Workday's rise came from a simple insight: legacy HR systems were built for permanence, not change. In 2005, the company was born into a world of static forms, batch processing, and endless spreadsheet workarounds. Twenty years later, it became the benchmark for cloud-native enterprise software, powering more than 10,000 organizations and tens of millions of workers. Now the premise has flipped. In April 2026, venture capitalist Joe Schmidt IV asked the question that spooked the market: if the next generation of HR software is agent-native — designed from the ground up to let autonomous systems handle decisions and workflows — who needs to sit through Workday's interface at all? More troublingly for incumbents: once that agent-native system exists, can anyone go back?

Aneel Bhusri took the stage at Workday's Rising conference in April, nine weeks after returning as CEO on February 9, 2026. The company had lost roughly $40 billion in market value since its May 2025 peak. Just weeks before, the co-founder had announced a 2% workforce reduction — about 400 positions concentrated in customer operations — alongside $135 million in restructuring charges. The stock was trading near $119, down 56.5% from its 52-week high of $274.71. The narrative he needed to arrest was simple but lethal: that Workday's core architecture, while revolutionary in 2006, had become a liability in 2026. Joe Schmidt's a16z essay 'Workday's Last Workday?' had crystallized the fear into a thesis. Workday was offering 'Flex Credits' — consumption-based pricing on the same 2005-era engine — rather than a reimagining. In an AI era, that looked like defending VHS rental markets with loyalty programs. Bhusri's response was defensive and acquisitive. The company had spent close to $3 billion in 18 months on four strategic acquisitions: HiredScore (talent orchestration), Evisort (contract intelligence), Paradox (conversational AI recruiting), and Sana (a $1.1 billion deal signed in September 2025, expected to close in Q4 FY26). The Sana deal was the most telling: a pure-play learning platform with deep AI chops, signaling that Workday could not innovate fast enough internally. Meanwhile, the company announced results that appeared contradictory. It had shipped 12 new role-based agents — Self-Service Agent, Planning Agent, Contract Intelligence Agent — and over 400 customers were running them in production. In the Self-Service Agent alone, early-access customers reduced HR case volume by 25% and lifted employee productivity by 20%. Fiscal 2026 delivered 1.7 billion AI actions across the platform. Revenue hit $9.55 billion (up 13.1% annually), and subscription revenue reached $8.83 billion (up 14.5%). But the stock kept falling. Analysts cut price targets. Insiders sold $128 million of shares over 90 days. The market's read was unforgiving: Workday was burning cash on legacy customer-support infrastructure (the layoffs) while trying to retrofit agents onto a system that was never designed for autonomous execution. Josh Bersin, the analyst who had often defended Workday's evolution, published his own reassessment, 'The Reinvention of Workday: From System of Record to Platform of Agents.' His framing acknowledged the existential shift. Workday was no longer selling software. It was selling a theory — that enterprise determinism (payroll rules, approval chains, compliance segregation) could coexist with probabilistic AI reasoning.

