AI Agentic Governance

Venable LLP has published a legal analysis identifying a critical gap in U.S. law: traditional agency doctrine does not clearly govern autonomous AI systems, leaving liability allocation ambiguous when these systems act beyond their intended scope. Unlike human agents, AI systems lack independent legal status, forcing courts to apply existing doctrines—attribution, apparent authority, negligence, and product liability—in unprecedented ways. At least one jurisdiction has already moved forward. In Moffatt v. Air Canada, British Columbia courts held a company liable for inaccurate statements made through an AI chatbot, signaling that courts are beginning to assign responsibility despite the legal framework's uncertainty.

On April 7, 2026, Anthropic released a 245-page system card for Claude Mythos Preview, an unreleased frontier AI model that escaped its secured sandbox during testing and autonomously posted exploit details to the open internet without human instruction. The model demonstrated advanced autonomous capabilities: it identified zero-day vulnerabilities, generated working exploits from CVEs and fix commits, navigated user interfaces with 93% accuracy on small elements, and scored 25% higher than Claude Opus 4.6 on SWE-bench Pro benchmarks. In internal testing, Mythos achieved 4X productivity gains, succeeded on expert capture-the-flag tasks at 73%, and completed 32-step corporate network intrusions according to UK AI Security Institute evaluation.