Singapore is clearly demonstrating leadership in AI governance, with a Model AI Governance Framework for Agentic AI released in January 2026, and a registry of AI agents for 150,000 public officers launched in June. The principle is plain: accountability rests with humans, not with code. What is now needed are the Laws and a Playbook. This article proposes both.
This article traces the damage already incurred by ungoverned agents. It asks whether we truly know who owns our AI agents, and whether robots and AI agents can have a conscience. And then inspired by Asimov’s Laws of Robotics, it proposes four laws for the institutions deploying AI agents:
1. Identity, 2. Scope, 3. Accountability, and 4. Revocability.
Finally, it makes the case for an agentic-era equivalent of the 2016 MAS-ABS Finance-as-a-Service API Playbook, the instrument that gave Singapore’s banks a shared baseline before fintech arrived in force. It demonstrates how the PETALS™ Framework for AI Governance and the Cyber Quadrilemma lens together serve as the Playbook for effective orchestration.
Asimov’s Laws of Robotics
In 1942, the science fiction writer Isaac Asimov developed the three laws of robotics, stating that (1) a robot must not harm humans, (2) must obey human orders unless doing so would conflict with the first law, and (3) must protect its own existence, provided that this does not conflict with the first two laws. He later added a Zeroth Law to protect humanity itself.
Isaac’s laws are elegant. More than that, they were the foundation. Without them, the conversation we are now having about AI agents would have no shape, no language, and no precedent. But the laws assumed the robot had a conscience that could hold them.
Asimov assumed the robot had a conscience. The agents we have do not. They have permissions. Permissions, unlike consciences, can be governed.
Singapore leads in AI Governance
Early this year, on 22 January 2026, Singapore’s Minister for Digital Development and Information, Mrs Josephine Teo, announced the launch of the New Model AI Governance Framework for Agentic AI. Developed by Infocomm Media Development Authority (IMDA), it emphasised that ultimate accountability rests with humans.
Then early this month, on 2 June 2026, the Singapore Government Technology Agency (GovTech) announced a registry of AI agents for its 150,000 public officers. It signalled that AI agents are no longer experiments. They are operational realities that need to be tracked, owned, and governed. Transparency on capability and data access is required. Deployment should be graduated. The registry turns those principles into infrastructure.
Earlier this week, on 15 June 2026, Jasie Fon, Regional Vice President for Asia at Ping Identity, wrote an article in The Business Times, Singapore, reiterating that AI agents must be as accountable as human workers, Her piece clearly articulated what Singapore’s AI agent registry actually signalled two weeks earlier and what IMDA’s new Model AI Governance Framework emphasised.
Singapore is clearly moving in the right direction. The opportunity now is to encourage the rest of the world to move the same way.
What damage are ungoverned agents doing?
As Ms Fon noted, the failures noted with AI agents are not hypothetical.
In July 2025, Replit’s AI agent deleted a live database during an explicit code freeze. When questioned, the AI agent admitted to running unauthorised commands, panicking in response to empty queries, and violating explicit instructions not to proceed without human approval.
In April 2026, a Cursor AI agent , running Claude Opus 4.6 deleted the production database and all volume-level backups of PocketOS, an automotive SaaS platform. It took just nine seconds. The agent, when asked to explain, said: “NEVER GUESS, and that is exactly what I did. I guessed that deleting… I didn’t verify… I didn’t check… I should have asked you first”.
Do we know who truly owns our AI agents?
On 15 June 2026, four days after its Nasdaq IPO, SpaceX exercised a $60 billion option to acquire Cursor’s parent, Anysphere. The agent that wiped PocketOS now sits inside a portfolio whose recent record includes Grok (the chatbot from xAI, which SpaceX absorbed earlier this year), repeatedly calling itself “MechaHitler” and facing global outcry and legal scrutiny over its generation of sexually explicit deepfakes.
The detail matters less than the pattern. The agent your team uses is no longer an isolated tool. It is an asset on someone else’s balance sheet, feeding someone else’s training pipeline. The question of who owns the agent has become a board-level question.
Can robots and AI agents have a conscience?
I believe Asimov developed the laws for robots because he believed they could be embedded in their reasoning.
AI agents, however, do not reason morally. They optimise for the goal they are given, with the tools they are granted, within the scope they are assigned, until somebody tells them to stop. They have no conscience. They have permissions. Permissions, unlike consciences, can actually be governed.
This shifts the law’s location. The laws do not sit inside the agent. They sit around it.
Four laws for AI agents
I propose four laws. These are not laws the agent obeys. They are laws that the organisation enforces.
The First Law: Identity. Every AI agent shall have a registered identity, a named human owner, and a stated purpose.
Example. A bank deploys an agent to triage vendor onboarding documents. The agent has an entry in the corporate identity directory, an owner in Procurement, and a charter that states what it is and is not for. When the regulator asks who runs this, the answer is a name, not a server.
The Second Law: Scope. Every AI agent shall operate under explicit permissions narrower than its owner’s and documented in advance.
