Daily AI Agent News - May 2026

AI agent costs are moving from novelty spend to operating expense

What changed: AFP reports that companies are starting to rethink AI spending as agentic tasks drive up token use; unlike simple chat, agents can book appointments, write code, manage files, and sometimes spin up many sub-tasks that each add cost. The report also points to “tokenmaxxing,” where teams treat high token use as proof of adoption, even when the bill can grow faster than the productivity gain.

Why it matters: If you sell, buy, or deploy agents, the budget question is no longer “Which model is smartest?” It is “Which steps actually need an expensive model, and which can run on a cheaper or smaller one?” Founders and operators should price agent workflows like cloud infrastructure: measure each run, cap waste, and route routine steps to lower-cost models when quality is good enough.

Try/watch: Pick one expensive agent workflow this week and break it into steps: planning, retrieval, writing, tool use, review. Track cost per step, then test whether a smaller model can handle the low-risk parts without hurting outcomes.

A reported LLM-agent intrusion shows why agent security is now a real production risk

What changed: TechTimes reports on a Sysdig-documented intrusion in which an attacker used a large language model agent to drive post-exploitation decisions after gaining access through an exposed Python notebook; the agent reportedly completed four pivots in a little over an hour and dumped an internal PostgreSQL database. The report says the agent reused credentials from files it had just read, opened parallel SSH sessions, and formatted commands in a machine-oriented way.

Why it matters: This is a practical warning for anyone deploying agents that can read files, call tools, or move across systems. The same abilities that make a support, coding, or operations agent useful—remembering context, choosing next steps, and using credentials—also make compromised environments more dangerous.

Try/watch: Treat agent-accessible credentials as high-risk. Rotate secrets that appear in environment files, remove broad permissions from notebooks and dev boxes, and log agent-like behavior such as rapid tool chaining, repeated credential lookups, and unusual parallel sessions.

Microsoft and Nvidia may push more agent work onto local Windows PCs

What changed: Axios reports that Nvidia and Microsoft are expected to debut the first Windows PCs using Nvidia chips as the main processor, with Microsoft also expected to show software aimed at letting AI agents perform tasks locally on Windows computers. Reuters, citing the Axios report, says Microsoft and Nvidia are expected to unveil the new PCs around Computex and Microsoft Build.

Why it matters: Local agent execution could change the cost, privacy, and latency tradeoffs for small teams. If agents can test apps, inspect files, or automate desktop tasks on-device, builders may be able to reduce some cloud costs and keep sensitive work closer to the user—but buyers will need clearer controls over what agents can see and do on a laptop.

Try/watch: Do not rush to redesign workflows around rumored hardware. Watch for three concrete details: what tasks can run fully offline or locally, how permissions are granted and revoked, and whether businesses get audit logs for actions an agent takes on a user’s machine.

Cursor adds an auto-review mode so agents can work longer without constant approvals

What changed: Cursor added Auto-review Run Mode, which lets its coding agent run longer with fewer approval prompts while still checking risky actions. Shell, MCP, and Fetch calls can be allowed, sandboxed, rerouted, or sent back to the user for approval by a classifier subagent.

Why it matters: This is a practical middle ground between “approve every step” and “let the agent do anything.” Teams using Cursor for larger refactors or bug-fixing runs can reduce interruptions while keeping a review layer around commands, external tool calls, and web fetches.

Try/watch: Test it on a low-risk repo first, then add custom instructions for what your team considers safe, suspicious, or always-needs-approval.

GitHub gives admins a clearer view of who is actually using agent workflows

What changed: GitHub’s Copilot usage metrics API now classifies engaged users into adoption phases over a rolling 28-day window, including code-first, agent-first, and multi-agent usage. The reports also group enterprise and organization metrics by phase, including pull requests created, merged, and reviewed, plus median time-to-merge averages.

Why it matters: Buyers finally get a better way to separate “people have Copilot licenses” from “people are using agentic workflows.” For founders and engineering leaders, this makes rollout decisions more measurable: train teams stuck at autocomplete, or invest more where developers are already using cloud agents, code review, CLI, or the Copilot app.

Try/watch: If you manage Copilot, pull the new fields into your internal adoption dashboard and compare agent-first usage against actual PR throughput and review quality.

Claude Code’s dynamic workflows push coding agents toward parallel work

What changed: Reworked reported that Anthropic’s dynamic workflows feature for Claude Code lets Claude break complex coding tasks into subtasks, run multiple subagents in parallel, and synthesize the results after internal checking. The feature is in research preview across Claude Code CLI, Desktop, and VS Code extension for Max, Team, and Enterprise plans.

Why it matters: This is useful for codebase-wide migrations, audits, and modernization work where one agent working linearly is too slow. The buyer takeaway is not “replace the team,” but “package big maintenance work into well-scoped, test-backed jobs that can be split and checked.”

Try/watch: Use it only where you have strong tests and clear rollback paths; parallel agents can multiply both useful output and expensive mistakes.

AWS rebuilt OpenSearch Serverless for spiky agent workloads

What changed: AWS announced the next generation of Amazon OpenSearch Serverless, describing it as a search and vector engine designed for AI agents, with scale-to-zero, resource creation in seconds, and autoscaling up to 20 times faster than the previous generation. AWS says it also integrates with Vercel, Kiro, Claude Code, Cursor, and Codex workflows so developers can provision search backends from the tools they already use.

Why it matters: Many useful agents need to search company documents, product catalogs, logs, or customer records before acting. For founders and builders, this lowers the infrastructure work needed to add reliable retrieval to an agent without paying for peak capacity all day.

Try/watch: If your agent currently calls a database or vector store directly, benchmark OpenSearch Serverless on one retrieval-heavy workflow and compare cost, latency, and setup effort.

Workday and Google Cloud put HR and finance agents inside Gemini Enterprise

What changed: Workday and Google Cloud expanded their partnership so Workday’s Sana Self-Service Agent is available in Gemini Enterprise, with Gemini becoming the default AI model for Sana for Workday. The integration is aimed at HR and finance tasks such as checking time-off balances, updating personal information, viewing payslips, approving timesheets, reviewing goals, and getting expense-policy guidance.

Why it matters: This is a practical example of agents moving into everyday business software rather than sitting in a separate chatbot. Operators should expect buyers to ask whether agents can respect existing permissions, approvals, and employee data rules before they are allowed to touch HR or finance workflows.

Try/watch: Map your top five employee self-service requests and decide which ones are safe for an agent to answer, which need manager approval, and which should stay human-only.

Salesforce’s Informatica push focuses on the data agents are allowed to use

What changed: Salesforce said Informatica now exposes data-management capabilities as reusable services that AI agents can call, including governed access to data quality, metadata, integration, and master-data management functions. It also introduced agents for data quality, metadata enrichment, and data stewardship, with some features generally available and others planned for later rollout.

