Execution governance is the set of controls that limits what an AI system can actually do, not just what it can read or be told. In agentic systems, this means governing tool calls, data movement, state changes, approvals, and other side effects. It is the practical layer that separates safe analysis from dangerous action.
This matters because an AI agent can combine several harmless permissions into a sensitive outcome: reading a document, querying a directory, drafting a message, and then sending or changing something. Attackers may exploit that chain through prompt injection, tool misuse, or delegation abuse. Defenders use least privilege, scoped connectors, allowlists, confirmation gates, rate limits, and detailed logs of requests, context, actions, and results. Good execution governance reduces blast radius when the model is manipulated or simply makes a bad decision.