A member calls her credit union about a charge she does not recognize. The “AI agent” on the line identifies the transaction, explains the dispute process, and confirms her concern is valid. Then it stops.
It is unable to block the card, open the dispute case, or write a single change back to the core banking system. Instead, a human agent does it all post-call, while juggling three other screens.
This raises an important question: If it cannot execute, will it be counted as an AI agent? The answer is a straightforward no. By definition, an agent is a person, entity, or software program authorized to ‘act’ on behalf of another party (the principal) to achieve specific goals. (The word ‘act’ is important.)
In our experience of working with 1,000+ regulated contact centers, most agentic AI projects fail because they are never executing anything.
Agent-Washing Has a Precise Definition — Most “Agents” Do Not Meet It
Gartner predicts that over 40% of agentic AI projects will be canceled by the end of 2027, due to escalating costs, unclear business value, or inadequate risk controls.
For System Integrators and CCaaS partners selling into regulated environments, the 40% is a conversation. Every stalled AI pilot in your account is a project that reached the systems of record and stopped. The partner who introduces governed execution infrastructure before a competitor does owns that account’s AI roadmap.
The leading global IT and business research consultancy gave the problem a name: “agent washing” — the rebranding of existing products, such as AI assistants, robotic process automation (RPA), and chatbots, without substantial agentic capabilities.
| Also Read | Contact Center Automation: Reinventing Experiences |
It also estimated that of the thousands of vendors marketing agentic AI, only about 130 are building genuinely agentic systems.
The distinction is not merely academic. It is practical and consequential. A system that retrieves an account balance and reads it aloud is responding. A system that verifies identity, blocks a compromised card, files the dispute, and logs every step in the system of record is executing. That is governed execution — the only kind of agency that holds in a regulated environment, and delivers real business outcomes.
Most deployments marketed as agentic do the first and are sold as the second. In fact, many use cases positioned as agentic today do not require agentic implementations, because current models lack the maturity and agency to autonomously achieve complex business goals or follow nuanced instructions over time. It is nothing but agent washing in action.
The market reflects the gap between the label and the reality: in a January 2025 Gartner poll of 3,412 respondents, only 19% reported significant investment in agentic AI, while 42% had invested conservatively and 31% were still taking a wait-and-see position.
In regulated CX, the test is concrete. Does the system complete a governed action across a system of record — core banking, EHR, or DMS — or does it surface information and hand the work to a person? Everything downstream of that question determines whether the project survives.
For System Integrators and CCaaS partners selling into regulated environments, the 40% is a conversation. Every stalled AI pilot in your account is a project that reached the systems of record and stopped. The partner who introduces governed execution infrastructure before a competitor does owns that account’s AI roadmap.
Where Agent-Washed Deployments Break in Regulated CX
Agent-washed systems fail in regulated environments along four predictable lines. Each is structural, not a tuning problem.
Intelligence Without Completion
The first failure occurs when the system understands what should happen but cannot make it happen. It interprets the member’s intent, drafts the right response, then stalls at the system of record because it has no governed path to write back. The interaction ends as a partial resolution, and a human finishes the work the AI was bought to do.
No Governed Sequencing
Regulated workflows run in a required order: verify identity before exposing account data, confirm eligibility before triggering a refund, capture consent before accessing records. An agent-washed bot has no such concept of sequence — it answers whatever it is asked, in whatever order it is asked. In a banking interaction, that means card data surfaces before authentication completes. In a healthcare interaction, a patient’s prescription history appears before identity is confirmed. The control that makes the workflow compliant is missing.
No Audit Trail
A response generator does not log actions, because it does not take actions. When a HIPAA, PCI-DSS, or GLBA audit asks what the system accessed, on whose authority, and in what sequence, an agent-washed deployment cannot answer. The absence is not a reporting gap. It is evidence that no governed execution occurred.
Bolt-on to Legacy Systems
In its report, Gartner also found that integrating agents into legacy systems is technically complex, often disrupting workflows and requiring costly modifications. Teams discover this after the pilot, when the demo that worked against a sandbox cannot reach Fiserv, Epic, or CDK Global under production controls. Escalating cost meets unclear value, and the project enters the 40%.
| Also Read | How Customer Interactions Actually Execute |
Inadequate Risk Controls Are Why Regulated Projects Get Canceled
Gartner identifies inadequate risk controls as the primary cancellation driver. In regulated industries, that driver dominates because an action taken without governance is worse than no action at all.
Consider three interactions. In banking, an agent that blocks a card before completing identity verification has bypassed a control GLBA and the institution’s own policy require.
In healthcare, an assistant that retrieves a patient’s records without enforcing role-based access and logging each PHI access event creates HIPAA exposure on every call.
A response-only bot avoids these failures by doing nothing consequential. The moment a vendor adds real action without adding governed sequencing, permissions, and audit logging, the deployment becomes a liability the compliance team cannot sign off on. That is the project that gets canceled — not because the AI was too weak, but because it could act without being controlled.
The Execution Layer Is the Answer— Gartner’s “Rethink Workflows”
Gartner’s recommendation is to rethink workflows with agentic AI from the ground up rather than bolt agents onto existing systems. In regulated CX, rethinking the workflow means installing an execution layer between the AI and the systems of record.
It is far deeper and wider than integration. It is orchestration. The former moves data. The latter governs what happens with it — in sequence, by permission, on the record.
Integration answers one question — can system A share data with system B. Orchestration governs what executes across the connected systems: what happens with the data, in what sequence, under what conditions, and who or what is responsible for each step during a live interaction.
Take NovelVox CCIP for example. It sits between the CCaaS platform, the AI, and the systems of record, governing how every action is retrieved, validated, and executed. A chatbot connected through CCIP does not stop at the lookup — it updates the record, triggers the workflow, and confirms the result, with identity verification enforced before any data is exposed.
This is what governed execution looks like in practice.
A member authenticates, the card is blocked in Jack Henry, the dispute case opens, and the outcome is written back — in that order, because the order is enforced, not suggested.
A service appointment is booked against live availability from Xtime and confirmed across systems.
Each is a completed action, not a lookup handed to a person.
On the human side, Agent Accelerator gives agents one workspace where the same governed workflows execute across core banking, EHR, DMS, and CRM — in sequence, under role-based permissions, with every action written to a complete audit trail.
The governance is not bolted on top. Step B does not execute before step A is confirmed, actions unlock by permission level, and every step is logged as a structural outcome of execution. That is the line between a system that is called agentic and one that completes governed work.
Leaving You with a Question
The agentic projects expected to be canceled were, in most cases, never executing anything — they were assistants and chatbots wearing a new label, stalling at the same systems of record they were bought to act on.
Agentic AI is still advancing: 33% of enterprise software applications are projected to include it by 2028, up from less than 1% in 2024, and at least 15% of day-to-day work decisions will be made autonomously, up from 0%.
The deployments that reach those numbers in regulated CX will be the ones that answered a single question first: does the system complete a governed action across the systems of record — in sequence, by permission, and on the record?