Why it matters: Agents are only useful when they act on clean, current, permitted data. For consultants and small-business operators, the takeaway is simple: before buying a flashy agent, check whether your customer, finance, inventory, or employee records are clean enough for automation.

Try/watch: Pick one agent use case and list the data it would need, who owns that data, and what happens if the data is duplicated, stale, or restricted.

CoreWeave packages training, monitoring, and improvement for production agents

What changed: CoreWeave launched unified agentic AI capabilities that connect reinforcement learning, production inference, agent monitoring through Weights & Biases Weave, and autonomous improvement tools. The company says the goal is to help teams use real production behavior to find failures, evaluate fixes, and improve agents after launch.

Why it matters: The hard part of agents is not the demo; it is keeping them reliable once customers, employees, and edge cases hit them. Buyers should ask vendors how they observe agent failures, prevent regressions, and improve behavior over time.

Try/watch: Before deploying an agent to customers, define three failure signals you will monitor: wrong answer, wrong action, and failure to ask for human help.

Microsoft makes UI-driving agents generally available in Copilot Studio

What changed: Microsoft said computer-using agents in Copilot Studio are now generally available, so teams can build agents that operate websites and desktop apps through the screen when older systems do not have APIs. Microsoft also added a redesigned workflow builder, Work IQ API and command-line options, support for remote MCP servers — a standard way for agents to connect to outside tools — and generally available agent-to-agent communication.

Why it matters: This is useful for operators with messy back-office work: vendor portals, legacy desktop tools, email intake, approvals, and exception handling. Instead of waiting for a full systems integration project, a business can test whether an agent can handle the repetitive clicking while workflows keep approvals and escalation paths in place.

Try/watch: Start with a low-risk queue such as order intake or case triage, require secure credential handling, and log every agent action before expanding to financial or customer-impacting work.

GitHub adds memory and model controls for Copilot-heavy teams

What changed: GitHub Copilot Memory now has clearer deletion guidance, a repository-level off switch, a /memory command in the Copilot CLI, and clearer prompts showing whether a memory is personal or shared at the repository level. GitHub also introduced targeted model rules in public preview so enterprise owners can allow specific Copilot models for specific organizations instead of using one setting across the whole company.

Why it matters: Coding agents get more useful when they remember project conventions, but memory can also create governance headaches. These controls help engineering leaders let Copilot adapt to a codebase while keeping sensitive repositories, regulated teams, or costlier models under tighter rules.

Try/watch: Decide which repositories should allow shared memory, document what should never be stored, and use model rules to separate experimental teams from production engineering groups.

SAP sharpens its pitch around agents that understand business processes

What changed: SAP framed its next Business AI push around the “Autonomous Enterprise,” saying its Business AI Platform brings together enterprise data, processes, and governance, while Joule Assistants work with users and Joule Agents execute business workflows end to end. SAP also said it is introducing new AI-led RISE with SAP and SAP GROW offerings.

Why it matters: For SAP customers, the practical opportunity is not a generic chatbot; it is an agent that knows finance, procurement, HR, supply chain rules, approvals, and permissions. Consultants and operators should think in terms of process redesign, not just prompt design.

Try/watch: Pick one workflow that crosses departments, map the data and approvals needed, and define where the agent can act versus where a human must approve.

Salesforce packages more of Agentforce around everyday CRM work

What changed: Salesforce’s quarterly highlights positioned its platform as an “Agentic Enterprise” stack and pointed to Agentforce Communications with five prebuilt AI agents for billing resolution, service-level-objective insights, quoting, site grouping, and guided selling. Salesforce also said teams can update opportunities, research accounts, route cases, trigger workflows, and activate Agentforce agents directly through conversation.

Why it matters: If your company already lives in Salesforce, the most realistic agent wins may come from reducing CRM busywork and service handoffs rather than building a standalone AI app. Buyers should still verify the workflow in their own sandbox, because CRM data quality and permissions will decide whether the agent is helpful or risky.

Try/watch: Test one role-specific use case, measure time saved and error rates, and require clear fallback to a human when the agent is uncertain.

Fujitsu tests agents that improve themselves from real business feedback

What changed: Fujitsu announced a self-evolving multi-agent technology that lets teams of AI agents learn from execution results, human feedback, policy changes, and specification updates instead of waiting for specialists to rewrite prompts and rules. Fujitsu says it applied the system to business-specific LLM improvement across manufacturing, healthcare, finance, and public administration, reporting a 28-point average accuracy improvement versus pre-specialization performance.

Why it matters: For builders, the useful idea is not “fully autonomous AI,” but a safer loop for keeping agents current when business rules change. If this works in production, it points to fewer brittle automations and less ongoing expert maintenance.

Try/watch: Watch whether Fujitsu exposes this as a product teams can buy, not just a research capability, and ask how failed agent changes are reviewed before they affect live workflows.

Blue Yonder adds supply-chain agents that explain ordering decisions

What changed: Blue Yonder announced new cognitive supply-chain products plus new and expanded agents, including Inventory Ops Agent skills, an agentic ordering workflow for supplier order approvals, and a Workforce Management Knowledge Agent for configured-solution support. The update also adds clearer data-source citations, auditability, scenario modeling, and planning features intended to show users why a recommendation was made.

Why it matters: Operators do not need another chatbot; they need agents that can help approve orders, explain tradeoffs, and route people toward better decisions during shortages, warehouse changes, or demand swings. This is a practical example of agentic AI moving into industry software where explainability matters as much as automation.

Try/watch: If you run supply chain, retail, or manufacturing ops, test agents first on recommendation-and-review workflows before letting them auto-approve supplier or inventory actions.

Agent security advice shifts from “better prompts” to system-level controls

What changed: CSO Online covered new research arguing that enterprises should treat the AI model inside an agent as untrusted and enforce safety around the whole system, especially once agents can use enterprise tools, memory, browsers, and business applications. The article highlights five security principles for agents: least privilege, tamper resistance, complete mediation, secure information flow, and treating the human as a weak link.

Why it matters: This is a useful correction for buyers and consultants: prompt filters alone are not enough when an agent can read files, move data, send messages, or trigger workflows. Agent projects should be scoped like access-control projects, with logging, isolation, approvals, and limits on what each agent can touch.

Try/watch: Before expanding an agent pilot, write down what data the agent can access, which actions require human approval, and how you would reconstruct what happened after a bad action.

Informatica and Databricks push governed data into agent workflows

What changed: Informatica announced new Databricks-related capabilities, including headless data management through Model Context Protocol servers, which let agents invoke Informatica services such as metadata search and address validation inside workflows without custom integration work. The same announcement includes Lakebase connectivity designed for agentic use cases, master-data publishing into Databricks, and Unity Catalog tag extraction for governance.

Why it matters: Agents are only as useful as the data they can safely reach. For enterprises, this points to a more realistic path: connect agents to trusted records, metadata, and governance tags instead of asking them to reason over messy exports and undocumented tables.