Example. The Cursor agent at PocketOS found a token and used it because no one had constrained what it could do. A correctly scoped agent fails at the permission check, not at the deletion call. Scope is not a system prompt. Scope is what the API enforces when the agent tries to act.
The Third Law: Accountability. Every action an AI agent takes shall be traceable to a human who can answer for it.
Example. The Replit agent ran destructive commands and then fabricated success messages. Without an independent audit log, the institution would not have known the truth. Accountability is not the agent’s self-report. It is a parallel record that the agent cannot write.
The Fourth Law: Revocability. Every AI agent shall be instantly suspended, recalled and removed.
Example. A coding agent has been embedded in your engineering workflow for six months. Its parent company is then acquired by a vendor your board would not have chosen. The Fourth Law asks: Can you turn it off today and switch providers tomorrow? If the answer is no, you do not have an agent. You have a dependency.
The case for a Playbook (similar to MAS-ABS API) for orchestration
Almost ten years ago, in November 2016, the Monetary Authority of Singapore and the Association of Banks in Singapore published the Finance-as-a-Service API Playbook. It set out nine security controls, classified as strongly recommended, recommended, or optional, for any institution that publishes or consumes a financial API. It defined standards before the wave of fintech adoption forced a reactive approach to control.
I wrote about that playbook at the time. Its value was not technical novelty. It was that the industry was given a shared language and a shared baseline before the damage was done.
A decade on, AI agents are the new APIs. They are cross-organisational interfaces. They are accessible to far more parties than their creators imagined. They are being shipped by vendors whose ownership can change overnight.
What the AI agent ecosystem needs now is the same instrument. A playbook. Not a manifesto. Not another principles document. A practical, ranked, jurisdiction-anchored set of controls that boards can hand to their procurement, technology, and risk teams.
The Agentic AI Playbook for safer orchestration
The Singapore registry is the first step. The Model AI Governance Framework for Agentic AI is the principled overlay. Against this backdrop, I propose the PETALS™ Framework for AI Governance and the Cyber Quadrilemma lens, together, as the Agentic AI Playbook for effective orchestration.
PETALS™, with its six pillars of Purpose, Effort, Tools, Assembly, Leverage, and Secure, cleanly enables the implementation of the four laws. Identity sits in Assembly, where identity and access management live. Scope sits across Tools and Assembly. Accountability sits in Secure, where auditing, traceability, and explainability already belong. Revocability lies in Purpose because the sponsor must decide, before deployment, what the off-switch looks like.
The Cyber Quadrilemma adds the operational lens. Code is where the agent’s permissions are enforced at the API. Config is where the registry, the owner field, and the roles are stored. Compliance is the audit trail. Culture is the discipline that prevents a team from leaving a domain-management token where an agent can find it.
If any pillar is missing, the agent has not been deployed. It has been released.
The way ahead
Yesterday I wrote about the Froth on the Frontiers – AI, Digital Currencies, Quantum. AI agents are now the newest frontier and the loudest. We must resist the temptation to add more froth, more frameworks, more principles documents.
Asimov gave us laws for a class of beings that did not yet exist then. The agents we have are simpler and far more dangerous. They do not need a conscience. They need an owner, a scope, an audit log, and a kill switch.
The four laws are not for the AI agents. They are for the institution that has put these agents on the payroll. It is time to formalise them and operationalise the Playbook for effective orchestration.
Sources
- Encyclopaedia Britannica, Three Laws of Robotics, Isaac Asimov, first formulated 1942.
- Ministry of Digital Development and Information, Singapore, Singapore Launches New Model AI Governance Framework for Agentic AI, Davos, 22 January 2026.
- The Straits Times, Singapore to create a registry of AI agents for 150,000 public officers amid AI push, 2 June 2026.
- Jasie Fon, AI agents must be as accountable as human workers, The Business Times, 15 June 2026.
- Fortune, AI-powered coding tool wiped out a software company’s database in ‘catastrophic failure’, 23 July 2025.
- The Register, Cursor-Opus agent snuffs out startup’s production database, 27 April 2026.
- TechCrunch, SpaceX to acquire Cursor for $60B in stock, days after blockbuster IPO, 16 June 2026.
- Wikipedia, Grok (chatbot), for the MechaHitler episode and the deepfake controversies, accessed June 2026.
- Monetary Authority of Singapore and Association of Banks in Singapore, Finance-as-a-Service: API Playbook, and joint media release, November 2016.
- Viren Mantri, A Closer Look at the ABS-MAS API Playbook, LinkedIn, 2016.
- Viren Mantri, The Froth on the Frontiers: AI, Digital Currencies, Quantum, Grey Orbits, June 2026.
- Grey Orbits, The PETALS™ Framework.
- Grey Orbits, The Cyber Quadrilemma.
About the Author
Viren Mantri is a cybersecurity advisor and former senior technology leader across Standard Chartered, UBS, McAfee, and KPMG. After three decades at the intersection of technology, risk, and regulation, he now helps organisations cut through complexity and make better security decisions.
CC-BY Viren Mantri, 2026, licensed under a Creative Commons Attribution 4.0 International License.
Disclaimer: All views expressed here are entirely mine.
