The Question No One Signed

When an agent commits the wrong transaction, who signed the merge? Accountability used to mean a human in the path. At agent velocity, the human is in the path nominally and cannot have read what they approved. The accountability gap is not a slowness problem to be sped up or a process problem to be lawyered. It is a missing artifact.

A change ships. The change is the wrong change. Something the agent should not have done is in production now, and something the company will pay for is loose in the world. A regulator will eventually ask one question, and a board will eventually ask the same one. Who signed the merge.

For most enterprises, today, the honest answer is that nobody signed it. The pull request had an approving reviewer's name on it. The reviewer's name was attached to a green check. The green check came from a CI pipeline that ran tests and a linter and called the code clean. And every person involved in that chain will say, accurately, that they did what was asked of them. None of them will be able to say what was actually in the change, why it was deemed safe, or what they reviewed it against.

That is the accountability gap. It is not a slowness problem to be sped up. It is not a process problem to be lawyered around. It is a missing artifact, and the artifact will be produced one way or another. The only question is whether it is produced deliberately by the organization, on the organization's terms, or extracted from the organization later, on someone else's terms, after the loss has happened.

Why this was answerable before

Accountability used to be answerable because the change rate let it be. A senior engineer read the diff. They asked a question or two. They walked through what services it touched. They knew, because they had built half the system themselves, what would break and what would not. The approval was not a click. It was a judgment made by a person who could be asked, six months later, why they thought the change was safe. They would remember. They had reasons. The reasons were the accountability.

The institutional design assumed all of that. The compliance framework assumed a reviewer who had read the change. The audit trail assumed an approval whose author could be cross-examined. The regulator's mental model assumed that "the engineering team reviewed and approved" meant something operational, not ceremonial. When a CFO signed off on a change to the financial reporting code path, the CFO had been briefed by an engineer who had read the diff. When a General Counsel signed off on a change that touched customer data handling, the GC had been told, by a human with the technical authority to know, what the change did.

None of this required a written artifact, because the artifact was the people. Their memory, their judgment, their willingness to stand behind the decision. The accountability was distributed across the humans, and the humans were present in the change path because the change rate let them be.

What broke

The change rate did not just go up. It crossed a threshold past which the institutional design stops working without any single component visibly failing.

The senior engineer still reviews pull requests. They review forty of them this week instead of four. They cannot have read forty pull requests the way they used to read four, but the calendar does not care, and the velocity dashboard celebrates the throughput. The approval count goes up. The number of reasons behind the approvals goes down. The reviewer's name keeps appearing on merges they cannot meaningfully describe if asked. They are not lying. They were not given the time.

The CFO still signs off. The signoff is now a quarterly meeting in which engineering presents a summary slide with green metrics on it. The CFO is not in a position to interrogate the slide; nobody briefed them on what the changes did, because nobody could have read all the changes. The signoff happens because the calendar invite happened. It does not represent the kind of attested knowledge it used to represent. The CFO has signed something that, in a previous decade, they would not have signed without being able to defend.

The General Counsel reviews the privacy posture annually and the security framework annually and the AI usage policy annually. None of those reviews touch a specific change. The GC's accountability instrument is the policy document, and the policy document does not bind any particular merge to any particular reviewer. When the wrong change ships, the GC will be told, by the engineering leader, that the engineering team reviewed and approved it. The GC will rely on that. The engineering leader will be relying on a system in which approval has come unmoored from review. Two parties relying on each other to have done something neither has the data to confirm. Nobody is lying. Everyone is exposed.

The Chief Data Officer governs what data the company exposes. The agent decided, in flight, that a particular query needed to send a particular field to a third-party API. No human was consulted. The CDO has a policy that says PII cannot leave the production tenant without review. The agent satisfied the policy by routing through the model the CDO approved. The CDO did not approve this specific query, this specific field, this specific destination, on this specific day. The policy did. And the policy was written before the agent existed.

The vacuum has a shape

Notice what is consistent across all of these. The institutional structure for accountability still exists. The compliance framework, the approval chain, the policy document, the audit trail. None of them have been removed. What has been removed is the *coupling* between the institutional structure and the operational reality. The reviewer is in the chain. The reviewer has not read what they approved. The CFO is in the chain. The CFO does not know what they signed off. The GC is in the chain. The GC's policy does not bind the specific merge.

The accountability framework is intact. The accountability is hollow.

This is what makes the AI-velocity moment legally and operationally dangerous in a way that the AI-quality moment was not. The quality moment said: the code is sometimes wrong. The standard answer was: catch it in review. The velocity moment says: the review itself is now an artifact whose contents cannot be verified by the person whose name appears on it. The standard answer no longer fits, because the standard answer assumed the review meant what it has always meant. It does not, anymore, and pretending it does is how an organization ends up surprised when the question finally arrives.