Try/watch: If you are building internal agents, prioritize clean access to customer, supplier, product, and policy data before adding more models or front-end chat experiences.

Fujitsu shows agents that can learn from operating mistakes

What changed: Fujitsu announced a self-evolving multi-AI agent technology that lets teams of agents learn from daily execution results, human feedback, policy changes, and specification updates instead of relying on experts to keep rewriting prompts and rules. Fujitsu says it used the approach to improve business-specific models across manufacturing, healthcare, finance, and public administration, and plans to integrate it into its Kozuchi AI platform.

Why it matters: For operators, the useful idea is not “fully autonomous AI”; it is agents that keep adapting as policies, systems, and procedures change. That could reduce the maintenance burden that makes many automation projects stall after the first demo.

Try/watch: Watch whether Fujitsu exposes enough review, rollback, and approval controls for regulated teams to trust agents that learn from real work.

Banks hit a testing bottleneck as coding agents produce more software

What changed: QA Financial reported that rising AI-generated code is making testing and governance a bottleneck for banking software teams, citing UiPath’s move to connect coding agents into enterprise development, testing, and automation workflows. The article frames the problem as less about whether agents can write code and more about whether banks can test, approve, and operate that code safely.

Why it matters: For builders and consultants, the buyer need is shifting from “give me a coding agent” to “help my team ship agent-written work without breaking controls.” Testing, review queues, deployment rules, and traceability are becoming the budget line.

Try/watch: Before scaling coding agents, measure how much human time moves from writing code to reviewing, testing, and fixing it; otherwise agent output can create hidden downstream work.

AWS gives coding agents a safer way into cloud accounts

What changed: AWS’s managed Model Context Protocol server is now generally available, according to InfoQ, giving coding agents a standard way to reach AWS APIs, documentation, and operational workflows with IAM-based access controls, CloudWatch metrics, and CloudTrail logging. InfoQ also notes support for all AWS APIs, long-running operations, file uploads, and sandboxed Python execution for multi-step work.

Why it matters: If your team lets AI write infrastructure code, this is a more controlled path than pasting cloud credentials into a local agent setup. Builders can give agents current AWS documentation and limited action rights, while security teams get a clearer audit trail.

Try/watch: Start with read-only access and one low-risk workflow, such as checking deployment errors or drafting infrastructure changes. Do not let agents create, delete, or resize production resources until you have approval rules and cost limits in place.

Kore.ai launches Artemis for governed enterprise agent systems

What changed: Kore.ai launched the Artemis edition of its Agent Platform, initially on Microsoft Azure, to build, govern, and optimize multi-agent business workflows. The platform includes Agent Blueprint Language for defining agent behavior, Arch for turning business goals into agent blueprints, and a dual approach that combines AI reasoning with more predictable workflow rules.

Why it matters: This is aimed at companies that are past chatbot pilots and need repeatable, reviewable agent deployments across departments. For buyers, the important question is not whether the demo looks smart, but whether every agent action can be traced, constrained, and approved before it affects a customer, employee, or financial system.

Try/watch: Ask for a proof of concept that shows the full audit trail for one real workflow, such as customer support escalation or invoice exception handling. Make the vendor prove how the system stops an agent from taking an action outside policy.

Agent payments are becoming a real infrastructure category

What changed: CoinDesk reported that AI agents settled more than $73 million across roughly 176 million blockchain transactions over the past year, citing a Keyrock report, while Coinbase, Stripe, Google, and Visa are building competing machine-to-machine payment systems. The article says many agent payments are tiny purchases for things like data, computing, or AI-generated analysis, with 76% of transactions below the 30-cent fixed-fee floor common in card payments.

Why it matters: For founders building agent marketplaces, API products, or autonomous procurement tools, payments may become part of the product design, not a back-office detail. The practical issue is authorization: who allowed the agent to spend, how much, for what purpose, and how refunds or disputes work.

Try/watch: If you are experimenting with agent payments, use strict spending caps, per-task approvals, and vendor allowlists. Avoid building around one payment rail until liability, identity, and chargeback rules are clearer.

Informatica brings governed data tools to AWS agent workflows

What changed: Informatica, now part of Salesforce, announced “headless data management” for AWS by making Informatica MCP servers and CLAIRE Agent skills available across AWS Agent Registry and Amazon Quick. The release says the MCP servers help agents explore metadata, improve data quality, and manage master data; availability includes MCP servers on AWS Agent Registry in U.S. preview, MCP servers on Quick generally available in U.S. regions, and CLAIRE Agent skills in global preview.

Why it matters: Many enterprise agents fail because they act on messy, duplicated, or poorly governed data. This gives builders a more practical path to connect agents to company data without hand-building every data-quality and metadata integration from scratch.

Try/watch: If you are building agents for CRM, analytics, or operations, test whether your agent can answer three basic questions before taking action: what data is authoritative, what data is sensitive, and what record should be updated.

Microsoft publishes a production checklist for Foundry agents

What changed: Microsoft published a CI/CD guide for AI Agents on Microsoft Foundry that walks through version control, quality checks, multi-environment promotion, GitHub Actions, Azure DevOps pipelines, and approval gates for shipping agents. The guide frames agents as software that should be tested, promoted, monitored, and rolled out with the same care as normal applications.

Why it matters: This is useful signal for teams moving beyond demos. The hard part is no longer “can we make an agent respond?” but “can we update it safely, prove it still works, and stop bad changes before customers see them?”

Try/watch: Add one simple evaluation gate before any agent update reaches production: a fixed set of real user tasks, expected outcomes, safety checks, and a human sign-off for high-impact actions.

AppliedAI and McKinsey package agentic workflows for regulated back offices

What changed: AppliedAI and McKinsey announced a collaboration around Opus, AppliedAI’s Agentic Process Execution platform, to build governed, auditable agent workflows for regulated industries. The companies said an early vendor-onboarding deployment at a European chemicals manufacturer cut manual processing effort by more than 99% and reduced active processing time from about two weeks to under five minutes.

Why it matters: For operators, this is a concrete signal that agent projects are moving from chat assistants to process redesign in procurement, compliance, onboarding, and other back-office work. The useful takeaway is not the partnership itself; it is the pattern: pick a high-friction workflow, connect the systems of record, add auditability, and measure cycle time.

Try/watch: If you are in a regulated business, shortlist one workflow with clear inputs, approvals, and handoffs. Also note the disclosure that McKinsey has a financial interest linked to AppliedAI’s performance.

Google brings its Agent Development Kit to Kotlin and Android

What changed: Google released ADK for Kotlin and ADK for Android 0.1.0, extending its open-source Agent Development Kit to backend Kotlin projects and Android apps. The release includes support for multi-agent systems, function tools, long-running tools, MCP tools, agent-to-agent communication, session state, long-term memory, and telemetry.

