Who Controls Your AI Agents?
Between June 1 and June 4, 2026, the signal from enterprise AI was clear: the next fight is not over agents alone, but over the systems they run through.
NVIDIA talked about the harness around agents: orchestration, memory, tools, security, and runtime. Microsoft put Agent 365 beside Entra, Defender, and Purview. Cisco framed critical infrastructure around shared human-and-agent operations. Meta pushed business agents into customer channels. Asana described an operating layer where humans and agents share the same plan, context, and governance.
That is a leadership problem in the making: an agent may act across five systems while no single team owns its permissions, audit trail, or mistakes.
A control plane is the system that decides what an agent can see, what it can do, where it runs, who owns it, and how its actions are audited or reversed. In a human business, those duties are spread across managers, IT, security, finance, legal, workflow systems, and habit. Agents force those informal arrangements to become technical decisions.
That is why this cannot wait. It is no longer a future governance question.
Microsoft’s 2024 Work Trend Index found 75% of global knowledge workers using AI at work. BCG’s 2025 work says only 5% of companies qualify as future-built for AI and are consistently generating substantial value. Gartner, meanwhile, forecasts AI agent software spending at $206.5 billion in 2026 and $376.3 billion in 2027.
That is the gap: although usage is already broad, value is still concentrated in a small minority of companies, and spending is accelerating anyway.
The sharper risk is fragmented authority. Operations may own the workflow. IT may own the app. Security may own access. Legal may own the risk. Finance may own the cost. But the agent may move across all of them in one task.
And that may be fine for experimentation. But it is dangerous for work that moves money, touches regulated data, alters production systems, changes customer commitments, or makes promises on behalf of the company.
Before you ask which agent will save time, ask where authority lives. Who owns it? What is the permission boundary? Where is the audit trail? Who handles escalation? How do you roll it back? If those answers are not clear, the agent may still be useful. It is not ready for consequential work.
Which systems are allowed to decide what our agents can see, what they can do, and how their actions are audited or reversed; and until that authority is explicit, what work stays off-limits?
Sources: Microsoft Build 2026; Microsoft Agent 365 Security Blog; NVIDIA enterprise agents release; Cisco Cloud Control release; Meta Business Agent release; Asana human-agent teams release; Microsoft 2024 Work Trend Index; BCG 2025 AI value gap; Gartner May 2026 autonomous business forecast.
The Bosch Brothers is written by Bala and Krishna Bosch at Keryx Solutions, where they work on AI integration, software architecture, and product delivery. More at keryxsolutions.com