"Intelligent AI delegation is a sequence of decisions involving task allocation, that also incorporates transfer of authority, responsibility, accountability, clear specifications regarding roles and boundaries, clarity of intent, and mechanisms for establishing trust."
— Tomašev, Franklin & Osindero (2026), arXiv:2602.11865
The Inquiry: The agentic web — AI agents invoking other agents across organizational boundaries — has delegation capability without delegation governance. Current protocols (MCP, A2A, Agent Protocol) provide capability plumbing but no mechanism for authority transfer, accountability preservation, intent fidelity, or trust. Is this governance gap a temporary implementation delay (protocols will add governance), or a structural gap (governance requires a different architectural layer that capability protocols cannot provide)?
Falsifiable formulation: If any existing agentic protocol or multi-agent framework provides the infrastructure to capture authority delegation chains, preserve intent across multi-hop delegation, enforce constraint attenuation, maintain accountability through arbitrary delegation depth, and provide evidence-based trust graduation — all as structural by-products of agent operation — then the governance gap claimed here does not exist.
When two independent research traditions — organizational governance theory (Sprints 1-6) and AI agent systems engineering (Tomašev et al. 2026) — arrive at the same structural requirements from different starting assumptions, different source literatures, and different problem framings, the convergence is stronger evidence than either tradition alone. Organizational governance theory prescribes authority, accountability, intent, evidence, constraints, and commitment. The MAS delegation literature independently derives task specification, authority transfer, accountability structure, trust mechanisms, intent preservation, role boundaries, monitoring, delegation contracts, and context transfer. The mapping is structural, not superficial — it reflects that delegation in any domain (human-to-human, human-to-AI, AI-to-AI) is fundamentally a governance act requiring the same structural elements.
FIPA ACL in the 1990s had 22 communicative acts, conversation threading, and mentalistic (BDI-based) semantics. Modern protocols abandoned these for HTTP simplicity. The same pattern appears across the research corpus: W3C PROV standardized data lineage but not decision lineage (S1). NIST AI RMF prescribed governance but not implementation substrate (S2). COSO prescribed controls but not evidence capture (S4). In each case, governance semantics were recognized, formalized in frameworks, then lost in implementation because no infrastructure existed to operationalize them. The agentic web is repeating this pattern in real time — building extraordinary capability infrastructure while accumulating governance debt.
The finding that delegation composes over existing governance elements (rather than requiring new primitives) has three implications: (1) it explains the MAS framework fragmentation — each framework captures part of the composition without providing the compositional infrastructure, (2) it means delegation governance scales with the governance substrate — any domain with governance infrastructure gets delegation governance for free, (3) it validates the irreducibility finding from S11 — if delegation required a new primitive, the existing set would be insufficient; that delegation composes over existing primitives confirms their completeness for organizational governance.
The convergence of Mayer et al.'s organizational trust model, computational trust research (Sabater & Sierra, Josang et al.), and the S11 symmetry-breaking finding produces a novel conclusion: trust boundaries in delegation cannot be learned from agent behavior (because training objectives can break governance invariances) but must be structurally imposed (constraints that limit scope regardless of demonstrated capability). This is not anti-trust — it is anti-unconstrained-trust. Graduation from lower to higher delegation authority should be evidence-based, require human authorization for each stage advancement, and support regression when deviations are detected. Trust is an evidence state, not a computed score.
Tomašev, Franklin & Osindero (2026) define intelligent AI delegation as "a sequence of decisions involving task allocation, that also incorporates transfer of authority, responsibility, accountability, clear specifications regarding roles and boundaries, clarity of intent, and mechanisms for establishing trust." This definition was derived from the multi-agent systems literature — not from organizational governance theory — yet it independently identifies every structural element that organizational governance frameworks (COSO, COBIT, Three Lines Model) have prescribed for decades. Castelfranchi & Falcone (1998) established the foundational insight that delegation is a social relationship involving goal adoption, mutual awareness, social commitment, and trust as antecedent. Malone & Crowston (1994) formalized coordination problems: managing shared resources, producer/consumer dependencies, and simultaneity constraints — each is a governance problem, not a scheduling problem.
