There are two fundamentally different ways AI shows up in an enterprise system right now, and the teams that confuse them tend to build the wrong thing.
The first is AI as the actor - the agent doing work on behalf of the business. It reads documents, drafts contracts, processes requests, calls external APIs, makes decisions. It is the thing the business deployed AI to accomplish. This is what most people picture when they hear "AI-native."
The second is AI as a tool for the people who run the system - the analytics, the recommendations, the assistants that help platform engineers, security teams, and compliance leads do their jobs better. This AI doesn't show up in customer flows. It shows up in dashboards, configuration interfaces, and administrative workflows.
Both are real. Both are valuable. And conflating them leads to architectures that are confused about who is being served by what.
The confusion shows up in governance
The place where this conflation causes the most damage is governance.
When a company starts asking serious questions about governing its AI agents - who is allowed to do what, what requires human approval, what gets blocked outright - the instinct is often to make the governance system itself AI-powered. Which sounds reasonable. AI is governing AI. Symmetry.
But the instinct, followed to its natural conclusion, produces a system where an AI is deciding which of the AI agents' actions are permitted. Nobody wrote those permissions down. Nobody approved them. Nobody can explain them after the fact. The governance layer, which exists to provide accountability, has itself become unaccountable.
This is not a hypothetical. It is the failure mode that enterprise organizations - especially in regulated industries - are quietly worried about, even as they rush to deploy.
The question that clarifies it
The question that breaks the confusion is: who is the user?
When an agent calls an API, the user of the governance layer is the organization's compliance team, its security engineers, its platform owners. These are human beings with jobs to do and liability to carry. The governance layer serves them. AI can help them do their jobs better - by surfacing patterns they would have missed, drafting rules they would have had to author by hand, simulating impacts they would have had to guess at. But the decisions remain theirs. The accountability remains with a person, not a model.
When an agent submits a request, the user of the governance layer is the agent - a probabilistic system. The governance layer makes a deterministic decision on behalf of the organization. That decision must be explainable to a human, defensible to a regulator, and revertible without drama. The agent's experience of governance is a verdict: approved, denied, or deferred for human review. It has no other relationship to the governance layer.
These two kinds of users need two different things. And mixing them up produces a system that serves neither well.
What this means in practice
For the organizations building agentic systems, the distinction has a practical implication: the AI that helps your compliance team author better governance rules should never be in the same execution path as the AI agents whose actions those rules govern.
Advisory AI that helps humans configure governance is useful. AI that configures governance by itself - silently, without a human decision in the loop - is a category error. Not because AI is unreliable, but because governance is a human responsibility. The rule that a financial services firm applies to outbound payment agents will be explained to a regulator by a person. That person needs to have been in the loop.
The architectural consequence is separation. The management plane, where governance is designed and maintained, should be where AI advisory tooling lives. The execution plane, where agents act and policies evaluate those actions, should be where human governance decisions are enforced - not where they are made.
The pattern is not specific to AI
Every time a new class of actor enters a system, the organizations that manage it well are the ones that kept clear about who governs the actors and who is an actor being governed. Banks that deploy trading algorithms maintain compliance functions staffed by humans who are not the algorithms. Hospitals that deploy diagnostic AI maintain review processes staffed by clinicians who are not the AI.
AI agents in enterprise software are a new class of actor. The governance infrastructure around them - the rules, the approvals, the audit trails - is a responsibility that sits with humans, supported by tools. The tools can be AI-powered. The responsibility cannot be delegated to them.
Formael exists at that boundary. The agent plane is where agents act. The management plane is where humans govern. The two planes have different architectures, different interfaces, and different users. Keeping them distinct is not a limitation. It is the point.