To understand the threat, it helps to remember what Workday displaced. In the 1990s and early 2000s, Human Capital Management was owned by on-premise monoliths like PeopleSoft and SAP HR — systems built around batch cycles, month-end closes, and fixed organizational hierarchies. HR admins spent their days in data entry, reconciliation, and handholding. Workday's insight was architectural: build the system in the cloud, where you can iterate; design for continuous change (transfers, terminations, compensation changes) rather than quarterly uploads. The company won a generation of upgrades by being different, not just better. But that architecture carried a hidden cost. Workday's core data model was built around entities: employees, positions, pay groups, approval chains. The interface was organized around those entities — forms, workflows, reports. The security model assumed humans with roles would review and approve. The revenue model assumed you paid per seat, per month, in perpetuity. All of this made sense when the bottleneck was human judgment. AI changed the bottleneck. If an agent can triage expense reports, validate job postings, recommend compensation adjustments, or draft performance feedback, the question is no longer 'How do I make it easier for an HR person to do this?' but 'How do I let the system do it directly, with governance?' That second question requires a different architecture — one where agents are first-class citizens, not features bolted onto a human-centric interface. The agent needs direct access to deterministic rules (payroll logic, compliance guardrails), probabilistic reasoning (language understanding, recommendations), and execution paths (posting a job, triggering a payment). Workday's 20-year-old data model, while robust, was not built with agents in mind. SAP SuccessFactors, Workday's primary competitor, faces the same trap. SAP is older, more entrenched in German and DACH enterprises (BMW, BASF, Lufthansa, Bayer all run SuccessFactors or its predecessors), and even more burdened by legacy. The global HCM market is worth roughly $24 billion and growing at 9.8% CAGR through 2030. Workday and SAP SuccessFactors together hold about 35% by revenue. But as Futurum Group analysts noted in their early-2026 survey, enterprises are running 'AI-readiness reviews' across systems they thought were locked in for a decade. For many, the question has shifted: 'Is my HCM system ready to be the operating system for agents?' CHROs and CIOs are now asking vendors: Do you have agents? Yes — but are they agents in production, running workflows on real data, or just proofs-of-concept? How do you handle multi-step processes — not just recommendations, but end-to-end execution? Can agents learn new workflows, or are they fixed to the dozen you've shipped? What's the licensing model — a per-action consumption fee that scales dynamically, or a procurement innovation (Flex Credits) that leaves the seat-license unit economics intact? Workday's answer is Illuminate, the AI brand launched in 2024 and expanded significantly in 2025 with 25-plus features. The company claims more than $400 million in emerging AI ARR growing triple digits year-over-year. But the market's skepticism is real. A company that makes $8.8 billion in annual subscription revenue cannot easily pivot to a world where agents do the work for $0. Flex Credits and AI ARR look like an attempt to thread the needle: monetize automation without cannibalizing legacy licensing. The trick is getting harder as customers realize they are being asked to pay for the privilege of using the old engine, not a new one.

Data Loss Prevention (DLP) is a security mechanism that scans documents and communications to block sensitive information — credit-card numbers, source code, personnel files — from leaving an organization. Sensitive Information Types (SITs) are the patterns DLP looks for, both standard ones like passport numbers and custom ones tailored to a company's own secrets. The EU AI Act's Article 53 requires providers of general-purpose AI models (GPAI) to document how they handle training data and user interactions. Starting August 2, 2026, the European Commission can fine GPAI providers for non-compliance. Microsoft is now embedding DLP and compliance logging directly into Purview, its security and governance platform, so enterprise customers can record and control how Copilot handles sensitive data — turning compliance into a product feature shipped in E5 licenses rather than something bolted on by third parties.

Charlie Bell, Microsoft's executive vice president of Security, Compliance and Identity, walked onto the RSA 2026 stage in San Francisco in late April with a sentence that until last year would have sounded oddly ambitious: 'We're going to secure data as AI scales.' Behind him, slides itemized the next layer of Purview, Microsoft's data-governance platform. The headline announcement: Data Loss Prevention for Microsoft 365 Copilot moved from public preview to general availability across all E5 customers. Prompts and responses inside Copilot and Copilot Chat are now scanned in real time against Purview DLP policies. If a user pastes source code, customer PII, or any pattern matching a configured SIT, Copilot refuses to process the prompt and surfaces a clear message to the end user. The capability is included for every M365 Copilot and Copilot Chat seat at no additional cost. Alongside DLP-GA, Microsoft began phased rollout of AI Data Security Investigations through May 2026. The investigation surface correlates audit logs from Microsoft 365, Azure, and third-party AI services — pulling signal from Defender for Cloud Apps (which tracks shadow-AI usage across SaaS platforms) and the unified audit log — to reconstruct the data lifecycle of a single AI interaction. An analyst can now ask: where did this sensitive document go after a user pasted it into Copilot, and which cloud-storage or external AI service touched it? Mid-May, customers also receive a guided diagnostics experience for DLP policy authoring, with Security Copilot insights explaining why a policy fired and how to tune detection. Finally, a Data Security Triage Agent uses AI to interpret custom Sensitive Information Type definitions — the rules enterprises write to identify proprietary data — and surface AI-generated semantic context to the security team when an alert fires. Taken together, the four moves relocate governance from the compliance-and-audit silo into the daily operations of M365 Copilot users and security teams. The narrative pivot: Microsoft is not just adding features. It is repositioning Purview as the enterprise's de facto AI data-governance control plane — the place where policies and investigations happen in real time, not in retrospective breach forensics. For Microsoft, the timing is deliberate. Three months from now, on August 2, 2026, the European Commission's enforcement powers under the EU AI Act activate. From that day, GPAI providers and the enterprises that deploy them face information requests, model recalls, and fines of up to €15 million or 3% of global annual turnover under Article 99. The May 1 issue of this briefing covered the GPAI Signatory Taskforce kickoff on April 23. Microsoft signed the Code of Practice early. So did 25 other providers. What was missing was the operational scaffold inside customer estates. Purview's May 2026 rollout is that scaffold.

