This work addresses the security and compliance risks arising when large language model (LLM) agents directly trigger state-changing actions within workflows. To mitigate these risks, the authors propose decoupling action generation from execution and introduce, for the first time, an Organizational Control Layer (OCL) architecture—a model-agnostic, non-intrusive governance infrastructure that enforces policy checks, enables action interception, and supports human escalation prior to execution. The approach requires no modification to the underlying LLM and is compatible with diverse backend systems. Evaluated on an adversarial negotiation task, the method reduces unsafe execution rates from 88% to near zero while increasing effective success rates from 12% to 96%, demonstrating the efficacy and practicality of the proposed governance mechanism.

LLM-based agents are increasingly deployed in workflows where generated outputs may directly trigger state-changing actions. This creates an execution-boundary problem: proposed actions must be governed before they are executed. We study this problem through economically consequential multi-agent interactions and argue that deployment-grade agent systems should separate proposal generation from environment-facing execution. To operationalize this principle, we introduce the Organizational Control Layer (OCL), a model-agnostic governance infrastructure that intercepts generated actions before execution through policy enforcement and escalation, without modifying the underlying LLM generator. We evaluate OCL on adversarial buyer--seller negotiation environments adapted from AgenticPay. Across multiple frontier LLM backends, OCL reduces unsafe executions from 88% to near-zero while increasing valid success from 12% to 96%. Results further reveal a safety--utility tradeoff: strict governance improves compliance and reliability against policy and constraint violations, but can reduce flexibility in tightly constrained markets. These findings suggest that deployment-grade LLM agent systems require explicit governance at the boundary between language generation and executable actions. The source code is available at: https://github.com/SHITIANYU-hue/amai_ocl