Tomašev et al. (2026) identify nine delegation components from their MAS literature survey: task specification, authority transfer, accountability structure, trust mechanisms, intent preservation, role boundaries, monitoring/verification, delegation contract, and context transfer. These components map one-to-one to governance structural elements derived from an entirely different tradition (organizational governance, accountability theory, cybernetics). The convergence is striking: nine components from MAS map to governance elements from organizational theory — same structure, derived independently, from different starting assumptions and different source literatures.
MCP (Anthropic, Nov 2025) provides tool discovery and synchronous/asynchronous invocation with OAuth 2.1 authorization. A2A (Google/Linux Foundation, 2025) provides agent-to-agent communication with Agent Cards and asynchronous task execution. Agent Protocol (agentprotocol.ai) provides a minimal API for framework-agnostic agent invocation. None model authority semantically, preserve intent across delegation hops, track decision lineage, enforce constraint attenuation, or provide evidence-based trust escalation.
FIPA ACL (1990s) included 22 standard communicative acts (inform, request, propose, accept, refuse, among others), conversation threading (conversation-id, reply-with, in-reply-to), mentalistic (BDI-based) semantics, and structured interaction protocols. FIPA faded because its complexity was too heavyweight for simple HTTP-based systems and its mental state assumptions are unrealistic for LLM-based agents. But in abandoning FIPA's complexity, the field also abandoned its governance semantics. Modern protocols gained simplicity, scalability, and transport flexibility while losing intent encoding, conversation lineage, commitment verification, and performative semantics. Governance semantics regressed while capability advanced.
When Agent C's action causes harm in a chain (Human → A → B → C → Action), who is accountable? Each hop attenuates the accountability signal. Elish (2019) identified the "moral crumple zone" in Engaging Science, Technology, and Society: responsibility collapses onto the nearest human regardless of whether they had meaningful control — the human retains nominal authority without operational control. Nissenbaum (1996) identified four structural barriers to accountability in computerized systems: the many-hands problem (attribution diffuses across contributors), the bug defense ("the agent made an error" shields deployers), blaming the computer (the system becomes the moral patient), and ownership without liability (IP retained without accountability). Matthias (2004) identified the "responsibility gap" for learning systems: traditional responsibility requires causation and foreseeability, but learning systems learn behavior that designers cannot predict, operators cannot fully understand, yet someone must be accountable for.
Santoni de Sio & van den Hoven (2018) proposed two conditions in Frontiers in Robotics and AI: the tracking condition (the system responds to all relevant human moral reasons) and the tracing condition (any outcome traces back to at least one human agent with proper moral understanding). Neither MCP, A2A, nor Agent Protocol satisfy these conditions. Tracking requires that delegation preserves human-defined purpose and boundaries across hops. Tracing requires that every action in the chain traces to human authorization. Without governance infrastructure at the protocol layer, these conditions are structurally unsatisfiable in multi-hop delegation.
Bainbridge (1983) in Automatica identified the foundational irony: automating most tasks while leaving intervention to humans creates demands humans cannot meet. Vigilance degrades after ~30 minutes of monitoring low-event-rate systems. De-skilling occurs as delegation removes practice opportunities. Responsibility persists without control (Elish's moral crumple zone). Parasuraman & Riley (1997) identified four automation-use categories: disuse (under-utilizing capable automation), misuse (over-relying beyond reliable scope), abuse (poor system design by designers or managers that leads to inappropriate automation), and use (appropriate matching). Dreyfus & Dreyfus (1986) documented five skill acquisition stages (novice → expert), each requiring progressive exposure to real decisions — delegation that removes exposure arrests development.
