The rate of agentic development is increasing. Google had their Google next event two weeks ago, and they are going all in on agents. How we manage them in mid tier companies is a total mystery to me. I know maybe four or five people within our org who cold get their head around how to wire these together, but we don't currently have the capacity or time to spend on governance or data provenance, or the controls that I think would be useful.
Oddly, I think if you are a larger company or a smaller one, you will have more luck here.
I had a quick look at the agentic playground that Google have announced. It a nice canvas metaphor, but where is the data that these things could connect to, how do I "see" the tools, or how do I make it clear how I might integrate existing workflows from my company in to this. All of that is going to take some time and effort, and it oftentimes feels like we don't have that time.
So, I'm excited, and a bit puzzled about how to take these things forward.
I think a priority is to get ones data into a place that lowers that barrier for these integrations, and we are working on that at the moment. In reviewing some open notes I've started trying out the AI wiki pattern, and am liking it. This is what that process told me about agents
(AI Generated content follows)
1. Agents are not chatbots — they're autonomous workers that need their own identity. An AI agent chains multi-step actions across tools and APIs. Every tool call crosses a trust boundary. This makes IAM the critical control plane, not an afterthought. Enterprises need to treat agents as a new class of principal alongside users and service accounts.
2. Classify before you deploy: Personal Agent, Digital Assistant, or Digital Worker. Each type has a different ownership model, supervision level, and identity requirement.
3. The platform stack is crystallizing around Build, Scale, Govern, Optimize. Expect every major cloud to converge on this four-pillar pattern.
4. Delegation, not impersonation — and least privilege by default. Best practice is short-lived, scoped tokens with clear accountability back to a human principal. Agents should never impersonate users. For high-risk operations, use human-in-the-loop approval (CIBA). Stolen credentials should be un-replayable (certificate-bound tokens, mTLS). This is the "zero trust for agents" posture.
5. This is already production, not pilot. The question isn't whether to deploy agents — it's whether your IAM and governance are ready for the ones already running.
Oddly, I think if you are a larger company or a smaller one, you will have more luck here.
I had a quick look at the agentic playground that Google have announced. It a nice canvas metaphor, but where is the data that these things could connect to, how do I "see" the tools, or how do I make it clear how I might integrate existing workflows from my company in to this. All of that is going to take some time and effort, and it oftentimes feels like we don't have that time.
So, I'm excited, and a bit puzzled about how to take these things forward.
I think a priority is to get ones data into a place that lowers that barrier for these integrations, and we are working on that at the moment. In reviewing some open notes I've started trying out the AI wiki pattern, and am liking it. This is what that process told me about agents
(AI Generated content follows)
1. Agents are not chatbots — they're autonomous workers that need their own identity. An AI agent chains multi-step actions across tools and APIs. Every tool call crosses a trust boundary. This makes IAM the critical control plane, not an afterthought. Enterprises need to treat agents as a new class of principal alongside users and service accounts.
2. Classify before you deploy: Personal Agent, Digital Assistant, or Digital Worker. Each type has a different ownership model, supervision level, and identity requirement.
3. The platform stack is crystallizing around Build, Scale, Govern, Optimize. Expect every major cloud to converge on this four-pillar pattern.
4. Delegation, not impersonation — and least privilege by default. Best practice is short-lived, scoped tokens with clear accountability back to a human principal. Agents should never impersonate users. For high-risk operations, use human-in-the-loop approval (CIBA). Stolen credentials should be un-replayable (certificate-bound tokens, mTLS). This is the "zero trust for agents" posture.
5. This is already production, not pilot. The question isn't whether to deploy agents — it's whether your IAM and governance are ready for the ones already running.