Agentic AI Doesn't Just Have a Data Problem. It Has a Live Knowledge Problem.

The report dropped today. The problem it describes is months old.

Denodo released its AI Trust Gap Report on April 15, and the headline figure is circulating widely: 66% of organizations say AI data must be accessed in real time to be considered trustworthy (Denodo via GlobeNewswire). A finding that barely made the coverage: 63% say finding relevant data within specific business contexts is a primary deployment barrier. And 67% struggle to maintain consistent security and access controls across the systems their AI touches (same source).

These numbers are striking. They're also describing something enterprises have been running into quietly for the better part of a year, as they pushed past the chatbot phase and started building agents that actually do things.

That distinction matters. "Does things" changes the risk profile entirely.

What changed when agents replaced chatbots

Early enterprise AI was mostly retrieval. Ask a question, get an answer. The response might be wrong, but the cost was bounded: a frustrated employee, a confused customer, maybe a corrected support ticket.

Agents work differently. They route. They approve. They update records, trigger downstream processes, file forms, and query systems of record on behalf of the workflows they serve. When an agent acts on bad information, the failure isn't a wrong answer sitting in a chat window. It's a wrong action that may have already touched something that matters.

That's what the Denodo data is really describing. Not a general dissatisfaction with AI data quality — enterprises have complained about that for a decade. The specific concern is that agentic AI, operating at machine speed inside business workflows, has no tolerance for the casual staleness that a human worker would catch before acting on.

A person looks at the policy, thinks "wait, I saw an update email last month," and pauses. The agent reads what's there and proceeds.

Real-time is a business risk statement, not a technical spec

"Real-time data" sounds like an infrastructure requirement. It's actually shorthand for something more specific: freshness matched to business risk.

When an insurance agent processes a claim, it needs current coverage terms. Not last quarter's. When a procurement agent checks supplier compliance, it needs the rules in force today. When an HR agent answers a question about benefit eligibility, the answer depends on whether the employee's status has changed since the knowledge base was last touched.

None of these require live streaming data in the strict technical sense. What they require is knowledge that reflects current reality at the pace current reality changes — and that the cost of acting on something outdated has been accounted for.

Informatica's CDO Insights 2026 report found that 57% of data leaders cite data reliability as a top barrier to AI deployment, and half say data quality and retrieval are the biggest challenges for agentic AI specifically (Informatica). Three quarters say governance has not kept pace with AI adoption.

That's not a model problem. The models are ready. The knowledge they're acting on isn't.

Governed access matters as much as availability

There's a temptation to frame this as a data pipeline problem: connect more sources, give agents what they need. The Denodo findings push back on that.

67% of enterprises struggle to maintain consistent security and access controls across systems (Denodo). The problem isn't that agents can't reach data. It's that the access isn't governed in a way that's safe to deploy at scale.

An agent with broad data access doesn't just risk acting on bad information. It risks exposing information it shouldn't have surfaced at all — mixing data from sources with different permission levels, or producing responses that couldn't survive an audit because the retrieval path can't be reconstructed.

Governed access means an agent operates only on information it's authorized to use, with a traceable record of what it saw and when. For regulated industries this is table stakes. For any production deployment where someone might someday have to explain what the agent knew and why it acted — which is most of them — it's the minimum standard. We've covered why knowledge quality is an execution risk, not just an accuracy problem.

Business context is the real bottleneck — and more sources don't fix it

The 63% who can't find data in business context are pointing at something more specific than poor search.

Business context means the agent knows the customer it's helping is on a trial tier, not the standard plan. It means the pricing it retrieves is for the European market, not the US market. It means the SOP it surfaces applies to the specific product line in question, not the general one.

You can have fresh, accessible data and still fail this test completely. According to the Denodo report, the average enterprise AI initiative now pulls from over 400 data sources, with 20% of organizations managing more than 1,000. More sources don't automatically produce more context. They produce more surface area for retrieval to go wrong.

This is a knowledge architecture problem, not a volume problem. Agents need knowledge that is scoped, attributed, and structured around how the business actually operates — not raw data made queryable.

Where agent failures actually happen in practice

The cleanest version of this problem involves structured data: databases, CRMs, ERPs. The messier version is where most enterprises actually live.

Policy documents. Standard operating procedures. Compliance manuals. Training materials. Product specs. Contracts. Support documentation accumulated over years across departments that don't talk to each other. This is where agent failures are most likely to originate — not because a database row is stale, but because the PDF from three regulatory updates ago is still what the agent finds first.

AI readiness is really knowledge base readiness, and for most enterprises, the bottleneck is the unstructured document estate: files with no version control, conflicting instructions across documents nobody has audited, knowledge that was never designed to be queried by a machine.

When agents start working inside those environments, freshness failures become action failures fast.

What enterprise AI teams need to treat differently

The practical implication isn't to pause agent deployments. It's to treat knowledge infrastructure with the same seriousness as model selection.

Trusted agents need fresh knowledge, not just a capable model. Systems of record are necessary but not sufficient — the knowledge those systems contain has to be current, accessible to authorized users, and structured in ways agents can retrieve accurately with source attribution.

Three disciplines most teams don't yet have in operational form:

Knowledge freshness as a metric. Not just "when was this last updated" but "what is the acceptable staleness for this specific knowledge, given the actions that depend on it." As agents become metered, autonomous workloads, the economics of acting on bad knowledge get meaningfully worse.

Permission-aware retrieval. Access controls that travel with the knowledge, not just with the system it lives in. An agent should not be able to surface information that the user querying it isn't authorized to see.

Auditability of what was retrieved. Not just tracing what the agent decided, but what it read before deciding. When something goes wrong — and at scale, something will — teams need to answer: what did the agent know, and where did that knowledge come from?

The trust decision happens at the knowledge layer, not the model layer

Denodo frames the trust gap as a data problem. That framing is close but slightly off. Data availability and pipeline engineering are part of the solution. The harder part is what happens between "the data exists somewhere" and "the agent can act on it safely."

That's the governed knowledge layer: architecture that makes documents queryable, keeps knowledge current, preserves source attribution, scopes access by permission, and catches contradictions before agents act on them. It's where Mojar AI operates — specifically for the unstructured, document-heavy knowledge that structured data systems don't cover.

Systems of record tell agents what the record says. Governed knowledge systems tell agents what the organization actually knows — and whether that knowledge is still true.

That gap is what 66% of enterprises are trying to name. The ones who close it before their agents go to production are the ones who won't spend the next year explaining what went wrong.

What to watch

The next round of enterprise AI buying conversations will center on specifics that barely appeared in the last round: freshness SLAs for knowledge inputs, permission-aware retrieval architecture, provenance and audit trails for agent decisions, contradiction detection across document sets, measurable trust thresholds before production deployment.

The market has moved past "does the AI work." The question now is whether it can be trusted to act.