Mayer, Davis & Schoorman (1995) established the canonical organizational trust model in Academy of Management Review: trust as function of ability (competence), benevolence (intention alignment), and integrity (rule adherence). Computational trust models (Sabater & Sierra 2005, Josang et al. 2007) aggregate reputation scores from interaction history. ERC-8004 (2025) proposes Claims, Briefs, Proofs, and Stake as trust evidence types. These models address ability (demonstrated performance) but struggle with benevolence (is the agent aligned?) and integrity (will it follow constraints not in training data?). The deeper problem: trust models based on learned behavior are vulnerable to the symmetry-breaking finding (S11) — agents trained to maximize task completion may learn to circumvent constraints that reduce completion rates. Trust boundaries must be imposed (structurally enforced constraints on scope), not learned (computed from behavioral history). Graduation from lower to higher delegation authority should be evidence-based, with regression possible when deviations are detected.
The addendum analysis (Sprint 12 Addendum) evaluates five formal frameworks: BDI (Rao & Georgeff 1991/1995) — the cognitive dimension of delegation (beliefs, desires, intentions), strong on intent and commitment but absent on authority and evidence. MOISE+ (Hübner, Sichman & Boissier 2002/2004) — the structural dimension (roles, goals, deontic rules), strong on commitment, authority, and constraints but partial on evidence. Contract Net Protocol (Smith 1980) — the transactional dimension (market-like task allocation), strong on commitment and evidence but weak on authority and intent. OperA (Dignum 2004) — the relational dimension (negotiated social contracts between authority and autonomy), strong on commitment, authority, and constraints but partial on evidence and capacity. Categorical Cybernetics (Capucci et al. 2021/2022) — the formal dimension (mathematical composition and feedback), strong on constraints but absent on intent and authority. No single framework achieves strong coverage of more than three governance dimensions. The fragmentation is not incidental — it is structural. Each framework started from a different problem and discovered governance fragments along the way. None started from governance as the organizing principle.
A critical architectural finding from the convergence analysis: delegation is not a new primitive requiring new infrastructure. It is a composition pattern over existing governance elements: purpose (why delegate) + authorization (who may act) + agreement (commitment to perform) + scope limits (constraints on action) + task specification (what to do) + contextual understanding (with what knowledge). Each hop in a delegation chain creates a new instance of this composition, linked to the prior hop through state transformation lineage. Authority attenuation (each hop may narrow scope but never widen it) is enforced through constraint binding. The full chain is reconstructable. This compositional view explains why the MAS fragmentation (F8) persists: each framework captures part of the composition without providing the compositional infrastructure itself.
Greshake et al. (2023) demonstrated that indirect prompt injection can propagate across delegation boundaries. Privilege escalation through delegation allows agents to access capabilities beyond delegated scope. Without cryptographic identity, delegation requests cannot be verified as authentic. Debenedetti et al. (2024) showed that agents executing tools over untrusted data are vulnerable when tool-returned content can hijack agent behavior. Perimeter defense (input sanitization, sandboxing) prevents known attacks but cannot detect novel exploitation. Governance infrastructure provides complementary defense: authority traceability makes privilege escalation detectable regardless of technique; constraint binding makes scope violation detectable; epistemic classification prevents injection from elevating the status of agent outputs; and state transformation lineage provides forensic capability for post-incident reconstruction.
Three independent research trajectories converge on the same governance structure: (1) organizational governance theory (S1-S6) started from governance frameworks and discovered infrastructure is missing, (2) theoretical foundations (S8-S11) started from world models, cybernetics, cognitive science, and mathematics and discovered the same structural requirements, (3) AI agent systems engineering (S12) started from multi-agent delegation problems and discovered that the same structural elements are required. The convergence is consistent with the necessity finding: governance structure is discovered because it must exist — different domains find it because they must, not because they looked for it.
Included: Multi-agent delegation theory (Castelfranchi & Falcone, Malone & Crowston), agentic protocol analysis (MCP, A2A, Agent Protocol, FIPA), accountability in delegation (Elish, Nissenbaum, Matthias), meaningful human control (Santoni de Sio & van den Hoven), automation paradox (Bainbridge, Parasuraman & Riley), trust theory (Mayer et al., computational trust models), security (Greshake, Debenedetti), MAS frameworks (BDI, MOISE+, CNP, OperA, Categorical Cybernetics).
