From Insights to Actions: Why Agentic Analytics Needs Governance

I recently watched Hannah Fry’s YouTube video exploring what happens when AI agents are given the ability to act in the real world. The video followed an experiment with an AI agent that could operate a computer, send emails, browse websites and attempt to complete tasks on behalf of its users.

What stood out to me was not simply that the agent could answer questions. It was that it could keep acting towards a goal. It could search, decide what to do next, click, type, email, spend money and continue the loop until it believed the task was complete.

That is the point where the conversation about AI changes.

The risk does not begin when AI can answer questions. The risk begins when AI can act.
​
That has direct relevance to the way I have been thinking about agentic analytics. If analytics agents are going to move beyond explaining dashboards and start recommending actions, triggering workflows, calling tools or coordinating with other agents, then the architecture underneath them becomes much more important.

It also connects strongly with a blog series by my friend Chris Buckel, Databases in the Age of AI, where he explores how AI agents change the way systems of record are accessed, queried and used.

Chris makes an important point: AI does not just place more demand on data platforms; it changes who or what is consuming the data. In his framing, inference is becoming a first-class database workload, and databases are becoming part of the reasoning path itself.

That is exactly why this matters for analytics. If analytics agents are going to move beyond explaining dashboards and start recommending actions, triggering workflows, calling tools or coordinating with other agents, then the architecture underneath them becomes much more important.
​
Agentic analytics is not just about better answers. It is about what happens when analytical systems can begin to act on those answers.

From Chatbots to Agents

A chatbot responds to a prompt.

An agent works towards a goal.

That distinction matters. In the video, the agent followed a loop: look, ask, act, then repeat. It reviewed what was on screen, asked a model what to do next, acted through the keyboard and mouse, and continued until the task progressed.

In simple situations, that can look useful. An agent can make a complaint, search for the best price, draft messages or attempt to complete administrative work that a human might not have the time or patience to do.
​
But the same persistence that makes agents useful also makes them risky. Once an agent can keep acting, it can also keep acting incorrectly, expensively, inappropriately or beyond the user’s original intention.
That is why the shift from chatbots to agents is not just a technical enhancement. It changes the risk profile.

Why This Matters for Analytics

​Traditional analytics has usually stopped at insight.

A report shows what happened. A dashboard helps users explore why it happened. A self-service tool allows a user to ask new questions. Augmented analytics may surface patterns, explain anomalies or suggest visualisations.

Agentic analytics goes further.

It begins to move from insight towards recommendation, orchestration and action. An analytics agent might not just explain why revenue fell in a region. It might retrieve supporting context, compare past trends, identify contributing factors, recommend follow-up actions and trigger a workflow for someone to investigate.

That is powerful, but it also changes the governance challenge.
A wrong chart can mislead a user. A wrong agentic action can trigger consequences.

The New Risk Profile of Agentic Analytics

Once analytics agents can act, several risks become more important:

• using the wrong business definition
• retrieving the wrong context
• exposing sensitive data
• overstepping the permissions of the user
• triggering the wrong workflow
• acting on malicious or untrusted instructions
• creating an audit trail that does not clearly show who or what made the decision

This is why agentic analytics cannot be treated simply as a new interface for existing dashboards.
If an agent is going to interpret business intent, query data, retrieve documents, call tools and recommend or execute actions, then the enterprise needs to understand how that behaviour is governed.

The Lethal Trifecta in Enterprise Terms

​One of the strongest ideas in the video was the reference to what is sometimes described as the Lethal Trifecta:

• access to private information
• access to the internet or external tools
• exposure to untrusted instructions

In a consumer setting, that might mean an agent with access to personal accounts, passwords, email and websites.

In an enterprise analytics setting, the equivalent could be even more serious. An agent may have access to sensitive business data, internal documents, customer information, operational workflows, SaaS applications and external services.

If that agent can also receive untrusted instructions through prompts, documents, web pages or user inputs, then governance becomes essential.

The issue is not that agents are inherently bad. The issue is that powerful agents need boundaries.

This is why agentic analytics cannot simply be treated as the next user interface for dashboards. Once analytics systems can interpret intent, retrieve context, call tools and recommend or trigger actions, the architecture underneath them becomes just as important as the intelligence of the model itself.
​
In the second part of this series, I will look at what that architecture needs to include: governed semantic meaning, data-layer security, trusted retrieval, observability, auditability and why Oracle’s broader platform direction across Oracle Analytics, Oracle AI Data Platform, Autonomous AI Lakehouse and database-level governance is relevant to this shift.