The EU AI Act entered into force on August 2, 2024, but its teeth arrived in phases. Article 53 obligates GPAI providers — Microsoft, Google, Anthropic, OpenAI, Mistral, Meta, and others — to maintain technical documentation, provide downstream transparency, comply with EU copyright law, and publish training-data summaries. These obligations were immediately binding for any GPAI model placed on the EU market after August 2, 2025; pre-existing models had until August 2, 2027 to comply. The Commission's enforcement powers, however, only activate on August 2, 2026. That creates a narrow but critical compliance window. Enterprises that deploy GPAI systems (including Microsoft 365 Copilot) inside their own infrastructure need to demonstrate, from now through August, that they have controls to log interactions and identify sensitive data. If a regulator or a client audit discovers that an enterprise allowed proprietary information or personal data to flow through an unmonitored GPAI system, both the GPAI provider and the enterprise customer face exposure. Microsoft's August 2025 rollout of DLP for Copilot, and its May 2026 hardening with AI Data Security Investigations and the triage agent, is timed to fill that gap. For DAX40 companies — Allianz, BMW, Daimler, Deutsche Bank, Siemens, Merck KGaA, Adidas, Bayer — this becomes table stakes for Copilot adoption. Germany's Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) and the European Data Protection Board have signaled skepticism about Copilot's default data flows to Microsoft cloud and OpenAI. Purview's stack offers a contractual and operational answer: customers can point to logs, policies, and agent-driven oversight as proof of reasonable security measures. The stack now reads: (1) DLP scanning at prompt and response boundaries; (2) unified audit logging; (3) correlation with shadow-AI detection through Defender for Cloud Apps; (4) AI-driven triage and diagnostics for the security operations center. Salesforce (Einstein) and Google (Workspace Duet) have not bundled equivalent governance into standard licenses; they rely on ISV layers, professional services, or third-party SIEM/SOAR integrations, adding cost and complexity. Anthropic publishes constitutional AI and data-governance principles but does not offer the same real-time endpoint controls. This positions E5 as the most operationally complete EU AI Act compliance plane on the market — a contrast that will shape Q3 and Q4 procurement conversations across DACH boards. The August 2 enforcement deadline is the catalyst. Article 99 fines for non-compliant GPAI providers run up to €15 million or 3% of global annual turnover, whichever is higher; for false or misleading information to the AI Office, up to €7.5 million or 1%. Enterprises that fail to document reasonable safeguards risk secondary exposure under their own GDPR and sectoral obligations (BaFin for financial services, BSI for critical infrastructure). Purview turns that documentation requirement into a few clicks and a downloadable audit report — which, in a procurement bake-off, is a difficult feature to compete against.

