Every technology leader is hearing some version of the same mandate: we need agents. The practical decision is what should stay with a person, and what should run as software.
When leaders say "agents," they usually mean two different things. The first is agent-assisted work: a person using AI inside the work they already do. The second is a managed agent: software that keeps running in the background and acts across company systems.
Most organizations should start with agent-assisted work. Put AI where people already work: on laptops, in browsers, in IDEs, in chat, and inside the daily tools where decisions already happen.
Managed agents matter when a workflow needs to keep moving after someone closes the laptop. They can update systems, remember progress, recover from failure, and escalate to a human when they get stuck. That value comes with a governance problem you cannot skip.
Start with the workflow. Does a person need AI beside them while they work, or does the work need to run on its own?
Most companies already have agents where work happens
Work still happens on a person's computer. A finance lead lives in spreadsheets, email, shared drives, and the tools finance approved for them. A sales leader lives in email, CRM, call notes, and pipeline reviews. An operator lives in inboxes, documents, dashboards, and meetings.
Agent-assisted work fits that shape. The human is doing the work, and AI is helping them do it faster. The agent drafts the report, cleans the spreadsheet, summarizes the meeting, searches the docs, writes the first version of the analysis, or turns a mess of notes into a usable next step.
Claude Cowork and OpenAI Codex are examples. A non-technical operator can use a desktop agent to summarize a meeting, clean a workbook, search company documents, draft a follow-up, or turn scattered notes into a plan. The person stays in charge of the decision.
The permission model is the point. The AI is operating through the person who already has approved access. If the finance lead can read the finance folder, the AI assisting that finance lead can help with the finance folder. If they lack access to legal files, their AI-assisted workflow should stay out of them.
That makes agent-assisted work the right starting point for most companies. It changes how work gets done without asking the business to create a new account, access model, and approval process for software that acts on its own.
A managed agent is a different operating model
A managed agent runs outside a person's active session. It may wake up on a schedule, process background work, update systems, and ask for help when it cannot safely continue.
That is useful when the work cannot depend on a person remembering to prompt it. Think about a Salesforce workflow that watches approved email activity, detects client meetings, drafts notes, updates the right account or deal, and asks in Slack when it cannot confidently map the meeting to the right record. The human answers, the agent records the decision, and the work continues.
At that point, the work has become software. It needs system access, memory, recovery, escalation, and logs. Someone has to own it.
Durable means state plus recovery
"Durable" means the work can survive the real world.
A durable agent can remember what step it is on. It can retry a failed call. It can resume after an interruption. It can wait for a human answer without losing the context. It can record what happened so someone can audit the decision later.
A good model is only one part of that. If an agent is updating Salesforce, SharePoint, an ERP, or an internal operations board, you also need recovery and accountability.
Ask one practical question: if the work fails halfway through, can the agent safely pick up where it left off? If the answer is no, the workflow is still a demo.
The hidden hard part is permissions
Permissions are where managed agents get serious.
Agent-assisted humans use human permissions. The finance person already has a laptop, an account, a device policy, and access rules. The company has already decided what they can see and do. AI makes that person faster inside an access model that already exists.
A managed agent needs its own governed identity. If it is going through SharePoint, does it have free rein across every document? Can it read compensation folders? Can it write back to board materials? Can it only read certain workspaces? Who approves that access? Who sees what it did?
Make the scope too wide, and the agent becomes a security risk. Make it too narrow, and it becomes useless. The hard work is designing the middle: the right identity, the right read and write permissions, the right tools, and the right escalation path when the agent is unsure.
This is why managed agents usually come later. They are powerful when the use case justifies the access and approval work. They are overbuilt infrastructure when the company has yet to decide what the agent should be allowed to do.
Use a managed agent when the workflow passes six gates
A workflow is a managed-agent candidate when it passes these six gates:
- Persistent work. The process must continue outside a person's active laptop session.
- Clear owner. A business owner is accountable for the workflow.
- Governed identity. The agent has its own identity with explicit boundaries.
- Scoped access. The allowed tools, data, and read/write permissions are defined.
- Human escalation. The agent knows when to stop, ask, and continue with the answer.
- Audit trail. Someone can review what the agent did and why.
Until those gates are true, start with agent-assisted work. Train people on the work surface they already use. Connect the systems they already need. Create reusable skills and prompts. Teach the organization what good looks like before you deploy a service that can act on its own.
When those gates are true, a managed agent can be the right move. Let persistence plus governance drive the decision. Complex work can still belong with a human using AI. A managed agent makes sense when the work needs to keep going, and the company can safely define what the agent is allowed to do.
If you need one, use existing infrastructure
If a managed agent is the right layer, avoid recreating the whole system from scratch unless you have a specific product reason. Durability, recovery, identity, permissions, logs, and human handoff are the part you have to manage.
The major AI labs, cloud providers, developer platforms, and infrastructure companies are all moving in this direction. Use that progress. If your company is already standardized on one cloud, start with the durable agent path that fits that environment. If you are open to new infrastructure, evaluate the platform that fits the workflow, the governance model, and the team that will own it.
Choosing the model is only part of the decision. The harder question is who owns the work, access, and recovery when the agent runs.
Deploy the right layer
The companies that get this right ask sharper questions than "What is our agent strategy?"
Where should AI assist the work people already do? Which systems need to be reachable by agents? Which workflows need to persist beyond a person's active session? Which agents need their own governed identity? Where should a human stay in the loop?
That is the real deployment question. Sometimes the answer is agent-assisted work across every team. Sometimes it is a connector or skill that makes existing systems reachable. Sometimes it is a durable managed agent that runs in the background and escalates cleanly when judgment is needed.
Being AI-native means choosing the right layer for the work.
Give us one problem. Let us prove it.
