The real issue
OpenAI and Anthropic are rolling out multi-agent features for enterprise customers. These aren’t just chat models anymore; they are coordinated agent systems that can keep state, chain actions, call external APIs, and run with limited human oversight. In short, a single request can trigger a sequence of automated steps across different services.
That’s useful for automation, but it also changes where risk lives. When agents act across cloud services, internal databases, and third-party apps, the number of ways data can leak or be misused grows. Misconfigurations, weak access rules, or unexpected agent behavior can let sensitive information flow to the wrong place or allow an attacker to move laterally through systems.
Crucially, this shift is less about whether a model answers questions well and more about who controls the flow of data and actions inside a customer’s systems. Vendors that package persistent processes and connectors around models are effectively controlling those flows, not just selling model access.
Why this matters now
Companies are pushing to turn AI pilots into cost savings and automated workflows. That creates a demand for turnkey agent systems that come with connectors and billing built in. Vendors that provide those systems can lock in customers with recurring charges tied to agents or workflows, so there’s a strong incentive to ship fast.
That speed matters because control systems and safety guardrails rarely keep pace. Security teams have already flagged AI-driven threats, and allowing agents to call external services raises the attack surface further. Earlier incidents where third-party agents gained unexpected access show how quickly access rules can be bypassed. For further context, see Google Warns AI-Powered Cyberattacks Have Already Begun and Notion opens workspace to third-party AI agents.
That combination-commercial pressure to adopt and a larger technical attack surface-means many organizations will run agent pilots before they’ve fully designed controls for data flow, escalation, and human oversight. That gap is where most of the near-term risk will appear.
What to watch next
- Pricing and billing: Watch how vendors charge-per active agent, per workflow run, or bundled into platform tiers. Billing models will shape who can afford to run many agents and how long they stay active.
- Connector and control tooling: Track announcements from cloud providers and security vendors about access controls, logging, and policy enforcement for agent fleets. These tools will determine how easily organizations can limit an agent’s reach.
- Enterprise pilots and failure reports: Early case studies and documented mishaps will reveal whether agents deliver real savings without unacceptable risk. Look for clear examples of both ROI and failure modes.