How KPMG Plans to Tame Multi-Agent Systems That No Human Fully Understands

When enterprise AI agents started appearing in board presentations a couple years ago, the conversation was about productivity and efficiency. Nobody was particularly worried about the agents themselves. That is changing fast.

KPMG, the Big Four accounting and advisory firm, published a set of AI Assurance services in September 2025 specifically designed to help organizations manage what the firm calls the "compounded risks" of agentic systems: security vulnerabilities, customer privacy, accuracy of outputs, and what happens when a multi-agent system makes a decision no human fully understands. The services include confidence thresholds for agent actions, mandatory human oversight at configurable intervals, traceable inter-agent handoffs so that when one agent passes a task to another the chain of custody is logged, and input/output sanitization to prevent prompt injection and data leakage between agentic workflows. The firm also conducts red-team and purple-team testing of agentic architectures, probing for failure modes in multi-agent workflows.

The work sits inside a broader shift KPMG documented across 2025: agent deployment among surveyed enterprises more than doubled from 11 percent in the first quarter to 26 percent by the fourth quarter, according to the firm's quarterly AI Pulse surveys. That number actually dipped from a peak of 42 percent in Q3 — but KPMG says that decline reflects a more rigorous definition of what counts as a deployed agent, not a pullback. "Leaders have moved beyond initial deployments and are professionalizing and preparing to scale agent systems," Steve Chase, KPMG's Vice Chair of AI & Digital Innovation, said in the Q4 survey release. "They're not pulling back, they're professionalizing their agents and agent systems."

The governance framework KPMG released in September makes the enterprise mindset shift concrete. The firm built what it calls the TACO Framework, classifying agent types into four tiers: Taskers (simple single-step agents), Automators (workflow automation with some reasoning), Collaborators (agents that work alongside humans on complex tasks), and Orchestrators (multi-agent systems that coordinate other agents). Each tier carries different risk profiles. The framework is designed to help organizations audit what kinds of agents they have running, what those agents can access, and what happens when something goes wrong.

Swami Chandrasekaran, KPMG's Global Head of AI and Data Labs, told CFO Dive in October 2024 that the firm was deliberately avoiding fully autonomous agent deployments. "We don't want it to be fully autonomous and doing things which we have no control over," Chandrasekaran said. "So we're putting in all the necessary guardrails." That framing — agents as a privilege-escalation problem requiring explicit permission and oversight — has only hardened as deployment has scaled.

The security concerns are not theoretical. KPMG's Q4 survey found that 80 percent of enterprise leaders now cite cybersecurity as the top barrier to achieving their AI strategy goals, up from 68 percent in the first quarter. Data privacy concerns rose to 77 percent, up from 53 percent in Q1, as agent-to-agent workflows and tool integrations expanded the attack surface. In response, 60 percent of organizations restrict agent access to sensitive data without human oversight, and nearly half employ human-in-the-loop controls across high-risk workflows. Three-quarters of surveyed leaders said security, compliance, and auditability were their most critical deployment requirements — ahead of speed or cost.

Our read: KPMG is doing what Big Four firms do when a technology reaches this inflection point — turning a risk management problem into a service offering. But the specifics matter. The fact that they are publishing detailed guardrail specifications — confidence thresholds, handoff logging, red/purple teaming, input/output sanitization — signals that enterprise customers are asking hard questions, not just nodding along to the pitch deck. This is the first wave of documented enterprise-grade agent security practices, and it will become a baseline other firms are measured against.

Swami Chandrasekaran, Global Head of KPMG AI and Data Labs, put a timeline on it: "2026 will be the year we begin to see orchestrated super-agent ecosystems, governed end-to-end by robust control systems that drive measurable outcomes and continuous improvement." The firms that get this right — that build verifiable control infrastructure before agents run loose in production — will have a significant advantage in enterprise trust and regulatory positioning. Those that don't will be explaining to clients and regulators why their agent made a decision nobody can reconstruct.