AI agents are moving into real work

In the last seven days, AI agents moved from demo territory into daily business operations. Codenotary, Qualys, FloQast, and Oracle all shipped products aimed at one thing: letting software do work that used to sit in a queue for a human.

The signal is hard to miss. Enterprises are no longer asking whether agents can write a few lines of code or answer a support ticket. They are asking how to monitor them, how to stop them from touching the wrong data, and how much autonomy they should get before someone hits the brakes.

Security is the first real bottleneck

The biggest story this week was security. Nudge Security released new discovery tools that help companies find AI agents employees create on their own. That matters because shadow AI is becoming shadow automation, and the risk is not theoretical.

The article’s own warning is blunt: 80% of organizations are already seeing risks from AI agents with too much access to company data. That number is high enough to change procurement, policy, and even legal review. It also explains why the newest products are spending as much time on control as they do on capability.

AgentMon from Codenotary tracks what agents do, what files they touch, and where data moves. Astrix Security expanded its platform to stop unauthorized agent deployments. Black Duck launched Signal to secure code written by AI inside automated pipelines. Palo Alto Networks added Prisma AIRS 3.0 for autonomous AI systems.

• 80% of organizations report risks from over-privileged AI agents
• AgentMon watches behavior, file access, and data patterns across systems
• Prisma AIRS 3.0 targets autonomous AI security controls
• Black Duck Signal focuses on AI-generated code in CI/CD workflows

This is the part of the AI agent story that gets less attention than flashy demos. The real market is being built around permissions, audit trails, and policy enforcement. If a tool cannot explain what an agent did after the fact, it will have a hard time surviving enterprise review.

People trust agents when they can see the reasoning

Trust is the second bottleneck, and it is more subtle than security. Georgia Tech researchers found that older adults trust AI agents more when the system explains its decisions clearly. A simple confidence score like “92% sure” can backfire if users do not know what data drove the result.

That lines up with a broader pattern in product design. People are fine with automation when the system feels legible. They get uneasy when an agent acts like a black box, especially in health, finance, or anything that can affect a paycheck.

“The more complex the algorithm is, the more important it is to explain how it works.” — Fei-Fei Li, Stanford Human-Centered AI Institute

That quote has aged well. It is especially relevant now that companies are wiring agents into workflows that used to be handled by trained staff. If the system can summarize why it took an action, what sources it used, and what it still does not know, adoption gets much easier.

The week also showed that companies are trying to design trust into the workflow instead of bolting it on later. IBM, Auth0, and Yubico partnered on human-in-the-loop authentication for high-risk actions. That means a verified person can approve an agent before it sends money, changes access, or makes a sensitive decision.

The money is moving into task-specific agents

There is also a very practical reason this category is getting hotter: it is easier to sell a narrow agent than a general one. Qualys Agent Val finds security problems and fixes some of them automatically. FloQast Visual Agent Builder lets accounting teams create custom agents with drag-and-drop tools. Oracle AI Database 26ai adds persistent memory and a no-code Private Agent Factory for enterprise workflows.

The pricing and performance numbers make the shift obvious. Klient PSA is launching Hybrid Project Delivery in three weeks with eight specialized AI agents working alongside consultants. Pricing starts at $15 per user per month, plus $1,000 per AI agent as a one-time cost. That is a clear sign that agent features are becoming line items, not moonshot bets.

• Klient PSA: $15 per user per month, plus $1,000 per AI agent one time
• Fujitsu says Application Transform reads legacy code and writes design docs 97% faster
• Fujitsu also claims 60% better document quality and 95% more thorough output
• Analytics teams report 69% using AI processes and 44% running agent-based platforms actively

The adoption data matters more than the marketing language. When 69% of analytics teams already use AI processes and 44% run agent-based platforms actively, this is no longer a side experiment. It is becoming normal operating procedure in teams that care about speed and repeatability.

That said, the week also delivered a warning: more agents do not automatically mean better results. On March 28, coverage noted that teams of AI agents often perform worse than a single agent working alone because they struggle to defer to expertise. That is a useful reminder for anyone planning a multi-agent system just because the architecture sounds impressive.

What this week says about the next 12 months

The biggest shift is not that AI agents exist. It is that companies are now building the surrounding machinery: monitoring, approvals, memory, orchestration, and cost control. Samsara is showing physical AI for trucks and robots. LG Innotek and Applied Intuition are pairing sensors with simulation for autonomous vehicles. NVIDIA is building AI factories with energy companies so compute can act like a grid asset.

That mix tells me the next stage of the market will reward teams that treat agents like production software, not like a chatbot with extra permissions. The winners will be the companies that can answer four questions quickly: what did the agent do, why did it do it, who approved it, and how much did it cost?

If you are evaluating an AI agent project this quarter, start with one repetitive workflow and one control layer. Pick a task with clear inputs, clear outputs, and a human owner who can review exceptions. If the pilot cannot survive that test, it is not ready for wider rollout.

My read: over the next year, the most valuable agent products will be the boring ones. They will not brag about general intelligence. They will quietly reduce review time, catch policy violations, and make sure the company knows exactly which digital worker touched which data. That is where the real procurement budgets are headed.