Governed enterprise agents trend

Artificial intelligence agents are being packaged less like chatbots and more like enterprise software with permissions, tests and audit trails. (databricks.com) Databricks said on April 14 that its Agent Bricks platform is built to run agents on business data with governance across model access, execution, context and monitoring. The company said the system uses Unity Catalog to apply role-based controls, lineage, rate limits and policy enforcement across data, tools and models. (databricks.com) GitHub said on April 14 that it added a new Secure Code Game season focused on agentic artificial intelligence, with five challenges that teach developers to exploit and then fix vulnerabilities in autonomous workflows. GitHub said the free, open-source exercise runs in GitHub Codespaces and that more than 10,000 developers have used the game. (github.blog) An artificial intelligence agent is a model that can choose steps, call tools and act on data instead of only answering a prompt. That design creates a larger attack surface because the system can browse the web, read files, trigger software and pass work to other agents. (github.blog) Security groups have started treating that risk as its own category. The Open Worldwide Application Security Project, or OWASP, published a Top 10 for Agentic Applications in 2026, and Microsoft said on March 30 that agent systems can behave “as designed” while still crossing boundaries if permissions and tool use are too broad. (genai.owasp.org) (microsoft.com) The coding side is moving in the same direction. VentureBeat reported on April 14 that enterprise teams are pushing “spec-driven development,” a process that defines requirements and tests before an agent writes code, as a way to make autonomous coding systems more predictable. (venturebeat.com) Databricks is also tying agents to an emerging plumbing standard called the Model Context Protocol, or MCP, which is a common way for models to connect to tools and external systems. The company said Agent Bricks supports MCP while keeping governance in a single control plane. (databricks.com) GitHub’s training examples point to the same failure modes that OWASP and vendors now emphasize: unauthorized file access, command injection through natural-language instructions, poisoned web content and trust failures between agents. Those are the kinds of problems that appear only after a model is allowed to do things, not just say things. (github.blog) (owasp.org) The immediate shift is not that companies suddenly trust agents more. It is that vendors are selling a stack for controlled deployment, where an agent needs the same kind of access rules, logging and evaluation that companies already expect from databases and cloud software. (databricks.com) (venturebeat.com)