
Key facts.
- GhostCite (arXiv:2602.06718) benchmarked 13 leading models and found citation fabrication from about 14% to 95%, with invalid-citation rates rising over time, showing model behavior is not static.source
- TRAIL (arXiv:2505.08638) shows that diagnosing where an agent went wrong requires monitoring the full trace, a lifecycle-long activity, not a one-time check.source
- The EU's Digital Operational Resilience Act (Regulation 2022/2554) requires ongoing ICT risk management and incident handling across an entity's operations, a lifecycle obligation not a launch one.source
Why does launch-only governance go stale?
GhostCite found citation fabrication from 14% to 95% across 13 models, rising year over year, so behavior is not fixed; a stronger model does not solve lifecycle risk, drift sets in, so govern to retirement. (arXiv:2602.06718)
The agent does not stay the thing you reviewed. At development, the risk is in design and scope. At deployment, it is in the integration and permissions. During monitoring, it is in drift: the world changes around the agent even when the agent does not. At update, it is in regression: a change that helps one case breaks another. And at retirement, it is in residue: the access, data and integrations the agent leaves behind if no one closes them out. A launch review touches only the deployment stage and certifies the agent as it was that day. GhostCite's finding that model behavior varies widely and degrades over time is the warning. Certifying a snapshot tells you little about the agent six months later, because the behavior itself is a moving quantity.
A more capable model does not collapse the lifecycle into the launch, because lifecycle risk is about change over time. TRAIL makes the monitoring stage concrete: diagnosing a failure requires the trace, an ongoing capability you maintain, not a box you check once. DORA encodes the lifecycle expectation at the regulatory level, requiring ICT risk management and incident handling as continuous obligations across operations rather than a one-time approval. The retirement stage is the one most often forgotten and the one that leaves the quietest exposure: an agent turned off but still holding credentials, still integrated, still able to be triggered. Governance that runs to retirement closes those out deliberately. Governance that stops at launch never gets there.

What does each lifecycle stage need?
Development needs scope and boundary definition, so the agent is designed against its risks. Deployment needs an integration and permission review, so it ships with least privilege. Monitoring needs drift detection and tracing, so degradation is caught while the agent runs, which is the TRAIL-style capability. Updates need regression validation against the stable controls, so a change does not quietly break a working path. And retirement needs a decommission checklist, so credentials are revoked, integrations are closed and data handling is resolved. DORA's continuous obligations map onto this as a regulatory floor for high-stakes settings. An agent governed this way is covered for how it actually behaves over time. An agent governed only at launch is covered for a day that has already passed.
| Stage | Dominant risk | Governance need |
|---|---|---|
| Development | Scope and design | Boundary definition |
| Monitoring | Drift | Detection and tracing |
| Updates | Regression | Validation against controls |
| Retirement | Residual access | Decommission checklist |
The Pattern Intelligence Layer is where governance spans the lifecycle. Behavior, drift and boundary adherence are tracked at the pattern level from deployment through retirement. The agent is governed for how it changes over time rather than certified once at launch. Reliability at the pattern level is what makes lifecycle governance a continuous capability instead of a one-time gate.
Frequently asked questions
Isn't a thorough launch review enough?
No. It certifies a snapshot. GhostCite shows model behavior varies and degrades over time, so the agent six months later is not the one you reviewed.
Why is retirement a governance stage?
Because a turned-off agent can leave live credentials and integrations behind. Decommissioning deliberately closes those, which a launch review never addresses.
What makes monitoring a governance activity?
It catches drift and enables diagnosis while the agent runs. TRAIL shows failure localization needs the trace, which is an ongoing capability, not a one-time check.

