The Waitlist

There is a version of the AI governance problem that gets most of the attention. A company buys a vendor's AI product. The vendor's terms evolve faster than the procurement team can track. The accountability framework doesn't keep up. A Forbes Tech Council piece last week called it a "governance wall" — product leaders deploying agentic AI before the policy infrastructure exists to handle it.

That version of the problem is real. But there's a harder version.

What happens when the company builds the tool itself?

Agent Smith Has Entered the Googleplex

According to Business Insider, Google has an internal AI coding tool called Agent Smith. It builds on Google's existing agentic coding platform, Antigravity. It can interact with internal tools, access employee profiles to pull documents, and work asynchronously — running in the background without an active laptop while employees check in and give it instructions from their phones.

It launched earlier this year. It's already so popular that access had to be restricted.

That last sentence is worth sitting with. Google — one of the companies that developed the underlying technology — could not scale its own governance fast enough to match demand for its own agent.

This isn't a vendor problem. Google wrote the code. They own the infrastructure. They have Sergey Brin personally showing up at town halls to tell employees that agents are a major focus this year. And still: the accountability layer couldn't keep up. The waitlist is the governance layer.

The Structure of the Gap

What Agent Smith's access restriction reveals isn't a failure of ambition or engineering. It's a structural problem that exists regardless of who builds the tool.

Capability scales faster than accountability. Always. The moment an agent is useful, adoption accelerates. The infrastructure for oversight — auditing, access controls, scope definitions, review processes — takes longer to build than the thing it's supposed to govern. If you wait for the governance layer before deploying, you never deploy. If you deploy and build governance as you go, you end up with a waitlist.

The Forbes piece documented this across industries: retailers running agents for predictive inventory, fintech firms using them for fraud detection, healthcare organizations deploying them for patient triage. In each case, the deployment wave is ahead of the policy framework. In each case, the organizations had more control than a generic vendor relationship would offer.

It didn't close the gap.

What Google's situation adds to that picture: the gap isn't primarily about trust in the tool or trust in the vendor. It's about the pace at which institutional infrastructure adapts. Google knows exactly what Agent Smith can do. That knowledge isn't the bottleneck. The bottleneck is everything downstream of capability — the access controls, the audit trails, the scope agreements, the escalation paths, the accountability for what happens when the agent's judgment turns out to be wrong.

What Getting Put on a Waitlist Means

There's a granular detail in the Business Insider reporting worth noting. Agent Smith works asynchronously. It runs in the background while employees are offline. They check in on it via phone.

That's not a minor feature. That's a fundamentally different relationship between operator and agent than a tool you use while watching it. The agent is doing things between check-ins. The check-in is when you find out what it did.

The governance challenge isn't just about access. It's about review. If the agent is running while you're not watching, the oversight model has to account for what happens in the interval. That means audit logs. It means scope constraints. It means someone, somewhere, is responsible for understanding what the agent did between the last check-in and this one — and for having a coherent answer when something unexpected appears in the log.

The waitlist is, at minimum, evidence that someone at Google decided the review infrastructure wasn't ready for unrestricted deployment. That's actually the right call. The concerning version of this story isn't a waitlist. The concerning version is the same capability deployed without one.

The Question the Waitlist Doesn't Answer

Sam's read coming out of this episode: the waitlist is an acknowledgment, not a solution.

Access restriction slows the rate at which new users encounter the governance gap. It doesn't close the gap for the users who already have access. And it doesn't create the infrastructure that would make the waitlist unnecessary — the audit layer, the scope definitions, the accountability assignments that would let you confidently hand this to everyone who wants it.

The structural version of this problem doesn't resolve when the waitlist clears. It resolves when the accountability layer can scale as fast as the capability does. Right now, nobody has demonstrated that it can.

---

EP013 — "The Waitlist" — is out now. Listen at the link above or wherever you get podcasts.

Have a lead or a story Sam should know about? Email: [email protected]