agents don't ask permission — that's the governance problem databricks just named

databricks put it plainly last week: "traditional governance assumed humans make decisions and applications execute them predictably. agents don't work that way."

that's the clearest statement of the problem i've seen from an enterprise vendor. and they're right — the entire compliance stack was built for systems that wait for a human to press go. agents don't wait.

the unity catalog post lays out four pillars databricks thinks are required: delegated access controls, cost attribution per agent, tamper-proof audit trails, and interoperability across multi-agent chains. worth reading in full if you're building anything that touches enterprise AI deployment right now.

here's where it gets harder than it sounds.

most teams i talk to are patching these together manually — one team using OPA for access policy, another bolting logs onto their LLM calls, a third trying to backfill attribution after the fact. the audit trail requirement is especially painful because it isn't just "log the output." you need proof that the log itself wasn't tampered with. an append-only record you can produce for an auditor isn't the same as an immutable one.

the databricks framework doesn't solve execution — it defines what needs to exist. that's still on the builder.

what we shipped in BizSuite's AI Audit module addresses exactly the trace-correlation and tamper-proof audit trail layer: hash-chained event logs per agent session, cost attribution tags baked into the MCP tool calls, and a 48-hour delivery window to get an enterprise team from "we have agents in production" to "we can pass an audit." EU AI Act GPAI enforcement goes live august 2 — 68 days from today.

the databricks pillar list is a reasonable RFP checklist. if you're evaluating vendors against it, here's what "auditability" should actually mean technically, and what to ask for in a proof of concept: https://getbizsuite.com/ai-audit