Architecture as an Unregulated Surface: The Governance Gap in Agentic AI Systems

Current AI governance frameworks — whether from regulatory bodies, standards organizations, or industry initiatives — concentrate oversight on model weights, training data, compute thresholds, and deployment restrictions. This paper argues that this concentration is structurally misaligned with how agentic AI systems actually work. Recent architectural analyses of production-grade agentic systems demonstrate that the overwhelming majority of system behavior — including safety properties, permission enforcement, context management, tool access, and error propagation — emerges from deterministic infrastructure surrounding the model, not from the model itself. This infrastructure is increasingly open-source, analytically transparent, and architecturally replicable. Yet it is not treated as a regulated surface by any major governance framework. This paper identifies this as a governance blind spot with implications for system reliability, safety, and national security, and argues that architecture must be recognized as a regulated surface in the frameworks currently under development.