The question arrives in a specific form, and the form matters. A regulator does not ask whether the company has a code review process. They ask: who signed off on the change that caused the loss, and on what basis. A plaintiff's lawyer does not ask whether the engineering team had standards. They ask: produce the record of the review of the specific change that produced the failure, and identify the person who attested that the change was safe to ship. A board, in the aftermath, does not ask whether the engineering organization was working hard. They ask: at what point in this organization could the wrong change have been stopped, and who was responsible for stopping it.

These questions assume an artifact. The artifact is the record of the decision: what was the change, what did it touch, what was the score against the organization's risk standard, who approved it with that score visible, and what did they know when they approved it. That artifact is what the institutional framework has always implicitly assumed existed. It used to exist in the heads of the engineers doing the review. It does not exist there now, because the volume has exceeded the capacity. And it does not exist anywhere else by default, because the systems were designed for a world in which the engineers carried it.

The artifact is the instrument

The structural answer is not slower code. Slower code is not what regulators want; they want answerable code. The structural answer is not more lawyers. Lawyers asked after the fact cannot reconstruct attention that was not paid before the fact. The structural answer is the artifact itself. Make the accountability record mechanical. Make the receipt the thing that travels with every change, generated at the moment the merge happens, recording every input the decision was made against.

What the receipt has to contain is not mysterious. The change itself. The blast radius of the change against the production surface it was about to enter. The compliance exposure: which regulated data paths, which audit-bearing systems, which contractual surfaces. The origin of the change: which agent, which model, which human prompt or which autonomous action. The score against the organization's risk standard, computed at the moment of merge, against the system the change was about to enter. The reviewer's identity. The reviewer's attestation that they saw the score and the basis. The policy that permitted the merge to proceed, named explicitly. The reason, written down, that the merge was approved despite whatever risks the score surfaced.

None of this slows the merge in the common case. A change with a low score against a low-criticality service, by an agent operating well inside its declared scope, with no compliance touch, merges automatically with the receipt attached. The receipt was produced. The accountability artifact exists. No one needed to be interrupted.

The case where it matters is the case where the change is risky. A change with a high score, into a regulated service, by an agent that has been given broad latitude this week, with PII in the diff. That change surfaces for a deliberate human call, and the human who makes the call is shown the score, the breakdown, the policy that applies, and the reason the surfacing happened. The human can override or escalate. The receipt records which they did, and why. Six months later, the regulator's question has an answer. The answer is a document, and the document was produced when the decision was made, by the system that made the decision possible.

What this means for the people in the chain

The CFO is no longer signing off on a quarterly summary with green metrics. The CFO is being shown, in a board-trendable score, what the organization's production risk posture actually is, against changes that have actually shipped, with the receipt for every high-risk change available on request. The signoff means something operational again. The CFO can defend it.

The General Counsel is no longer relying on the engineering leader's assurance that the team reviews. The GC has access to the artifact. Every high-risk merge has a receipt, and every receipt has a named reviewer who attested to the score and the basis. The policy is not a document divorced from the merges; it is named, by every receipt, as the policy that permitted the merge. Counsel can produce, on demand, the chain from policy to specific decision, for any change a regulator asks about.

The Chief Data Officer is no longer hoping that the policy holds. The CDO has the artifact for every merge that touched the data perimeter. The agent did not get to decide what to expose; the receipt records what was exposed, why it was permitted, against which policy, with which signoff. If the exposure was wrong, it can be traced. If the exposure was right, it can be defended.

The senior engineer is no longer reviewing forty pull requests by clicking approve. The low-risk ones merge with the receipt attached, and the engineer's attention goes to the surfaced ones, with the score and breakdown visible. The engineer is back in the path where their judgment matters. The forty-clicks-a-week problem is not solved by reading faster. It is solved by being asked to read only the changes that need a human, and being given the context to make a real call when asked.

The line

The institutional framework assumes an artifact. The framework will not adapt to the artifact's absence; the absence will surface, eventually, as a specific question about a specific change, asked by someone with the authority to enforce an answer. The organization will produce something at that moment. The choice is whether what gets produced was generated deliberately, at the moment of decision, or assembled hastily afterward from logs that were never designed to answer the question.

Accountability is not a feeling. It is an artifact. Someone has to be in the position to produce it on demand, and the time to design that artifact is before the question arrives.

Cross-link: this piece picks up the seed from N° 014 (AI Won't Fix a Broken Governance Model) on why "did CI pass" is not an answer a CFO, GC, or regulator accepts. Companion to N° 016 on where governance has to live, and N° 017 (Phantom Coverage) on the buyer's experience of the architectural gap. N° 019 takes the verifier-outside-the-loop up directly.

End N° 018