Managed agents become core

The new fight in enterprise artificial intelligence is not over which model writes the prettiest paragraph. It is over which agent can be trusted to open a ticket, update a customer record, move money, or trigger a workflow without breaking policy on the way. (learn.microsoft.com) That shift is happening because a copilot only suggests work, while an agent actually does work across tools and application programming interfaces. Amazon Web Services now frames trusted autonomy around identity, scoped permissions, runtime guardrails, and traceable execution history, which is a very different buying checklist from “best benchmark score.” (docs.aws.amazon.com) Gartner said in August 2025 that 40 percent of enterprise applications would include task-specific agents by the end of 2026, up from less than 5 percent in 2025. Once software starts taking actions inside finance, human resources, and customer systems, governance stops being a legal footnote and becomes part of the product itself. (gartner.com) Microsoft’s own guidance for multi-agent systems draws the line clearly: old software governance focused on code, access control, and predictable outputs, while agent governance has to add data provenance, output accountability, operational boundaries, and model oversight. That is what happens when the software is no longer a calculator and starts behaving more like a junior employee with a badge and a to-do list. (microsoft.github.io) Identity is becoming the first hard requirement because agents do not behave like normal apps. IBM now argues that every agent needs a unique, verifiable identity, governed delegation, continuous authorization on each tool call, and signed audit trails, or else privileges spread and nobody can prove who authorized what. (ibm.com) The second requirement is a control layer that can stop or unwind bad behavior after deployment. Amazon Web Services describes rate controls, throttling, human approval thresholds, drift detection, and the ability to audit, reverse, or restrict agent actions at runtime, which is basically a kill switch plus a flight recorder for software that makes its own moves. (docs.aws.amazon.com) The third requirement is cost discipline, because agents can quietly turn one request into a chain of model calls, tool calls, retries, and loops. In a recent enterprise discussion on managing agents in production, Fiddler AI’s Krishna Gade described “runaway cost” and recursive large language model calls as one of the things that breaks when agents leave the demo stage. (youtube.com) That is why new products are appearing around runtime governance instead of just model access. Microsoft’s open-source Agent Governance Toolkit, released on April 2, 2026, says it enforces policies for autonomous agents at runtime and maps to all 10 Open Worldwide Application Security Project agentic artificial intelligence risks. (opensource.microsoft.com) The live discussion behind this story pointed to the same destination: enterprises are building an operations layer for agents the way they once built layers for cloud infrastructure. The winning vendors will not just answer “how smart is the model,” but “who approved this action, what data did it touch, how much did it cost, and how fast can we roll it back.” (youtube.com)