🌟 Vasilij’s Note
This week delivered a reality check: AI agents went from 5% to 40% of enterprise applications in twelve months. Major consultancies deployed to hundreds of thousands of staff. WEF published case studies showing £800m in value unlocked. But security researchers are documenting the same pattern everywhere—organisations are deploying at scale without the governance infrastructure. The technology works brilliantly. The governance doesn't. This gap is where consultancies either win or lose in 2026.
In Today's Edition:
This Week in Agents | What Changed
Gartner forecasts 40% of enterprise apps embed agents by end of 2026 (up from <5% in 2025) → The pilot phase ended. Consultancies competing on AI-powered delivery can't wait another 12 months to operationalise.
WEF published 20 case studies: £800m value unlocked (Foxconn), 80% of workflows automated (EXL), 400+ staff hours saved weekly → Validation that agents work at enterprise scale when governance infrastructure supports them
Security researchers document authorization bypass, shadow AI proliferation, and privilege escalation across production deployments → Firms deploying without governance creating compliance exposure that damages client trust and margins.
Top Moves - Signal → Impact
Governance frameworks mature from theory to operations - IBM, Gartner, and Deloitte published production-ready governance patterns with concrete metrics: runtime accuracy, drift monitoring, cost tracking. → The "move fast and break things" phase is over. Visible responsibility becomes competitive advantage as clients demand explainability.
Authorization becomes the critical security layer — Agents operating with broad permissions are exposing data beyond original intent. New hire asks agent for analysis, receives sensitive customer data they couldn't access directly. → Traditional role-based access control doesn't work for agent-mediated workflows. Requires agent-specific permissions architecture.
GSIs thriving whilst SaaS vendors feel pressure — Global system integrators building hundreds to thousands of custom agents per client, shipping value in weeks rather than 18-month timelines. → Service providers who can integrate, tailor, and deploy agents are capturing value from enterprises needing working systems now
Upskilling Spotlight | Learn This Week
IBM Think Newsletter - Understand how to move from observability to orchestration with metrics that matter (accuracy, drift, context relevance).
Dain Studios: Governance as Competitive Edge - Learn why mature organisations extend existing GDPR and risk management frameworks rather than building parallel AI governance
Maker Note | What I built this week
This week I built a complete data warehouse using Claude Code—pulling from HubSpot, Google Analytics, and Google Ads into BigQuery, transformed with DBT Core, visualised in Lightdash.
Total cost: £0.
Equivalent data engineer salary: £100,000+ annually.
Claude Code scaffolded the entire DBT project structure, wrote staging models, built data marts (pipeline health, revenue attribution), and autonomously debugged errors when connectors failed.
Decision: For consultancies spending £8,000+ monthly on data engineering capacity, this stack (Airbyte + BigQuery + DBT + Lightdash) eliminates that cost entirely whilst maintaining enterprise-grade infrastructure.
Build a complete data warehouse using free tools and an AI assistant that does most of the heavy lifting—without writing a single line of code yourself.
Operator’s Picks | Tools To Try
IBM watsonx.governance — Use for agent lifecycle management with audit trails, policy enforcement, and drift monitoring. Standout: addresses both ethical AI and operational reliability in single platform. link
CloudEagle.ai — Use for shadow AI detection and real-time monitoring across SaaS estate. Caveat: enterprise-focused, likely overkill for firms under 50 staff. link
RSM AI Governance Framework — Use for policy development and implementation roadmap if you're building governance from scratch. Pair with: existing enterprise risk management processes rather than parallel structure. link
Deep Dive | Thesis & Playbook
Gartner's forecast became reality faster than anyone expected. Agents went from <5% to 40% of enterprise applications in 12 months. Major consultancies deployed to 30,000–350,000 staff. The technology works. But every security audit, every governance review, every enterprise risk assessment is surfacing the same gap: organisations scaled agents before they scaled governance. This isn't a technology problem. It's a discipline problem that separates strategic automation from expensive chaos.
On Paper
Gartner projects 40% of enterprise apps embed agents by end 2026, up from <5% in 2025
WEF case studies: Foxconn + BCG unlocked £800m automating 80% of decision workflows; EXL automated 80% of code migration cutting timelines by 2 years
IBM forecasts multiagent systems becoming standard: 70% of multiagent systems will contain agents with narrow, focused roles by 2027
Open standards emerging: Anthropic's MCP, Google's Agent2Agent protocol enabling cross-platform agent communication
Market surging from $7.8bn to $52bn by 2030
In Practice
Authorization bypass: agents inherit broad permissions, users access data beyond their roles. Marketing agent with Databricks access returns sensitive customer data to new hire with limited permissions. Nothing misconfigured. Agent simply responded using its broader access.