Why it matters: This gives Android and Kotlin teams a more direct path to build agents into apps without forcing every workflow through a cloud-only chatbot. The Android angle is especially useful for privacy-sensitive or low-latency experiences where some reasoning or tool use should happen on the device.

Try/watch: Prototype one narrow in-app agent, such as form completion, account setup, or field-service guidance. Keep the first version small and measure battery use, latency, permissions, and failure recovery.

GitHub open-sources Copilot for Eclipse, including agent workflows

What changed: GitHub made the Copilot for Eclipse plugin open source under the MIT license. The codebase exposes how Copilot handles chat, code completions, context, agent mode, skills, prompt files, bring-your-own-key support, custom agents, isolated subagents, planning, and MCP integration.

Why it matters: Builders get a rare look inside a production AI coding assistant inside a mature development environment. Even if you do not use Eclipse, the implementation can help teams understand how agentic coding tools manage context, prompts, permissions, and multi-step work.

Try/watch: Review the repository before building your own internal coding assistant. Look specifically at how it wires agent mode, context handling, and user controls, then copy the design ideas that reduce surprise actions.

Workday extends Sana agents into IT service and business travel

What changed: Workday introduced Sana for IT Service Management and Sana Travel Agent. Sana for ITSM is designed to automate employee onboarding, offboarding, access changes, password resets, software installs, and routing of more complex IT requests; the Travel Agent combines planning, booking, approvals, and expense creation in one conversational flow.

Why it matters: Workday is using the HR and finance data it already holds to automate work that usually jumps across ticketing, travel, expense, and approval tools. For buyers, this is a reminder that the best business agents may come from systems that already know roles, policies, budgets, and approval chains.

Try/watch: If you use Workday, map your highest-volume employee service requests now. Sana for ITSM is expected for early adopters in the second half of 2026, while Travel Agent is already available to early adopters.

Falco’s Prempti adds safety checks for AI coding agents

What changed: CNCF published a walkthrough of Prempti, an experimental Falco project that can watch an AI coding agent’s file reads, file writes, and shell commands before they run, then allow, block, or ask for approval based on rules. It is meant for agents working on real developer machines, where the agent may have access to source code, local files, and credentials.

Why it matters: If your team is letting coding agents run terminal commands, this gives security and engineering leads a practical way to see what the agent is trying to do instead of relying only on chat logs. It also creates a path to safer internal adoption: start in observe-only mode, tune the rules, then turn on blocking.

Try/watch: Test it on a non-critical repo first and write rules for obvious red lines, such as reading cloud credential folders or piping downloaded scripts straight into a shell.

Contentful turns docs into installable skills for coding agents

What changed: Contentful launched Contentful Skills, a free open-source package that teaches coding agents such as Cursor, Claude Code, GitHub Copilot, Codex, and Gemini CLI how to work with Contentful projects. The first skills cover core Contentful concepts, Next.js setup, content migrations, and personalization workflows, including a Live Debug mode that opens a browser while inspecting the codebase.

Why it matters: This is a useful pattern for any software company with developer users: stop expecting builders to leave their coding agent and search docs manually. If agent skills work well, they can reduce support tickets and help customers implement complex features faster.

Try/watch: If you sell an API or developer platform, study this as a template for packaging your own docs, setup checks, and troubleshooting steps into agent-ready guidance.

Caseware brings agent workflows directly into audit engagements

What changed: Caseware launched Verity, an AI layer and suite of workflow-native agents built into assurance and financial reporting engagements. The company says the system can help preparers, managers, and partners surface risks, analyze documentation, track unresolved issues, and generate review packs inside the audit workflow.

Why it matters: This is agentic AI moving into a regulated, document-heavy professional workflow where context and review trails matter. For accounting firms and consultants, the important shift is not “chat with your files,” but agents that understand the engagement and assist across preparation, review, and reporting.

Try/watch: Buyers should ask how human review, evidence retention, firm methodology, and inspection risk are handled before letting agents touch live engagements.

Manhattan lets supply-chain teams configure systems in plain English

What changed: Manhattan Associates launched Solution Design Studio, an AI-powered workspace that lets business users describe warehouse, transportation, and supply-chain requirements in natural language and then review them before agents translate the blueprint into live configuration. The tool sits alongside Manhattan’s Agent Foundry, where customers build AI agents, and ProActive, where they create application extensions.

Why it matters: This is a strong example of agents helping operators change business systems without waiting on a long technical configuration cycle. For warehouse and logistics leaders, the potential win is faster rollout of process changes while keeping humans in the approval loop.

Try/watch: Treat the blueprint as a controlled business document: assign owners, require review before deployment, and test changes in a limited environment before wider rollout.

Gartner says coding-agent buying is shifting from demos to operations

What changed: Gartner said enterprise AI coding agents are moving into a new phase shaped by full software-development workflows, pricing complexity, and vendor competition beyond model quality. It also predicted that by 2027, more than 65% of engineering teams using agentic coding will treat traditional coding apps as optional, with more work shifting into automated platforms.

Why it matters: For founders and software leaders, the purchase decision is no longer just “which coding agent writes the best code?” It is becoming “which vendor can support permissions, reviews, pricing, governance, and long-term reliability across the whole engineering team?”

Try/watch: Before signing a larger contract, run a two-week evaluation that measures accepted changes, review time, security exceptions, rollback rate, and cost per merged pull request—not just developer enthusiasm.

NIST publishes a warning map for AI-agent security

What changed: NIST released a report summarizing responses to a government request for input on AI-agent security, with commenters agreeing that agents create new security threats and that standard cybersecurity practices need adaptation. The report also says security concerns are a barrier to agent adoption, and highlights roles for government such as implementation guidance, information-sharing, and standards.

Why it matters: Buyers now have a credible checklist starter for vendor diligence: permissions, logging, approvals, data access, and failure handling are not optional extras. Builders should expect procurement teams to ask harder questions about what an agent can do, what it can reach, and how its actions are reviewed.

Try/watch: Add an “agent permissions and audit” section to your security docs before enterprise customers ask for it.

PolyAI opens its enterprise dialog-agent platform to more builders

What changed: PolyAI opened its Agentic Dialog Platform to any builder, offering two free months and saying teams can build and deploy a production-ready dialog agent in under ten minutes. The company says the platform supports customer conversations across 75 languages and 25 countries, and is used by brands including Marriott, Foot Locker, PG&E, Caesars Entertainment, and UniCredit.

Why it matters: Voice and chat agents are moving from custom enterprise projects toward self-serve building blocks. Small support teams and consultants may be able to prototype customer-service agents faster, but they still need to test escalation, compliance, and edge cases before replacing live workflows.

Try/watch: Test the agent against your top 50 messy customer calls, not just clean FAQs.

