Agents move from POC to production

An AI agent is software that can plan a task, call tools and keep state across steps, and vendors are now building enterprise systems so those agents can run work directly in production. (developers.openai.com) OpenAI’s current Agents SDK documentation says teams use the SDK path when their own application controls orchestration, tool execution, approvals and state, not just model prompts. Its tools docs list web search, file search, code execution, external application programming interfaces and even computer use as callable actions. (developers.openai.com) (openai.github.io) That changes the shape of enterprise software. Salesforce said on April 16, 2026 that its new Headless 360 layer exposes data, workflows and governance controls as application programming interfaces, Model Context Protocol tools and command-line commands so software agents can execute business processes without a browser interface. (cio.com) Model Context Protocol, or MCP, is one of the plumbing standards behind that shift. Anthropic introduced MCP in November 2024 as an open standard for connecting AI assistants to business tools and data, and the current specification describes it as a protocol for linking language-model applications to external data sources and tools. (anthropic.com) (modelcontextprotocol.io) Analysts have been putting dates on the broader move. Gartner said in research published October 21, 2024 that by 2028, 33% of enterprise software applications will include agentic artificial intelligence, up from less than 1% in 2024. (gartner.com) The production problem is not only wiring tools together. OpenAI’s SDK docs put guardrails, human review and observability in the core runtime, and its GitHub repository lists tracing, sessions and handoffs as built-in concepts for teams debugging and governing multi-step agent runs. (developers.openai.com) (github.com) Security guidance is moving in the same direction. OWASP’s Securing Agentic Applications Guide 1.0, released July 28, 2025, says it is meant to give builders practical guidance for designing, developing and deploying secure agentic applications powered by large language models. (genai.owasp.org) That is a different job from reviewing a normal web app every few weeks. An agent can call tools, use credentials, pass work to another agent and continue running across sessions, which is why OWASP and platform vendors are both treating identity, approvals, runtime monitoring and tool boundaries as production controls, not add-ons. (github.com) (genai.owasp.org) There is also pushback. In CIO’s April 2026 report on Salesforce’s launch, analysts said modern data stacks can reproduce much of the same headless functionality with less vendor concentration, and they warned customers to ask about pricing and service-level agreements before making architectural commitments. (cio.com) The result is that “proof of concept” is no longer the main hurdle. The harder work is turning agents into governed operators inside real systems, with APIs instead of screens and controls that move at machine speed. (developers.openai.com) (cio.com)