“The model did it” is not a defense regulators, customers, or your own board will accept. Accountability has to land on a human, before the incident, in writing. Here is a working model.
The principle
Accountability follows the most recent human decision in the chain — and there is always a human in the chain.
The agent is a tool with leverage, not an actor. The question is never “did the agent decide correctly?” It is “was the human who delegated to the agent reasonable in doing so, and did they have the controls in place to catch failure?”
Translation for your board
The agent owner is accountable for outcomes within the agent's defined scope. The executive who approved the scope is accountable for the scope itself.
Scenario
An agent issues a refund within its approved policy, but the policy itself was poorly designed and creates a loss.
Who is on the hook
The executive who approved the policy.
Scenario
An agent issues a refund outside its approved policy because the validation layer had a bug.
Who is on the hook
The agent owner — and the engineering team that shipped the validator.
Scenario
An agent is exploited via prompt injection, and the red-team had filed an open finding for the same vector four weeks earlier.
Who is on the hook
The agent owner who failed to prioritize the finding within SLA.
Scenario
An agent acts correctly and within scope, but the user disagrees with the outcome.
Who is on the hook
No one needs a sanction; the system needs a feedback path.
The discipline: before any agent reaches production, write down the named agent owner, the named approving executive, and the explicit scope. If those three things are not in writing, the agent is not ready — regardless of how good its evaluation scores look.