infrastructure · governance · enterprise · whitepaper
A New Infrastructure Layer, Again
Considerations for implementing platform services for AI agents in the enterprise
Every enterprise computing era eventually produces a governance infrastructure layer purpose-built for its patterns of access and action. The agent era is no different — except the patterns are probabilistic, multi-runtime, and moving faster than any that came before.
Executive summary
Traditional apps follow instructions. Agentic apps pursue goals. Enterprise software is undergoing its most significant architectural shift since the move to cloud. Agents compress workflows, handle complexity that deterministic code cannot, and adapt to context at runtime. Every enterprise that deploys them gains speed and efficiency. Every enterprise that does not will fall behind.
The challenge is equally clear. Agents make decisions at runtime such that the same agent, given the same input, may take a different path each time. Existing governance tools were built for applications that follow fixed paths. Agents require governance of decisions. These are different problems, and the gap is growing with every agent deployed.
This gap is compounded by fragmentation. Agents are appearing simultaneously across cloud providers, data platforms, SaaS applications, and developer tools. Each surface has its own partial answer to governance. None provide consistency across the others. The result is an enterprise estate where agents are productive but ungoverned — creating the same shadow IT pattern that followed cloud and containers, but with higher stakes because the systems in question reason for themselves.
A new era of agentic AI applications
The scale of the shift is difficult to overstate. Gartner forecasts 40% of enterprise applications will embed AI agents by the end of 2026, up from less than 5% at the start of 2025. A category that barely existed two years ago, reaching nearly half the enterprise application estate in a single budget cycle.
The breadth is equally striking. A logistics company deploys agents that reroute shipments based on weather, traffic, and port congestion. A financial services firm runs agents that monitor transactions, flag anomalies, and execute compliance workflows without human intervention. A software team ships code with agents that write tests, review pull requests, and deploy to staging autonomously. These are production workloads, running today, across every sector.
The question for enterprise leaders is no longer whether agents will be a significant part of the technology estate. They already are. The question is whether the governance infrastructure will be ready for what comes next.
From deterministic to probabilistic execution
Prior to AI, enterprise software did what the developer told it to do. An expense report workflow validates the receipt, routes it to the right approver, applies the policy, and processes the payment. Same input, same output, every time.
This is deterministic execution, and enterprise governance was built around it. Control who can access the application, configure what it can do, and you control the outcome. RBAC, API gateways, audit logs, network policies: the entire operational toolkit assumes software follows a fixed path.
The control point has moved. In a deterministic system, governing access is governing behaviour. In an agentic system, governing access is necessary but no longer sufficient.
Components of an agent
Strip away the marketing and the abstraction, and an agent is code. Every agent, regardless of how it is built or where it runs, is composed of three things:
| Component | What it does | Example variations |
|---|---|---|
| Code | Runtime and orchestration. Receives input, manages state, invokes model, calls tools. | Python, TypeScript, Go. LangChain, Vercel AI, Crew AI. |
| Model | Reasoning engine. Receives context, decides what to do next. | Frontier models (Anthropic, OpenAI, Google). App-specific models. |
| Tool | Anything the agent calls to interact with the external world. | MCP, REST. Any API, database, messaging system. |
Categorizing the agentic estate
Agents appear across at least five distinct surfaces in the enterprise, each with its own runtime, its own governance model, and its own blind spots.
| Surface | Examples | Code | Tool | Model |
|---|---|---|---|---|
| AI Platforms (AISP) | Anthropic, OpenAI | None | Full | Partial |
| Cloud Platforms (CSP) | AWS, Azure, GCP | Full | Full | Partial |
| Data Platforms (DSP) | Salesforce, ServiceNow, Databricks, Snowflake | Full | Partial | None |
| SaaS | Writer, Harvey, Cognition | None | None | None |
| Individual | Claude, ChatGPT, Cursor | None | Partial | None |
Why existing tools are insufficient
Platform teams already have operational tooling: RBAC, audit logs, secrets management, network controls, API gateways. These tools were designed for deterministic systems. They do not work well for agents, because agents reason about their own behaviour.
The existing tools control access. Agents require control of decisions. These are different problems, and they require different infrastructure.
A blueprint for platform teams
Platform teams have solved this class of problem before. When containers created deployment complexity, they built standardized deployment pipelines and orchestration platforms. The agent era requires the same approach.
| Domain | Outcome |
|---|---|
| Connect | Every agent is known, and every tool is accessible through a governed path. |
| Secure | Every action is evaluated against policy before it executes. |
| Operate | Every decision is recorded, and the platform is observable through existing tools. |
Conclusion
Every era of enterprise computing has produced a moment where the pace of adoption outran the infrastructure to govern it. The agent era is now. The enterprises that establish consistent governance for agents of all kinds will be the ones that enable their teams to deploy agents fastest and most confidently.
The path forward is clear. Define the agent. Map the surfaces. Establish the control points. Build the platform layer.