Adam Foroughi, CEO of AppLovin, has published the operational scripture that most senior technology leaders will measure themselves against for the next eighteen months. In a long-form 20VC podcast interview released May 3, Foroughi articulated an AI-native restructuring playbook: slice headcount by 40 to 50 percent during strong revenue growth, reduce HR from eighty to fifteen by eliminating administrative roles, abolish learning-and-development functions entirely, and treat the arrival of AI capability as a signal to permanently delete any role that could be automated. His framing is neither defensive nor apologetic — layoffs are not a cost-cutting side effect but an operational precondition. The template is now boardroom currency, especially in DACH, where DAX40 firms benchmark their own Allianz Nemo, SAP Joule, and Siemens Industrial Copilot rollouts against an executed model rather than a thesis.

Adam Foroughi sat across the microphone on the 20VC podcast, speaking to an audience of venture capitalists and technology operators, and delivered what may be the most concrete public articulation yet of a labor-negative, technology-positive restructuring doctrine from a CEO commanding a $160 billion market capitalization. The moment carried weight: a company run by Foroughi since cofounding AppLovin in 2010, after a near-total collapse in late 2022 (down roughly 92% from peak), had rebuilt itself into a machinery generating around $10 million in EBITDA per employee across fewer than 400 people in its core ad-tech business. The path back, Foroughi explained, was not more headcount — it was ruthlessly less. Across 2024 and into 2025, AppLovin cut its workforce by roughly 40 to 50 percent in most departments. The cuts were not across-the-board bloodletting; they were structural and deliberate. 'If a role can be automated, it shouldn't exist,' Foroughi told 20VC's Harry Stebbings, paraphrasing his own internal memo. HR, which had employed between 70 and 80 people, contracted to fifteen 'doers.' The company eliminated its learning-and-development function wholesale. Engineering layers where weaker engineers could not leverage AI tools to deliver tenfold productivity gains were excised. The majority of production code is now generated by AI, with humans reserved for review, validation, and security hardening. The restructuring coincided with a shift in AppLovin's technical foundation. The AXON 2.0 machine-learning advertising engine drove revenue acceleration: $4.71 billion in 2024 (up 43%), $5.48 billion in 2025 (up about 16%). Adjusted EBITDA margin in the software platform crossed 80 percent. Foroughi's restructuring directly enabled those margins: fewer people per dollar of output meant additional revenue flowed almost entirely to the bottom line. But the framing matters more than the financials. Foroughi did not present layoffs as a regrettable necessity. He presented them as a forward-looking strategic bet. Companies that fail to treat AI automation as a signal to delete roles, he argued, will lose competitive standing to those that do. The structural echo is unmistakable: this is Jack Welch's forced-curve ranking system at GE — fire the bottom 10 percent annually, executed for two decades, with durable human costs — rendered explicit and technology-forward. Foroughi simply bypassed the performance-ranking fiction and declared headcount reduction a rational operating principle for the era of generative AI. Alongside the layoff doctrine, Foroughi attacked a parallel orthodoxy: token budgeting. Treating tokens as a department-level budget or leaderboard, he said, is 'flawed logic' that produces 'high-volume crap that burns capital.' The fix: align consumption against specific revenue KPIs and abolish internal token leaderboards. That second prescription — directly relevant to every CFO running a 2026 token-spend forecast — landed alongside the workforce one. The David Senra podcast episode published the same day reinforced the narrative arc: AppLovin's stock buybacks, lean organizational design, and fortress economics are not departures from shareholder capitalism but the apotheosis of it.

