Everyone's scrambling to map runtime isolation, memory safety, and API call logging to the usual compliance frameworks. They'll get their checkboxes ticked.

The real failure is that SOC 2 and ISO 27001 have zero answer for the actual control surface: the natural language prompt.

* An agent's prompt is its source code. There's no change control, peer review, or versioning.
* There's no logging of what the prompt actually *was* at execution time. Just the output.
* No segregation of duties. The person writing the sales email agent prompt is the same person deciding its instructions and guardrails.
* Data classification? The prompt routinely contains the crown jewels as "context." It's in the log, but not flagged.

Auditors ask for a "change management policy." You show them your Git repo for the runtime wrapper. They never ask to see the prompt history in your LLM provider's dashboard. That's the gap. The runtime is a container. The prompt is the brain. We're certifying the box and ignoring the brain.