Technology

Design APIs for agent orchestration (idempotency, retries, transactional boundaries, compensating actions) rather than simple prompt-in / text-out patterns

Expand from “LLM hosting capacity” to a portability and lock-in posture - ability to run stateful agent services, policy enforcement, tracing, and connectors across multiple hyperscalers and open-source stacks (eg Kubernetes, portable IAM abstractions, model gateway)

Move from “sufficient for reporting or summarisation” to “sufficient for autonomous action” - standardise critical data elements, enforce validation at ingestion, measure fitness-for-use per workflow, and remediate via automated controls and accountable ownership

Evaluate vendors on agentic capabilities (tool-use reliability, function calling, safety controls, provenance/audit features) in addition to output quality

Extend lineage to cover agent context assembly and tool inputs/outputs, not only dataset lineage

Shift from tailoring tone/accuracy to shaping action policies, tool-selection behaviour, and domain-specific guardrails

Modularise capabilities so agents can compose and swap tools/services dynamically, beyond embedding GenAI inside monolith workflows

Extend GenAI placement decisions to where autonomous execution and sensitive tool-actions are permitted, including split-brain patterns (reasoning in cloud, execution on-prem)

Shift from “user-triggered GenAI” to agents reacting to events, maintaining state, and initiating multi-step actions automatically

Expand governance from model versions to agent bundles (model + prompts + tools + connectors + permissions + policies + memory/config) with controlled releases and rollbacks

Upgrade for high-frequency agent calls to tools, vector stores, event buses, and audit stores, not just batch inference traffic

Upgrade from prompt/PII controls to continuous privacy enforcement across retrieval, memory, tool calls, and action outputs

Move from user access models to task-scoped, context-aware least privilege for agent identities across domains

Evolve pipelines from feeding models to supporting continuous agent context refresh, policy checks, and remediation triggers

Monitor not only quality but goal success, action correctness, tool error rates, boundary violations, and escalation/override patterns

Engineer for “always-on” agent services with bursts, retries, queueing, back-pressure, and graceful degradation, not just interactive GenAI sessions

Evolve preparation from batch cleaning to continuous enrichment (metadata, labels, sensitivity tags) that agents can rely on at runtime

Move from model/API key management to end-to-end identity for agents, tool credentials, least-privilege runtime authorisation, and automated secret rotation

Extend human RBAC into agent identities and fine-grained tool/data entitlements, including per-task scoped permissions and action class constraints

Add hard technical boundaries around what agents can do - tool allowlists, parameter validation, spend/impact limits, jurisdiction constraints, red-line proximity checks, and kill-switch hooks enforced outside the model

Insert policy-as-code and evaluation gates for agent behaviours (tool use, escalation, unsafe actions), not only model quality checks

Provide an isolated sandbox lane where teams can prototype agents with temporarily elevated permissions using controlled data and hardened tool stubs, with strict egress controls and full tracing

Add explicit safe-states, kill-switches, and manual override paths for autonomous execution, not just “model unavailable” handling

Instrument agent runs so “why did it act” can be reconstructed - action rationale capture, evidence linking, step-level traces, and context provenance (not just final outputs)

Automate evidence collection from build/run systems (tests, approvals, policies, logs, monitoring) into continuously updated evidence packs