Zignal AI turns public data into agent-ready intelligence

What changed: Zignal Labs launched Zignal AI, a platform architecture that turns public text, image, and video signals into structured intelligence for mission systems, partner integrations, APIs, and agent-driven workflows. The company also announced ZEN updates including AI Chat, Inbox, agentic reporting, multi-agent workflows, expanded deep and dark web data, and previewed inauthentic messaging detection.

Why it matters: Agents are only useful when they can act on clean, trusted inputs instead of raw noisy feeds. For operators in risk, security, communications, or public-sector work, this points to a growing market for “agent-ready data” products that package messy external signals into usable alerts, reports, and decisions.

Try/watch: If you are building agents around market, social, or threat data, budget time for data cleaning and source confidence scoring; the agent layer will not fix weak inputs by itself.

NIST says agent security needs its own playbook

What changed: NIST published a CAISI report summarizing public input on AI agent security, and the key finding is blunt: commenters broadly agreed that agents create new security risks and that those risks are slowing adoption. The report also says normal cybersecurity practices still matter, but they need to be adapted for agents that can use tools, access data, and take actions.

Why it matters: If you are buying or building agents, “we already have security policies” is no longer enough. You need agent-specific rules for permissions, approvals, logging, data access, and what the agent must never do.

Try/watch: Before giving an agent access to email, finance, CRM, support, or production systems, write a one-page permission map: what it can read, what it can change, when a human must approve, and how you will review mistakes.

Banks are testing agent platforms, but accountability is now the hard part

What changed: PYMNTS reported that Fiserv’s agentOS is being used to help financial institutions deploy and manage AI agents across core banking, payments, and servicing workflows, with six banks involved in building it and two in beta. The same report says First Interstate Bank is piloting an agent for commercial loan onboarding, while Boulder Dam Credit Union is using a daily operations analysis agent that reduced report generation from about ten minutes to seconds.

Why it matters: This is a practical signal for regulated industries: agents are starting with narrow, measurable workflows rather than broad “AI banker” promises. The buyer question is shifting from “can the model answer?” to “who approved the action, what data did it touch, and who is liable if it goes wrong?”

Try/watch: For finance, insurance, healthcare, and legal workflows, prioritize use cases with clear audit trails and bounded actions. Avoid any vendor that cannot explain human approval points, kill switches, and records of what the agent did.

Axios pushes CEOs to treat agents as a management layer, not a chatbot

What changed: Axios’ C-Suite briefing says more than half of its executive team has already built personal chief-of-staff agents connected to email, to-do lists, goals, and meetings. The piece recommends setting company rules for agentic AI now, hiring AI-native help, and creating shared company language around goals, security, and agent behavior.

Why it matters: For founders and operators, the near-term advantage is not building a perfect autonomous company. It is learning which recurring decisions, handoffs, and follow-ups can be delegated safely before competitors redesign their operating model around smaller teams and faster execution.

Try/watch: Pick one executive or operator workflow this week: inbox triage, meeting follow-up, weekly KPI review, customer escalation summaries, or recruiting pipeline updates. Keep the agent in “draft and recommend” mode until you have enough examples to trust the workflow.

SAP brings sustainability agents into finance, procurement, supply chain, and compliance work

What changed: SAP said its new sustainability AI agents are in beta now and are planned for general availability by the end of 2026, covering sustainability reporting preparation, packaging compliance, carbon footprint simulations, and workplace safety documentation. SAP also shared early results, including more than 50% less packaging compliance review time, scenario simulations reduced from about a day to about 20 minutes, and up to 80% less manual GHS classification effort.

Why it matters: This is a useful signal for operators because the agents sit inside SAP workflows rather than acting as a separate chatbot. If your company already runs SAP for finance, procurement, products, or supply chain, the practical question becomes which recurring compliance and reporting handoffs can be turned into review-and-approve workflows.

Try/watch: Map one painful sustainability process—such as supplier packaging checks or emissions scenario planning—and list the systems, data owners, and approvals an agent would need before you evaluate SAP’s rollout.

UiPath opens AgentHack around production-ready business automations

What changed: UiPath launched Global AgentHack 2026, a seven-week hackathon with $48,000 in prizes, focused on building production-ready agentic business solutions. The event centers on UiPath for Coding Agents, which lets developers use coding agents such as Claude Code, Codex, Cursor, and Gemini CLI to build, test, deploy, operate, and govern automations on the UiPath platform.

Why it matters: UiPath is trying to connect coding agents with the boring-but-important parts of enterprise automation: approvals, testing, deployment, and governance. That matters for consultants and automation teams because many agent demos fail when they hit real business processes, exceptions, and audit needs.

Try/watch: Use the hackathon tracks as a checklist: structured process automation, exception-heavy case management, and testing for AI-driven automations are the areas buyers should demand proof for.

Permiso adds runtime security for AI agents, with Autodesk as launch customer

What changed: Permiso launched AI agent runtime security capabilities, and Autodesk was named as the launch customer. The features are designed to discover agents, attribute activity to agent identities, track runs and tool usage, spot over-privileged access, monitor behavior, and enforce identity-first controls across cloud and on-premises environments.

Why it matters: As agents move from chat to action, security teams need to know what each agent did, which tools it used, and what data it touched. This is especially relevant for buyers deploying agents into product, engineering, finance, or customer systems where a bad action can create real exposure.

Try/watch: Before expanding agent access, ask vendors for an audit trail that shows agent actions, tool calls, data access, and the human or policy that authorized each high-impact step.

Fiserv launches a banking agent platform with OpenAI and AWS involved

What changed: Fiserv launched agentOS, an agentic AI platform for banks and credit unions, with OpenAI and AWS named as key collaborators. The platform is expected to be broadly available by August 2026, with six financial institutions co-developing it and two already running agents in beta.

Why it matters: This is a clear signal that agent buying in regulated industries is moving from one-off pilots to governed platforms. The first marketplace lineup is aimed at practical bank work such as risk management, regulatory reporting, deposit operations, and back-office reconciliation.

Try/watch: Financial services teams should ask vendors how agent permissions, audit trails, and human approvals work before buying. The useful question is not “does it use AI?” but “what can the agent actually change, who approved it, and how is that recorded?”

Freshworks adds no-code agent building for service teams

What changed: Freshworks unveiled Freddy AI Agent Studio in Freshservice, giving IT and business teams a no-code way to build custom service agents or start from prebuilt, domain-specific agents. The release also adds a gateway for connecting agents to external tools such as Notion, ClickUp, and Linear without custom code, using MCP, a connection standard that helps AI systems use other apps and data sources.

Why it matters: This is aimed at a common SMB and midmarket pain point: support work that spans IT, HR, finance, facilities, and multiple apps. If it works as advertised, teams can automate onboarding, payroll questions, incident updates, and employee requests without waiting on a long integration project.

Try/watch: Before turning agents loose in Slack or Teams, map which requests can be fully automated, which need manager approval, and which should stay human-only.