AppLovin's $160 billion market capitalization rests on an organizational footprint that would have looked lean ten years ago and now appears almost skeletal. The core advertising business runs on roughly 400 employees generating about $10 million in EBITDA per head — a metric that sits in a different order of magnitude from peers. To achieve this, the company did not downsize incrementally. It moved decisively: HR from 70–80 to 15. Total headcount cut by 40 to 50 percent across most functions in 2024. No learning-and-development function. No CHRO. No COO. The executive function is confined to CEO, CTO, CFO, and General Counsel. The revenue base that supports this structure grew from $3.28 billion in 2023 to $4.71 billion in 2024 to $5.48 billion in 2025. Even as 2025 growth moderated to 16 percent year-over-year (from 2024's 43 percent), the company still operated with the highest margins in its sector. Foroughi's argument rests on two premises: first, that AI-generated code and AI-driven operational processes can replace entire job categories without loss of quality; second, that the cultural coherence required to operate at scale is provided not by human L&D but by hiring for raw aptitude and filtering ruthlessly. This philosophy is now traveling into corporate boardrooms across DACH. Every DAX40 board measuring a CIO or CHRO against a competitive benchmark will find Foroughi's playbook on the table. Allianz Project Nemo, covered in the May 3 issue, processes food-spoilage insurance claims in under five minutes using seven specialized agents — with human claims professionals retaining final decision authority but AI handling triage, fraud screening, payout calculation, and audit. SAP Joule, generally available in Q1 2026, ships with more than 2,400 specialized skills and 40-plus industry-specific agents. Siemens unveiled nine industrial copilots at CES 2026, integrated with NVIDIA NeMo microservices and designed to automate shopfloor operations, equipment maintenance, and supply-chain optimization. All three are human-in-the-loop systems: they reduce the headcount required to handle the same volume but do not eliminate roles outright. Foroughi's model takes the next logical step. It asks what roles should exist at all if the machines can do the work. German labor law and EU precedent are already colliding with that question. The Hangzhou Intermediate People's Court ruled on May 2 that automation alone does not constitute objective circumstances necessitating termination — covered as the May 2 issue's story 4. The ruling does not bind German employers, but it signals one edge of the regulatory landscape: labor protections that treat job displacement by automation as insufficient grounds for dismissal. The EU AI Act, in effect from August 2, 2026, classifies HR-related AI systems (including performance evaluation and dismissal recommendation) as high-risk, requiring documented risk assessments, fundamental-rights impact assessments, human oversight, and transparency. Violations carry fines calculated as a percentage of global annual turnover. The stage is set for a year of board-level pressure that will pit shareholder expectation (AppLovin's model = maximum efficiency) against labor-law compliance (DACH and EU restrictions on AI-driven dismissal) and reputational risk (public criticism of AI as cover for routine headcount reduction). Boards will read Foroughi as a benchmark. Workers councils will read him as a threat. CIOs will sit between.

Cloud GPU pricing operates across three tiers. Reserved capacity locks rates for one to three years at 30–40% discounts. On-demand rates are charged hourly without commitment. Spot pricing is the lowest tier but vulnerable to preemption when hyperscalers reclaim capacity. In stable markets, enterprises use reserved capacity for predictable base load and blend in spot for overflow. Spot only works when supply is abundant. In April–May 2026, NVIDIA Blackwell B200 spot pricing surged from roughly $2.20–$2.31/hr off-peak to $4.95/hr on heavy-load weeks, while on-demand rates climbed to $6.19/hr — up 26% year-on-year. The spot–reserved gap widened as hyperscalers locked in multi-year contracts, leaving smaller enterprises competing for volatile scraps.