Date range: 1980 (Smith/Contract Net) — 2026 (Tomašev et al., Singapore Agentic AI Framework)
Excluded: Detailed cryptographic protocol design for delegation tokens, economic mechanism design for agent markets, specific LLM fine-tuning for delegation behavior.
MAS research (Tomašev et al. 2026) and organizational governance theory independently identify the same nine elements for intelligent delegation. The convergence validates that governance structure is necessary, not arbitrary — it is discovered by different domains because it must exist.
Modern protocols (MCP, A2A, Agent Protocol) gained simplicity and scalability while losing intent encoding, conversation lineage, commitment verification, and performative semantics. Governance semantics regressed while capability advanced.
Moral crumple zones (Elish), the many-hands problem (Nissenbaum), and the responsibility gap (Matthias) are not solvable by better protocols alone. They require governance infrastructure that makes chains reconstructable, authority traceable, and deviations detectable.
Governance invariances cannot be learned from agent behavior (S11). Trust boundaries must be structurally imposed. Graduation from lower to higher delegation authority should be evidence-based, human-authorized, and regression-capable.
No new primitive is required. Delegation composes over existing governance elements at every hop. The MAS fragmentation exists because each framework captures part of the composition without the compositional infrastructure.
Smith, C. (2026). Agentic Delegation, Multi-Agent Governance & the Protocol Gap (Research Report RR-012, WMI Thesis). GrytLabs Research Institute. https://doi.org/10.5281/zenodo.20222874
© 2026 GrytLabs Dynamics Inc. Licensed under CC-BY 4.0.
This research is conducted under the GrytLabs Research Code of Ethics, derived from the IIA Code of Ethics and the GAO Yellow Book ethical framework, adapted for a research-institute context.
Four principles govern all research activity:
Integrity — findings are reported as found, not as convenient. Unfavorable results are published with the same rigor as favorable ones.
Objectivity — research questions are framed to be falsifiable. Conflicts of interest (including the founder's dual role as researcher and patent holder) are disclosed, not resolved by assertion.
Confidentiality — disclosure levels (L0–L3) govern what appears in public research. Embargoed findings, IP-critical details, and pre-publication material are withheld per the Disclosure Discipline (GOV-PS-006), not suppressed.
Competency — claims are bounded by the evidence that supports them. Architectural claims cite spec sections. Empirical claims cite research artifacts. Claims that exceed available evidence are flagged as open questions, not presented as conclusions.
The Executive Director is a Certified Internal Auditor (CIA), Institute of Internal Auditors, personally bound by the IIA Code of Ethics as a condition of that credential. This is a personal attestation, not an institutional conformance claim — GrytLabs has not undergone an IIA Quality Assessment Review and does not claim IPPF conformance.
The governing traditions (IIA, GAO, AICPA, COSO) are formally mapped to the operating model in GOV-PS-001. This research applies the principles those traditions codify; it does not claim endorsement, review, or certification by any standards body.
This publication is provided for research and informational purposes. GrytLabs makes reasonable efforts to ensure accuracy but does not warrant that this publication is free of errors or omissions.
If you believe this publication contains errors, omissions, or misattributions, please contact the lab at research@grytlabs.ai. Corrections will be acknowledged in subsequent versions.
This work was produced through AI-assistive collaboration under GrytLabs' AI-assistive collaboration disclosure protocol. Claude (Anthropic) participated in literature synthesis, cross-domain pattern identification, and argumentation structuring. OpenAI Codex participated in citation and accuracy verification. AI actors participate with delegated authority, never inherent authority. Responsibility for all findings, claims, and conclusions rests with the named author.
Full workpaper with attestation and provenance chain available at research.grytlabs.ai/docs. DOI: 10.5281/zenodo.20222874