Salesforce adds agent teamwork, IT agents, and data-aware analytics to Summer ’26

What changed: Salesforce’s Summer ’26 release adds Multi-Agent Orchestration in Agentforce so multiple agents can share context and work as one team on longer workflows, plus more than 50 out-of-the-box IT service agents for Slack, Teams, and service desks. Salesforce also introduced Tableau MCP, an open connection that lets AI agents ask Tableau’s analytics engine questions and return answers grounded in company data, and a Help Agent that Salesforce says can be set up in 10 clicks or fewer for websites, portals, or WhatsApp.

Why it matters: This is useful for operators who are past “chatbot on a page” and want agents that can hand work across sales, service, IT, and analytics without making customers or employees repeat context. For buyers, the practical question is no longer whether an agent can answer a question, but whether it can finish a workflow across the systems your team already uses.

Try/watch: Pick one cross-team workflow, such as IT access requests or customer support escalation, and map which systems the agent must read from or update before you buy more licenses.

Broadridge says agentic AI is live in financial operations, not just a pilot

What changed: Broadridge announced that its agentic AI capabilities are live in production across capital markets and wealth management workflows, where the software analyzes, prioritizes, and resolves operational exceptions without constant human instruction. The company says new clients can use the technology either through Broadridge-run managed services or as a standalone platform deployed into a firm’s own infrastructure, and claims up to 30% operational cost reduction on deployment.

Why it matters: Financial services firms have been cautious with agents because mistakes can create audit, compliance, and client-impact risk. A managed-services option gives smaller institutions and operations teams a way to test agentic workflows without hiring a full internal AI operations team first.

Try/watch: Ask any vendor claiming “production agentic AI” for proof of the exception types handled, escalation rules, audit logs, and human approval points before comparing cost-savings claims.

Quiq brings voice into its customer-experience agent platform

What changed: Quiq unveiled Voice AI and expanded its platform so AI agents, human agents, voice, messaging, and escalation history can stay connected across the customer journey. The company says customers can move between voice and messaging without losing context, and that interactions can follow the same guardrails for brand standards, reliability, and transparency.

Why it matters: For customer support teams, the pain is usually not that an AI can’t answer a simple question; it is that context disappears when the customer changes channel or gets escalated. A connected voice-and-messaging setup can reduce repeat questions, improve handoffs, and make AI safer to use in higher-stakes customer conversations.

Try/watch: Before deploying voice agents, test messy real calls: interruptions, accents, angry customers, returns, refunds, and cases where the agent must hand off with a complete summary.

AWS gives agents a safer way to buy digital resources

What changed: AWS highlighted a preview of Amazon Bedrock AgentCore Payments, which lets AI agents pay for APIs, web content, MCP servers, and other agents during a task, using Coinbase or Stripe wallet connections and session-level spending limits. AWS also pointed builders to Agent Toolkit for AWS, a no-extra-charge set of tools and guidance meant to help coding agents work with AWS with fewer mistakes and stronger security defaults.

Why it matters: If you are building agents that need paid data, paid APIs, or third-party services, this moves payment from a brittle custom integration into a managed workflow. For buyers, the key shift is that agents can now be budgeted and limited per session, instead of being given broad purchasing power.

Try/watch: Test with tiny spending caps first, and require human approval before an agent can reach new vendors or higher limits.

Docusign brings agents into contract review and closing workflows

What changed: Docusign announced Iris assistant and agents for its Intelligent Agreement Management platform, designed to analyze, redline, triage, review, and move agreements forward using agreement history, past negotiations, accepted terms, and company policies. The company also announced partnerships with Harvey, Legora, and CoCounsel Legal by Thomson Reuters to connect specialized legal AI tools into contract workflows.

Why it matters: This is a practical example of agents moving beyond drafting text into coordinating the messy steps around a business process: reviews, approvals, policy checks, and updates to other teams. Small legal and sales teams should care because the time sink is often not the signature itself, but the handoffs before and after it.

Try/watch: Do not start with fully autonomous redlining. Start with one contract type, a clear fallback path to legal, and a checklist of clauses the agent is allowed to flag but not change.

Alation launches an AI governance system of record for models, agents, and tools

What changed: Alation introduced Alation AI Governance, a product meant to inventory every AI model, agent, and tool, map them to regulations, generate evidence-backed model cards, route approvals, and produce executive compliance dashboards. The launch includes support for frameworks such as the EU AI Act, AI-relevant parts of GDPR, NIST AI RMF, and ISO 42001.

Why it matters: As companies add agents across departments, the hard question becomes: who approved this, what data can it use, and what proof exists if a customer, board, or regulator asks? This gives data and compliance leaders a more concrete starting point than scattered spreadsheets and policy documents.

Try/watch: Before buying any governance platform, make a current inventory of AI tools and agents by department. If you cannot list them, you are not ready to govern them.

TrustCloud adds AI agents to vendor cyber-risk reviews

What changed: TrustCloud announced new TrustLens capabilities that use agentic AI to help with third-party risk management, including analysis of outside-in security feeds and vendor security posture artifacts. The company says the goal is to move vendor reviews away from one-time questionnaires and toward more continuous assessment of vendor risk gaps.

Why it matters: Vendor security reviews are a pain point for small teams selling into enterprises and for buyers trying to assess many suppliers. If agents can pre-fill evidence, compare documents, and flag missing controls, security teams can spend more time on judgment and less time chasing spreadsheet answers.

Try/watch: Treat agent-generated vendor findings as triage, not final truth. Ask vendors to verify critical gaps before using the output to block a deal or terminate a relationship.

The useful updates

UAPK narrows agent permissions to each session or task

What changed: UAPK published a permissions pattern that uses signed capability tokens to limit what an AI agent can do for a specific session or job, instead of letting the agent use every permission in its long-term setup. The post describes practical limits such as allowed actions, expiry time, maximum action count, who the token was issued to, and a session ID for audit tracking.

Why it matters: If you run support, analytics, finance, or internal-ops agents, this gives you a cleaner way to separate “this agent exists” from “this agent may do this task right now.” For buyers, it is a concrete checklist item: ask vendors whether agent credentials are short-lived, scoped, revocable, and tied to an auditable session.

Try/watch: Start by banning all-purpose agent keys in production; require separate credentials for customer support sessions, batch jobs, and payment-related workflows.

UAPK turns blocked agent actions into useful audit evidence

What changed: UAPK also published a guide to structured gateway deny responses, with decisions such as ALLOW, DENY, and ESCALATE, plus reason codes, timestamps, interaction IDs, and approval IDs. The gateway checks policy in a fixed sequence covering inactive manifests, expired or overused tokens, tools outside the allowlist, spending caps, jurisdiction limits, denylisted counterparties, budgets, and rate limits.

Why it matters: This is the difference between “the agent failed” and “the agent tried to use a tool it was not allowed to use.” Operators and consultants can use this pattern to make agent failures explainable to security, compliance, and customers instead of burying them in raw logs.

