commission a deployment review without approval from another function. The reporting line is to the executive committee, not buried two levels into another function. The individual’s mandate is published.

NO if any of: AI governance is a shared accountability across multiple roles; the named individual lacks budget authority; the reporting line is to IT, security, or another function rather than to the executive committee; the mandate is unpublished.

The Forrester baseline. Forrester’s 2026 Enterprise AI Predictions found 60% of Fortune 100 enterprises had hired or were actively recruiting for a Head of AI Governance role by Q1 2026. The accountable-individual model is now the dominant pattern; the matrixed-shared-accountability model is the failure pattern. The full role specification is at /head-of-ai-governance-role/ (claim AM-047).

Reading the score

Total the YES count.

8 to 10 YES — high-performing posture. This is the operating profile of the 6% AI-high-performer cohort and the 12% Stanford DEL high-ROI cohort. Continue procurement on the existing track. Run the diagnostic again at the 60-day cadence. The differentiator at this band is not adding more controls but holding the controls in place under deployment pressure.

5 to 7 YES — median posture. This is the operating profile of the broader middle of the distribution: enterprises that have built some of the practices but not yet held them all in place. The next move is to identify the lowest-scoring questions and run a focused gap-fix before the next procurement signature. Most enterprises move from this band to the high-performing band over a single procurement cycle (8 to 10 weeks) when the gap-fix work is named and owned. The full procurement track is at /enterprise-agentic-ai-procurement-playbook/ (claim AM-041).

0 to 4 YES — struggling posture. This is the operating profile of the 88-94% segment. Freeze high-impact agentic AI procurement until the score reaches at least 7. Continue low-impact, sandboxed experimentation; that work builds the practices. The reason to freeze is not pessimism about the technology but recognition that procurement signature commits the enterprise to obligations (EU AI Act Article 9 risk-management system, Article 12 audit evidence, Article 73 incident reporting) that an enterprise scoring 4 or fewer cannot reliably meet on the regulator’s timeline. The Article 9 obligation begins operating on 2 August 2026.

What the diagnostic does NOT measure

The diagnostic does not measure: model quality, vendor capability, agent design, deployment specifics, individual operator skill, or the specific use case. Those variables do matter to outcomes, but they are not the differentiator between the high-performing tail and the struggling body. The differentiator is governance posture, which is what the ten questions audit.

The diagnostic also does not predict the outcome of any single deployment. A high-performing posture can still produce a failed deployment (luck, edge cases, novel attack patterns). A struggling posture can still produce a successful deployment (good operators, low-risk use case, fortunate timing). What the posture predicts is the median outcome across many deployments. High-performing posture moves the median from break-even to 17%+ EBIT contribution. Struggling posture leaves the median at or below break-even.

What changes by 2 August 2026

The diagnostic’s stakes increase materially when EU AI Act enforcement begins on 2 August 2026. Three of the ten questions (Q5 audit evidence, Q6 vendor liability, Q9 multi-jurisdiction posture) become regulator-facing on that date. An enterprise scoring NO on those three questions and operating high-risk AI systems in the EU is in the non-conformity risk band on day one of enforcement.

The runway is 14 weeks from the publication date of this diagnostic to the enforcement window. That is one full procurement cycle. An enterprise running this diagnostic now, identifying the lowest-scoring questions, and committing to the gap-fix work has the time to lift the score by one band before enforcement begins.

The full state-of-the-year analysis with the underlying source claims is at /state-of-enterprise-agentic-ai/ (claim AM-040). The integrated procurement playbook that operationalises the gap-fix is at /enterprise-agentic-ai-procurement-playbook/ (claim AM-041).

The 6-12% cohort is not a category the technology selects you into. It is a posture an enterprise can choose. The diagnostic is the audit; the gap-fix is the work.