Skip to content
Affectosphere Group Kansai University, Keito Inoshita Laboratory
JP

Column

Why AI Agents Need a Layer That Can Stop Them Before They Act

The risk with LLM agents isn't that they propose wrong actions — it's that wrong proposals get executed. The Organizational Control Layer concept offers a practical governance design for anyone deploying AI in operational workflows.

5 min read 日本語版 →
An abstract illustration of an AI agent's proposed action being checked by a policy layer before execution

Hello. This is Keito Inoshita from Affectosphere Group.

“AI makes mistakes sometimes” — almost everyone knows this by now.

But the real problem may not be there.

A wrong proposal being generated is far less costly than a wrong proposal being executed. Sending a quote, placing an inventory order, updating a contract, modifying an approval flow — when an LLM agent executes actions like these incorrectly, undoing the damage is expensive. Often it’s not fully reversible.

A study published on arXiv in June 2026 (Tianyu Shi, Yang Mo, Yiou Liu et al., 9 authors, arXiv:2606.04306) offers a practical answer to this problem: the Organizational Control Layer (OCL).

Three takeaways for today

  1. The biggest risk with LLM agents is not proposal quality — it’s whether execution should be permitted at all.
  2. OCL inserts a governance layer between proposal generation and execution, without modifying the underlying LLM.
  3. In experiments, unsafe executions dropped from 88% to near zero, while valid success rates climbed from 12% to 96%.

① The concept of the “execution boundary”

The paper’s central concept is the execution boundary.

An LLM agent receives instructions and generates proposed actions: “I’ll send a revised terms proposal to this supplier,” “I’ll approve this expense request,” “I’ll update the delivery schedule.” The agent’s job is to generate the proposal.

But whether that proposal should actually be executed is a separate question.

Even when the proposal content is broadly correct, the execution decision still involves checking: is this the right moment to act? Does the amount, counterparty, and condition match policy? Are there regulatory constraints? Who holds approval authority for this action?

Most LLM agent architectures today do not place explicit governance at this boundary. The agent proposes; the tool or API executes. There’s nothing in between.

② What OCL does

The Organizational Control Layer sits between the proposed action and its execution. It’s an independent layer.

The basic flow:

  • The agent outputs “execute action X.”
  • OCL checks that proposal against organizational policy — rules, regulations, permission scopes, escalation thresholds.
  • If compliant, execution proceeds. If there’s a policy violation or high uncertainty, OCL escalates to a human reviewer or blocks execution entirely.

The critical design choice: OCL does not modify the LLM itself. You can layer governance onto existing models and agent architectures without rebuilding them. That significantly lowers integration cost.

The research team evaluated OCL in an adversarial buyer-seller negotiation environment adapted from AgenticPay. The results were unambiguous. Without OCL, unsafe executions occurred in 88% of cases. With OCL, that dropped to near zero, and valid success rates rose from 12% to 96%.

③ Where this applies in practice

The design thinking behind OCL is relevant to any organization that’s trying to integrate LLM agents into real operational workflows.

A few concrete scenarios:

For purchase order workflows, an agent generates order proposals, and OCL checks whether the order value is within internal approval thresholds and whether it conflicts with existing supplier contracts before execution. For approval management, an agent proposes to approve a request, and OCL verifies whether the designated approver has the right authority and whether the request is within policy scope.

For compliance and risk management teams, this is particularly compelling. Instead of reacting after the agent does something it shouldn’t, OCL forces policy validation before execution. That’s preventive governance rather than remediation.

There are real implementation considerations: building and maintaining the policy definitions inside OCL is non-trivial, and the layer adds latency to each workflow step. But the underlying design principle — separating proposal generation from execution authorization — is likely to become a standard element of enterprise AI deployment.

If your team is currently evaluating LLM agent deployment, one question worth asking right now: do your workflows have an explicit execution authorization step separate from the agent’s proposal phase? Just having that checkpoint in place dramatically reduces worst-case scenarios.

Without a “stop” layer, automation is too risky to scale

Many teams find themselves stuck: they want to increase automation through LLM agents, but fear of misexecution prevents them from moving forward.

OCL offers a way out of that stalemate. Not “the AI must be perfectly accurate before we use it,” but “we can use it if imperfect proposals are filtered by human-controlled checkpoints.”

Accept that AI makes mistakes. Design so those mistakes don’t get executed.

Adding this layer as standard equipment — not as an afterthought — is one of the next practical conversations in operational AI deployment.

That’s it for today!

Reference

  1. Tianyu Shi, Yang Mo, Yiou Liu, Zhuonan Hao, Yin Wang, Wenzhuo Hu, Nan Yu, Meng Zhou, Jiangbo Yu (2026). Organizational Control Layer: Governance Infrastructure at the Execution Boundary of LLM Agent Systems. arXiv preprint.

* This article was written in part with AI assistance and may contain inaccuracies.