Try/watch: For every blocked agent action, store the reason code and interaction ID; do not log only successful actions, because denied actions are often where risk first appears.

Codex safety becomes a buying checklist for coding agents

What changed: Context Studios analyzed OpenAI’s Codex safety approach as a practical enterprise checklist: sandboxing, approvals, network rules, credential storage, telemetry, compliance logs, and OpenTelemetry export. The analysis highlights a key shift for coding agents: they can run commands, touch repositories, use MCP servers, and interact with local or cloud development tools, so normal IDE security is not enough.

Why it matters: Founders and engineering leaders evaluating coding agents should ask less “does it write good code?” and more “where can it write, when must it ask, what network access does it have, how are credentials stored, and what evidence remains?”. That makes agent rollout a controlled pilot instead of a trust-based experiment.

Try/watch: Before expanding a coding-agent pilot, write three policy buckets: actions allowed automatically, actions requiring human approval, and actions blocked outright.

ServiceNow coverage points to governed enterprise action, not just chat

What changed: ChannelDrive reported that ServiceNow’s Knowledge 2026 data and AI updates focus on live enterprise context, execution, and agent governance, including a Context Engine, Autonomous Data Analytics, MCP Registry, and an AI Gateway for visibility and controls over third-party AI systems. MCP is the standard many agents use to connect with tools, so registry and gateway controls matter when agents move from answering questions to taking actions.

Why it matters: For operators, the important question is no longer whether an agent can access a system; it is whether the business can see, approve, meter, and govern what the agent does across systems. This is especially relevant for companies with many disconnected apps and multiple teams experimenting with agents.

Try/watch: Build an inventory of every agent and MCP connection before adding more automation; unmanaged tool access is where small pilots turn into security debt.

Today's signal

Today's useful thread is more useful business automation and agents built for specific industries. These updates point to agents becoming easier to trust, connect, and put into everyday work instead of staying as demos.

The useful updates

Spotify lets agents turn your notes and schedule into private audio

What changed: Spotify’s Personal Podcasts feature lets desktop AI agents such as OpenAI Codex and Anthropic Claude Code generate private audio briefings and save them directly to a user’s Spotify library through a beta command-line tool. MacRumors reports the feature is available to eligible Free and Premium users worldwide, with usage limits during testing.

Why it matters: This points to a new pattern for small teams: agents do not always need a new app; they can create useful outputs inside the apps people already open every day. Consultants, educators, and operators could turn meeting prep, class notes, sales research, or weekly plans into listenable briefings for commuting or field work.

Try/watch: Test this only with low-risk personal or internal material first. The workflow may touch calendars, notes, files, and generated audio, so data permissions matter as much as convenience.

Meta’s reported Instagram shopping agent would bring agents into social commerce

What changed: Android Central reports that Meta is exploring an agentic Instagram shopping bot, internally codenamed “Hatch,” that would let users describe what they want and have the bot shop on their behalf. The report also says Meta is working on broader agentic tools that may use its Muse Spark AI model, though details remain limited.

Why it matters: If agents start shopping inside social apps, product discovery, ads, and storefront optimization may change quickly. Founders and retailers should prepare product data for both humans and assistants: clear descriptions, current availability, return policies, and trustworthy reviews.

Try/watch: Treat this as a signal, not a launch. Watch whether Meta requires user approval before purchases and how merchants can make their catalogs understandable to shopping agents without losing margin to platform rules.

Today's signal

Today's useful thread is safer ways to use agents at work and more useful business automation. These updates point to agents becoming easier to trust, connect, and put into everyday work instead of staying as demos.

The useful updates

Salesforce adds a way to govern agent traffic across tools

What changed: Salesforce introduced MuleSoft Omni Gateway, a product meant to give companies one place to manage traffic across APIs, MCP connectors, language models, and AI agents already running across different systems. The company says the goal is to apply security, cost, and compliance rules consistently to agent actions rather than bolt on oversight later.

Why it matters: If you are selling or buying enterprise agents, this is a sign that governance is becoming part of the purchasing checklist, not an afterthought. Builders should expect customers to ask how agents are monitored, limited, and traced across every system they touch.

Try/watch: Map the systems your agent can touch and define what it is never allowed to do, such as approving refunds, deleting records, or sending regulated data without review.

Greenhouse brings AI agents into recruiting data with permissions

What changed: Greenhouse announced Greenhouse MCP, a connector that lets approved AI tools and agents work with Greenhouse hiring data while using existing permissions and audit trails. The company says customers can use it for hiring summaries, pipeline bottleneck analysis, candidate status roundups, audit narratives, and future assistants in Slack or Microsoft Teams.

Why it matters: Recruiting is a strong test case for agent adoption because the data is valuable, sensitive, and workflow-heavy. For operators, this points to a safer pattern: let agents work inside the hiring system of record instead of exporting data into unmanaged chat tools.

Try/watch: Start with read-heavy workflows, such as pipeline summaries for hiring managers, before allowing any agent to update candidate stages or send messages.

RELEX opens supply-chain planning to external agents

What changed: RELEX launched RELEX Open, a platform architecture that lets retailers, manufacturers, and wholesalers deploy existing planning capabilities, connect external AI agents through open protocols such as MCP, and build new capabilities on the RELEX platform. RELEX says agent, model, and human decisions follow the same business rules and are traceable.

Why it matters: Supply-chain agents are only useful if they can work with live planning logic, not stale exports. This gives buyers a model for evaluating agent-ready software: can your AI assistant see the same forecasts, constraints, and rules your planners use, and can you reverse or review its decisions?

Try/watch: Pick one planning workflow with clear rules — replenishment exceptions, promotion review, or forecast variance checks — and test whether an agent can reduce review time without changing decision rights.

Cognizant packages security services for agentic systems

What changed: Cognizant launched Secure AI Services to help enterprises secure, govern, and scale AI and agentic systems across their operations. The offering covers secure agent development, cybersecurity signals, traceability, policy enforcement, model security, data protection, identity controls, and agent behavior controls.

Why it matters: As agents get access to company data and business applications, traditional security reviews are not enough. Consultants and builders can turn this into a concrete offer: assess what agents can access, how they can be manipulated, who approved them, and what evidence exists when something goes wrong.

Try/watch: Before expanding an agent pilot, run a misuse review: poisoned prompts, wrong permissions, data leakage, fraudulent approvals, and whether logs would be good enough for an audit.

Today's signal

Today's useful thread is safer ways to use agents at work and more useful business automation. These updates point to agents becoming easier to trust, connect, and put into everyday work instead of staying as demos.

The useful updates

HPE adds self-driving actions for enterprise networks

What changed: HPE announced new autonomous networking capabilities across HPE Mist and HPE Aruba Central that can detect, diagnose, and resolve some network issues without manual intervention. The new actions cover capacity and radio optimization, self-securing actions, and user roaming issue resolution; HPE also cited a UK Ministry of Justice deployment that contributed to about a 75% reduction in service desk tickets.