Shadow AI proliferation: teams deploying agents without central registry, creating application sprawl. IT discovering agents 6 months after deployment, no audit trails, unclear data access patterns.
Governance infrastructure lagging capability: firms deploying production agents without escalation paths, blast radius assessments, or rollback procedures. When agents fail, teams uncertain who's responsible.
GSIs winning over SaaS vendors: enterprises need working systems now. System integrators building hundreds of custom agents, shipping in weeks. Commercial software tooling can't keep pace with operationalisation demand.
Human roles shifting: employees valued for intent-setting and orchestration, not task completion. New roles emerging: AI Orchestrators, Agent Governance Officers, Prompt Engineers 2.0.
Issues / Backlash
74% of executives achieve ROI within first year, but only 10% scale past proof-of-concept (McKinsey, Deloitte, Google Cloud Q4 research). 64-point gap isn't technology—it's governance discipline.
Anthropic disclosed Claude Code misused in cyberattack automation (November 2025). By automating technical work, agents lower barrier for malicious activity.
CISOs expressing deep concern but few implementing mature safeguards. Organisations deploying agents faster than they can secure them.
Agent washing: vendors rebranding existing automation as agentic AI. Analysts estimate only 130 of thousands claimed "AI agent" vendors building genuinely agentic systems.
Privacy concerns about persistent agent memory: what data retained, how long, who controls it. Done badly introduces trust issues damaging reputation.
My Take (What to do)
Startup (15-40 staff):
Focus on one high-frequency workflow (30+ mins, 10+ times weekly).
Use vendor agents (Anthropic Skills, Microsoft Copilot) before building custom.
Simple governance: partner approval for client data access, centralised registry, audit logs.
Calculate ROI: (weekly time saved × 52 × partner rate) - (setup + subscription + 10% maintenance). Only proceed if payback under 6 months.
SMB (50-120 staff):
Appoint agent owner from ops team. Require business case, security review, 4-week pilot before deployment.
Track monthly savings—retire agents not delivering ROI after 8 weeks. Use vendor APIs for audit trails.
Focus on vertical use cases: proposal generation, handoff workflows. Not horizontal tools.
Enterprise (150-250 staff):
Establish governance before deploying: approval workflows, data classification policies, least-privilege permissions, audit trails, rollback procedures, escalation paths.
Extend existing GDPR and risk frameworks—don't build parallel AI governance.
Security reviews required: authorization testing, privilege escalation scenarios.
Monthly monitoring: adoption rates, actual vs projected savings, security incidents.
Focus on margin protection: proposal automation, delivery analytics.
How to Try (15-minute path)
Document one repetitive workflow: what triggers it, steps involved, outputs created, time taken, frequency. If takes 30+ minutes and happens 10+ times weekly, proceed. (5 min)
Calculate annual baseline cost: (current time × weekly frequency × 52 × hourly cost). If exceeds £5,000 annually and process follows consistent steps, viable candidate. (3 min)
Identify governance requirements: what client data accessed? Who approves? What happens when agent fails? Who owns rollback? Document answers in Google Doc. (5 min)
Decision point: If ROI positive within 6 months AND governance requirements clear, proceed to vendor evaluation. If ROI negative or governance unclear, workflow isn't ready.
Success metric: documented yes/no decision with specific cost data and governance requirements, preventing wasted pilot effort.
Spotlight Tool | IBM Watsonx.Governance
Purpose: Enterprise-grade AI governance platform for organisations deploying agents at scale.
Edge: combines ethical AI requirements (bias detection, explainability) with operational controls (audit trails, policy enforcement, drift monitoring) in single platform.
Model lineage tracking
Real-time monitoring
Automated compliance reporting
Integration with existing risk frameworks
Agent-specific permissions architecture
Try it: IBM Watsonx.Governance
What did you think of today's email?
Sponsored - Partner
n8n – An open‑source automation platform that lets you chain tools like DeepSeek, OpenAI, Gemini and your existing SaaS into real business workflows without paying per step. Ideal as the backbone for your first serious AI automations. Try: n8n
Did you find it useful? Or have questions? Please drop me a note. I respond to all emails. Simply reply to the newsletter or write to [email protected]