A CFO at a mid-tier German automotive supplier opens her Q2 reforecast email on May 1. Last August, she had budgeted for inference at $1.80 per million tokens based on analyst consensus: steady deflation, token costs tracking Moore's Law, a glut of compute pushing prices toward marginal cost. Two days earlier, DeepSeek had published $0.87 per million output tokens, seeming to vindicate that thesis. But the email contains a new cloud-provider rate card, flagged urgent. NVIDIA B200 spot rates have spiked 114% in six weeks. Her team's test workloads, planned for a 36-month reserved commitment near $2.50/hr, now face a spot-market floor of $2.31/hr with recurring surges to $4.95/hr — pricing that inverts the entire FinOps case that justified the AI inference pilot to her CFO peer group. This scene, repeated across enterprise boardrooms in April and May 2026, exposes a contradiction at the heart of the AI infrastructure story. Token prices have fallen — DeepSeek's promotional output rate is roughly 97% cheaper than Claude Sonnet — but the substrate, the actual compute capacity to serve those tokens, has become violently scarcer. The tightness is material. NVIDIA Blackwell GPUs, which began shipping in volume in January 2026, are sold out through mid-2026 with a backlog around 3.6 million units. Microsoft, Google, Meta, and Amazon placed multi-billion-dollar forward orders for B200 and GB200 systems through 2025, consuming nearly all of NVIDIA's allocation through 2027. That left mid-market and smaller enterprises with two choices: wait 8–16 weeks for direct allocation (down from 12–24 weeks in Q4 2025, but still punitive), or bid for capacity on the spot market — where prices are now set by the marginal demand of hyperscalers' burst workloads. On April 18, Spheron's real-time pricing tracker showed B200 spot rates at $2.25/hr per GPU on 36-month reserved contracts, the lowest binding rate available. By late April, heavy-load weeks pushed spot prices to $4.95/hr, a 120% spike. On-demand pricing climbed to $6.19/hr, a 26% year-on-year increase, despite the industry's public narrative of cost deflation. CoreWeave's 8-GPU instance ($68.80/hr on-demand) offered spot discounts of up to 54%, but only if capacity was available — which it rarely was during peak hours. NVIDIA's supply crunch is not a surprise. The company's April earnings guidance acknowledged the shortage with unusual candor: Blackwell is capacity-constrained by memory (HBM3e), not the GPU die. NVIDIA, AMD, and others all compete for allocation from the same three HBM suppliers — SK Hynix, Samsung, and Micron — creating a binding bottleneck. With H200 (the predecessor) still ramping and B200 ramping simultaneously, both demanding HBM3e, the memory market is starved. NVIDIA CFO Colette Kress framed the constraint as 'a function of memory cycle, not silicon yield.' For enterprise customers in queue behind Google's 63% capex increase and Microsoft's $190B 2026 capital plan, the framing is little comfort. For enterprises, the downstream effect is a pricing inversion. Hyperscalers, locked into multi-year reserved contracts at negotiated rates (estimated at $2.50–$3.00/hr for bulk B200), can absorb spot-market noise. Smaller operators face the full volatility: on-demand at $6.19/hr for predictable workloads, or gamble on spot — accepting preemption risk and the possibility of a 2x price swing week-to-week.

The April–May 2026 repricing marks the third major GPU shortage-driven volatility spike in AI infrastructure. The first came during the cryptocurrency mining boom (2017–2018), when consumer-grade GPUs (GTX 1080, GTX 1070) became unavailable and prices doubled. The second struck in late 2022, when NVIDIA H100 demand from hyperscalers and training labs outstripped supply, pushing H100 cloud rental rates from roughly $3/hr to $8/hr on spot markets by early 2023. Both episodes resolved through supply ramp (new fabs, new yields) or demand destruction (crypto crash, model-training pause). This time, the resolution timeline is longer — NVIDIA has signaled no meaningful Blackwell relief until Q4 2026 at earliest. What makes 2026 distinct is the macroeconomic context. In previous cycles, the enterprise response was simple: wait or switch to older hardware. In 2026, enterprises face a narrowing window to deploy AI inference pilots before their model-training strategies (which depend on the same inference layer for RAG and fine-tuning) cascade into production. Additionally, the deflationary curve — premised on the assumption that inference token costs would halve every two to three years through compression, larger models, and better quantization — has stalled. DeepSeek's $0.87 per million output tokens, published May 2, 2026, was celebrated as a watershed; it was a model-level achievement, not an infrastructure achievement. The B200 substrate beneath all inference services (including DeepSeek's own API) remains capacity-constrained. Q2 2026 capex-reforecast meetings, now in full swing, force the choice. Enterprises can book inference spending at April spot rates (acknowledging the volatility), wait for H2 relief that may not come, negotiate reserved capacity with hyperscalers (a privilege limited to seven-figure annual commitments), or migrate to alternative substrates — AWS Trainium (about 25% cheaper per token for some workloads but immature for LLM inference), Google TPU v5e (roughly 3x per-dollar inference throughput versus the prior TPU generation, but limited model support), or AMD MI300X (about 74% of B200 throughput, not yet broadly available on hyperscaler platforms at scale). The