Why it matters: For operators, this is a concrete example of agentic AI being applied to a narrow, measurable workflow: keeping networks running. If the claims hold in your environment, this is less about replacing IT teams and more about reducing repetitive triage.

Try/watch: Ask vendors for the exact actions the system is allowed to take automatically, what requires approval, and how rollbacks work when the network “fixes” the wrong thing.

Greenhouse opens a governed connector for recruiting agents

What changed: Greenhouse announced Greenhouse MCP, using Model Context Protocol to let approved AI tools connect to Greenhouse with permissions, audit trails, rate limits, and organization controls. The company says the capability will roll out to customers starting in June and can support use cases like hiring summaries, pipeline bottleneck analysis, candidate status roundups, and recruiting copilots in Slack or Microsoft Teams.

Why it matters: Hiring data is sensitive, and recruiting teams are under pressure from candidates who are already using AI agents to apply, schedule, and search. A governed connector gives talent teams a safer path to experiment with AI assistants without exporting applicant data into unmanaged tools.

Try/watch: Before connecting any recruiting agent, define which fields it can read, which actions it can take, and who is accountable when an AI-generated hiring summary is wrong.

Intuit brings virtual AI agents into QuickBooks Workforce

What changed: Intuit announced QuickBooks Workforce in the U.S., an end-to-end workforce management product for small and mid-market businesses that combines payroll, time tracking, benefits, recruiting, hiring, performance, and compliance in one platform. It includes virtual AI agents, including a Payroll Agent that can collect and validate time data, flag inconsistencies, and run payroll on behalf of a business owner while helping ensure accuracy.

Why it matters: This is agentic AI aimed squarely at small-business admin work, not just enterprise experimentation. For owners already living in QuickBooks, the value is fewer disconnected HR tools and less manual payroll cleanup.

Try/watch: Treat payroll automation as a controlled rollout: run the agent in review mode first, compare it against your current payroll process, and keep approval checkpoints for edge cases like overtime, corrections, and terminations.

Collibra launches an AI oversight product for agent sprawl

What changed: Collibra launched AI Command Center, a product for monitoring AI systems and agents across their lifecycle with signals on ownership, behavior, decisions, and risk. Collibra also announced a partnership with Giskard for testing and validation, plus an MCP Server meant to deliver governed business context to agents.

Why it matters: As teams build their own agents, leaders need to know what is deployed, what data it touches, and whether outputs can be traced. This matters for regulated companies, but it also matters for any business where an agent can change records, message customers, or influence financial decisions.

Try/watch: Build an agent inventory now, even if it is a spreadsheet. Track owner, data access, allowed actions, approval rules, and failure history before the number of agents becomes unmanageable.

Today's signal

Today's useful thread is safer ways to use agents at work and more useful business automation. These updates point to agents becoming easier to trust, connect, and put into everyday work instead of staying as demos.

The useful updates

Microsoft pushes Copilot from assistant to work delegation system

What changed: Microsoft said Copilot Cowork is now available on iOS and Android, with native plugins for Microsoft services such as Dynamics 365 and Fabric, plus partner integrations coming from LSEG, Miro, monday.com, S&P Global Energy, and others. Microsoft also said Agent 365 is generally available and includes preview features to discover and manage shadow AI agents, including local agents such as OpenClaw and Claude Code.

Why it matters: For operators, the useful shift is mobile delegation and agent management in one place. If your team already lives in Microsoft 365, this makes it easier to turn repeated cross-app work into reusable agent workflows while keeping leaders responsible for outcomes.

Try/watch: Inventory where employees are already using unmanaged agents, then decide which workflows should be moved into approved Copilot or Agent 365 paths.

IBM aims watsonx Orchestrate at multi-agent governance

What changed: IBM announced the next generation of watsonx Orchestrate in private preview, describing it as a way for organizations to deploy agents from multiple sources with consistent policy enforcement and accountability. IBM also pointed to IBM Bob, now generally available, as an agentic development partner for enterprise developers with security and cost controls built in.

Why it matters: Large companies are moving from “can we build an agent?” to “can we manage hundreds or thousands of agents safely?” Builders selling into enterprise accounts should expect more questions about permissions, logs, cost limits, and whether their agents can coexist with other vendors’ agents.

Try/watch: If you sell agents to enterprises, prepare a short security and operations brief covering access limits, audit logs, human approval points, and shutdown procedures.

UiPath brings agentic automation to self-hosted environments

What changed: UiPath released agentic AI capabilities for UiPath Automation Suite, aimed at public sector and regulated industries that need stricter control over data location and compliance. The release supports cloud-hosted models from OpenAI, Google Gemini, and Anthropic, as well as fully self-hosted open-source models, with agent workflows using UiPath Maestro, Agent Builder, GenAI Activities, and context grounding.

Why it matters: This matters for agencies, healthcare, finance, and other regulated buyers that cannot send sensitive workflows to a public cloud by default. It also shows robotic process automation is being upgraded from rule-based bots to agents that can handle more variable, multi-step work.

Try/watch: Start with a process that already has clear rules, audit requirements, and human checkpoints; do not begin with a sensitive workflow that lacks clean ownership.

Visa expands agent-ready payment testing in Canada

What changed: Visa expanded its Agentic Ready program to Canadian issuers, with early participants including BMO, CIBC, RBC, Scotiabank, and TD. The program lets payment partners test agent-initiated payments with live cards and real merchants, including card enrollment, tokenization, authentication, authorization, and controls.

Why it matters: Agentic commerce will not scale unless buyers, merchants, banks, and card networks agree on identity, consent, fraud controls, and who is accountable when an agent pays. For ecommerce founders and consultants, this is a sign to prepare product data, checkout flows, and customer permissions for agent-led buying.

Try/watch: Map exactly what an AI shopper would need to complete a purchase safely: product data, price, availability, refund rules, user approval, payment token, and receipt trail.

AI Agents Just Got Powerful New Tools

Three major announcements today show AI agents are becoming essential for business.

Criteo and dentsu launched an AI agent that runs marketing campaigns completely on its own. It makes decisions about what to show customers—no human approval needed for every step.

HUMAIN ONE is now available worldwide through AWS. It's a platform that lets companies build and control AI agents without hiring specialized teams. Think of it as a command center for AI agents.

Real companies are already using AI agents everywhere: NVIDIA says 100% of its workers now use AI coding tools. Anthropic engineers create 22-27 pieces of code in one day—all written by AI. Yet companies still pay $570,000 to hire top engineers. The job changed from writing code to managing AI agents.

JetBrains showed how to teach AI agents to fix software bugs perfectly and consistently.

Why you need to know: AI agents aren't experiments anymore. They're doing actual work right now. If you don't start learning about these tools, your competitors will move faster than you.