Buy-side data is stale. AI agents in marketing are acting on it anyway
AdExchanger columnist Margarita Savytska argues the buy-side data layer was never built to be acted on by AI agents. Stale consent and suppression rules now drive sends and scores at scale.
Most enterprise monitoring was built to watch humans, but the data layer underneath marketing decisions was never built to be watched. It was built to be acted on, three to five years ago, by humans who would review a campaign before it sent. AdExchanger columnist Margarita Savytska argues that the agents rewriting every other enterprise workflow have just removed that review step, and the buy-side data layer underneath was never set up to survive it.
The buy side refers to the advertiser side of the ad tech stack, the companies buying media and running marketing automation, and it never built the verification frameworks the supply side did. Years of work went into proving that supply-side data, the audience signals publishers and sellers act on, is what it claims to be. The buy side has no equivalent. Consent records were captured under one regulatory framework, suppression lists were reconciled against systems that have since been deprecated, and lead scoring models were calibrated against a buyer profile that no longer reflects who actually converts. None of this was wrong when it was built. It is stale now, and the agents running on top of it do not know that.
The agent change is not subtle. An AI agent making send decisions inside a marketing automation platform acts on whatever the data layer tells it, at speed, at scale, and with no instinct to question whether a consent record still means what it says. An agent will suppress an entire segment of high-value prospects based on a rule nobody remembers writing. It will keep sending campaigns to contacts whose opt-in intent expired two regulatory cycles ago. The failure shows up as a deliverability incident, a compliance exposure, or a pipeline problem nobody can diagnose from the dashboard. The fix is the same kind of work the supply side did ten years ago.
What the supply-side playbook actually requires
The supply side's playbook was verify, document, and create accountability for the data that automated systems act on. The buy side can run the same playbook against its own data layer, starting with consent and preference data. Pull opted-in contacts, check when consent was captured, and flag anything older than 18 months for reverification against current processing purposes. Apply the same discipline to preference data, since preference centers that no longer match the campaign categories the team actually runs today collect data that is meaningless. The rule is simple. If the options in the preference center do not match the categories the team sends to, the data it collects is not worth acting on.
Suppression logic needs the same scrutiny the industry applies to brand safety rules. Export the suppression rules, trace each one to the campaign or business reason it was created for, and kill the ones nobody can explain. A rule that exists and no one on the current team knows why is either protecting the program from something important or blocking revenue for no reason. Either way, it is a liability, and an agent running against it will compound the cost at the rate of the campaign cadence. The same goes for the lead scoring model. If the model was trained on a buyer profile that no longer reflects the conversion data the team sees in the CRM, the score is decorative. An agent that triggers a campaign on a low score is wasting a touch. An agent that suppresses a high score is losing a deal. Both are happening in production environments today, and neither is showing up in any monitoring tool.
The marketing ops, legal, and IT handoff problem
The organizational change is the harder one. Someone needs to own the data layer that agents depend on, a person who can answer the question of what data the agents are acting on and when it was last verified. On the supply side, data quality has an owner because the industry agreed it matters. The buy side needs the same commitment. The role typically sits between marketing ops, legal, and IT, and the current distribution of that responsibility is exactly the gap. When something goes wrong, marketing ops points at legal, legal points at IT, and IT points at the model vendor. An agent running in production is not going to wait for three teams to agree on whose job the data layer is. The org chart has to land the answer before the incident does, and the people closest to the data layer need the budget and authority to do the reverification work.
Why the buy-side data layer is the next governance fight
The marketing automation stack has been quietly absorbing AI agent features for the last 18 months. Adobe added agentic capabilities to Marketo. HubSpot shipped Breeze Agents. Salesforce launched Agentforce for marketing automation. Microsoft extended Copilot Studio to the Dynamics 365 marketing module. Every major MAP vendor has shipped or is shipping an agent surface that operates directly on the data layer. The agents are not coming. They are in production, and the teams running them do not have the data layer in a state where the agents are safe to run. The same observation that applies to shadow agents in IT applies to shadow agents in marketing ops, with the additional wrinkle that the data they act on is the asset the company is trying to protect.
The agent governance conversation across the enterprise stack is starting to converge. The recent Identiverse 2026 recap on agent identity made the case that agent identity is the new IAM front, and the enterprise AI governance checklist covers the same surface from a different angle. Buy-side data governance is the missing parallel to both. The supply side has verification, and the agent identity stack is being assembled. The buy-side data layer, the data the marketing agents actually act on every day, is the part of the stack where the governance conversation has not yet landed. The original AdExchanger Data-Driven Thinking column by Margarita Savytska is the primary source for the framing above, and the buy-side data governance gap is the next place that conversation has to go.
Weekly newsletter
Get a weekly summary of our most popular articles
Every week we send one email with a summary of the most popular articles on AIntelligenceHub so you can stay up-to-date on the latest AI trends and topics.
Comments
Every comment is reviewed before it appears on the site.
Related articles
Shadow agents: enterprise IT can't see what runs at the API layer
CIO columnist Lucas Bonner argues that shadow AI agents, autonomous processes that operate at the API layer without logging in, are already inside enterprise systems. The governance gap is structural.
Netzilo brings AIDR runtime governance to Amazon Bedrock AgentCore
Netzilo is extending its AIDR runtime behavior graph and Governance-as-Code enforcement layer to Amazon Bedrock AgentCore, Microsoft Foundry, Microsoft Copilot Studio, CrewAI, LangGraph, and Google Vertex AI.
Warner AI AGENT Act sets the first US rules for autonomous agents
Sen. Mark Warner released a discussion draft of the AI AGENT Act on Monday, the first US federal bill to set baseline rules for autonomous consumer AI agents and the dominant platforms they have to interoperate with.