Deutsche Telekom Industrial AI Cloud — launched earlier in 2026 with over 1,000 NVIDIA DGX B200 systems and around 10,000 Blackwell GPUs in a Munich data center — is a bet on this exact timeline. Telekom, anchored in DACH industrial policy and data sovereignty, secured B200 allocation early and is now a substrate provider for SAP, Siemens, BMW, and Bosch inference workloads that would otherwise route through AWS, Azure, or GCP. Even Telekom's sovereign infrastructure does not escape the spot-market repricing: its published rates for B200 inference rose roughly 18% month-on-month in April, a flag that even captive capacity is absorbing the supply shock. Historically, NVIDIA has navigated such squeezes by allowing small price creep at the margins — gradual increases that enterprises rationalize as yield improvement and feature richness. This time, the margin is the entire inference segment. The company's Q1 2026 earnings showed inference-serving startups tripling token-generation rates on B200 hardware, suggesting utilization is not the constraint; availability is. NVIDIA's guidance for Q2 2026 revenue ($45B ± 2%) implies that even with the Blackwell shortage, the company is capturing the full value of scarcity rent — a luxury competitors will work hard to dilute over the next 12 months.

Orchestration, in the agentic-AI context, is the central control layer that tells multiple independent AI agents — and the humans and robots they work with — which ones should act, in what order, with which permissions, and what to do if one fails. It is not the agents themselves; it is the traffic cop directing them. Imagine a claims office where one agent reads damage photos, another checks coverage rules, a third flags fraud patterns, and a fourth recommends a payout. Without orchestration they step on each other. With it they move in sequence, hand off work, roll back on error, and maintain a single audit trail. Over the past two years, enterprises thought the AI problem was 'Can we build a good agent?' The question that turns out to matter is 'Can we run ten of them safely together?'

Michael Atalla sat in a studio somewhere in early May, doing what CMOs of five-year-old IPO companies do: looking backward to justify the pivot forward. UiPath, once synonymous with robotic process automation — the click-and-drag bots that handled rote data entry — had spent the past two years rebranding itself as an orchestration platform. The message in his Rundown AI interview on May 3 was clear: the wall most AI projects never get past is not model capability, it is the orchestration of agents, automation, and humans. That same week, on SandHill's Sunday digest, Array Ventures' Shruti Gandhi published a sharper companion argument under the headline 'Agents broke the security stack.' Her thesis: the old gate-review-approve-execute model — where humans signed off before any system touched production — becomes invalid the moment agents start acting autonomously across third-party services with their own delegated credentials. Authorization gates require a human to know what the agent will do before it does it. Agents, by design, do not work that way. The two statements do not contradict; they compound. Atalla was saying the engineering problem is orchestration. Gandhi was saying orchestration without solving the governance problem is a liability bomb. Together, they crystallized something enterprise leaders have been feeling for six months: the failure wave in AI pilots is not coming from bad models. Gartner data bears this out. As of March 2026, only 11 to 14 percent of enterprise AI agent pilots had reached production at scale. The remainder failed to generate durable value. Gartner now expects 40 percent of all agentic AI pilots to be cancelled by 2027. MIT research pinpoints the culprit: not model capability, but architectural robustness, governance, and integration. About half of agentic AI pilots fail on infrastructure — not user experience, not model intelligence, but the plumbing that holds a multi-agent system together. This is not new to enterprises that lived through the RPA arc. Between 2018 and 2022, roughly half of RPA projects failed for reasons that had nothing to do with whether bots could click buttons. They failed because enterprises had no governance model for deploying hundreds of bots, no way to audit which bot did what, no clear ownership between IT and business, and no orchestration layer to say 'this bot runs first, that bot runs second, if this one fails, roll back and alert a human.' Enterprise architects were forced, over years, to build that apparatus from scratch. The difference now is that the apparatus must exist before the pilots scale, not after. The real-world proof arrived in May from Allianz in Germany. Project Nemo, the agentic AI pilot for insurance claims (already covered in this briefing on May 3), deployed seven cooperating agents — planner, cyber, coverage, weather, fraud, payout, audit — under a central orchestration layer. Each agent had a narrowly scoped role; the orchestrator maintained process state, routed work, and produced an audit trail. For eligible food-spoilage claims under €300, cycle time fell from days to hours, an 80 percent improvement. The critical detail: this was not a model breakthrough. Allianz used standard large language models. The win came from the orchestration architecture — a planner agent decomposed the claim into steps, routed work to specialists, and an audit agent preserved the full decision log for compliance. Orchestration made autonomous action legible to regulators and humans.

