On June 2, two announcements landed within hours of each other. Microsoft unveiled Scout, an autonomous AI agent that runs around the clock inside Microsoft 365 without being prompted. The same day, Workday launched Agent Passport, a system that tests, verifies, and continuously monitors every AI agent before it touches production. One company shipped the accelerator. The other shipped the brakes. Both are telling you the same thing: agents are moving into the most sensitive parts of your business, and the operational layer to manage them doesn’t exist yet in most organizations.

That gap is where the damage will happen.

Two moves, one message

Scout is what Microsoft calls an “autopilot.” It gets its own governed identity, connects to Teams, Outlook, OneDrive, and SharePoint, and acts on a user’s behalf. It schedules meetings, blocks calendar time, and flags stalled decisions. It doesn’t wait for a prompt. It runs in the background, constantly.

Agent Passport does the opposite work. It measures every agent — whether built by Workday or a third party — against public security standards like OWASP LLM Top 10, NIST AI RMF, and MITRE ATLAS. It checks for prompt injection, jailbreaking, data leaks, and unsafe outputs. Every test result gets signed by an independent partner, not by the vendor that built the agent. Cisco is the launch partner providing independent verification.

Workday built Agent Passport because their agents handle payroll, benefits, and financial data. A single bad output there isn’t an inconvenience. It’s a compliance event.

Microsoft knows this too. Scout requires Intune policy configuration and “opt-in attestation” before it runs. But the framing is telling. Microsoft led with capability. Workday led with control.

The numbers behind the gap

The Marlabs 2026 AI Adoption Report, released the same day, puts numbers on this. Drawing from PwC’s 2026 AI Performance Study and 10 major enterprise surveys covering 30,000 leaders across 100 countries, the picture is stark:

  • 88% of enterprises are deploying AI
  • Only 12% of CEOs report both lower costs and higher revenue from it
  • 79% cite significant challenges moving AI into production
  • Two-thirds say security and risk are the top barrier to scaling agentic AI

Eighty percent of firms capture 25% or less of AI’s total economic value.

Read that last number again. Four out of five companies are deploying AI and getting a quarter or less of what it could deliver. The report calls it “a winner-take-most dynamic where top-tier enterprises are pulling away through better operational execution, governance, and integration.”

Not better models. Not better prompts. Better operations.

The question nobody is asking their vendor

Most companies evaluating AI agents are asking: what can it do? Wrong question.

The right questions are operational. Who approved this agent’s access to employee data? What happens when it produces an output that violates policy? Can you revoke a single agent’s permissions across your entire organization in one action? Who signed off on the testing, and was it the same vendor that built the agent?

Workday’s Agent Passport answers those. Most platforms don’t. As Workday’s VP of AI Platform put it: “One insecure agent can leak employee data, break compliance, and put the company on the front page for the wrong reasons.”

I keep coming back to that quote. These agents aren’t hypothetical. They’re processing payments and onboarding employees right now.

Who owns this in your org

This is the part most companies haven’t figured out. IT picks the agent platform. The business unit decides which workflows to automate. Legal and compliance need to sign off on data access. Security needs to validate the agent’s behavior continuously — not just at deployment.

No single role covers all of that. And in most organizations, nobody is accountable for the full lifecycle of an AI agent from selection through monitoring through revocation.

So the real question isn’t which agent to buy or which model runs underneath. It’s who is responsible when an autonomous agent does something wrong at 2 AM on a Tuesday, and what system catches it before it compounds.

What this means right now

The vendor space just showed its hand. The companies building AI agents are now also building the governance infrastructure to contain them — an admission that the technology moved faster than the controls.

If your organization is deploying AI agents without an independent verification process, without real-time monitoring, without a single point of revocation, you’re running the same pattern the Marlabs report describes. You’re in the 80% capturing a quarter of the value.

The fix isn’t more agents or a better model. It’s the operational work nobody wants to fund: testing frameworks, governance layers, monitoring systems, clear ownership chains.

The companies pulling away figured this out already. They aren’t moving faster. They’re moving with controls.