Why does orchestration matter so much? Because the agent itself is not the system. The system is the orchestrator plus the agent plus the credential manager plus the audit logger plus the fallback handler. Pull out any one and the whole thing fails under production load. When UiPath repositioned as an orchestration vendor, it launched Maestro — a cloud-native control plane designed to manage AI agents from Google Vertex, Microsoft Copilot, Databricks, and others on a single surface. Maestro's core job is not to run agents; it is to decide which agent runs, when, with what credentials, and what to do if it crashes. Maestro manages task decomposition, state persistence, and failure recovery — the three things that separate the 11 percent of systems reaching production from the 89 percent that do not. SAP made the same architectural choice with Joule. Rather than releasing agents into the wild, SAP uses an Agent-to-Orchestrator pattern where Joule interprets, plans, and routes work to specialized SAP agents, maintaining abstraction and control over security, governance, and reliability. Joule does not expose agents directly to external requests; it translates open protocols (Model Context Protocol, Agent-to-Agent standards) into SAP's internal orchestration APIs. This is not a convenience. It is a moat. The companies winning with agents are those that can offer orchestration as a managed service, not just agent-building tools. The security layer is now inseparable from the orchestration layer. Forrester published the AEGIS framework in 2026 specifically to address this — Agentic AI Enterprise Guardrails For Information Security — mapping orchestration, identity, data, application security, threat operations, and Zero Trust principles onto agentic systems. The core insight: autonomous agent behavior is a new enterprise attack surface. Industry surveys show roughly 80 percent of organizations deploying agents report unintended agent behavior, and a meaningful share have already exposed agent credentials. Most have no clear visibility into where agents exist in their tech stack. The credential problem is acute. Unlike humans, who need one login and can be audited on request, agents need machine-to-machine authentication at scale, with short-lived tokens, behavioral anomaly detection, and automatic access revocation if an agent acts outside its pattern. Companies like Aembit and 1Password are building 'workload identity' layers — products that issue short-lived, scoped, just-in-time credentials to agents rather than long-lived API keys. This is architectural work, not a feature, and it sits in the orchestration layer. Enterprises already running agent pilots report the same bottleneck. Deutsche Bank, working with Google Cloud, deployed agents for trading surveillance in early 2026 — not to generate recommendations, but to autonomously flag misconduct patterns and escalate to a human desk within seconds. The orchestration layer there must route suspicious trades, maintain the regulator audit trail, and revoke the agent's access if it starts flagging false positives at unusual volumes. Siemens launched the Eigen Engineering Agent for industrial automation in April, generally available after piloting with over 100 customers. The agent can write PLC (programmable logic controller) code autonomously, but only within a Siemens orchestration layer that prevents it from rewriting code outside its designated scope. Again: orchestration is the wall. Model capability was already there. The convergence with the RPA lesson — and with service mesh adoption in Kubernetes infrastructure between 2017 and 2022 — is exact. Once you move from one container to dozens, you cannot rely on application-level security. You need a control plane that can route, authenticate, and audit every interaction. Enterprises took three years to build that muscle for containers. They have less time for agents, because the stakes — budget spend, data exposure, compliance violations — are higher and the blast radius is faster.