The Post-SaaS Paradox: Why Your AI Strategy is Scaling Architectural Entropy

1
00:00:00,000 --> 00:00:03,600
Most organizations think they're rolling out co-pilot.

2
00:00:03,600 --> 00:00:05,880
They're not, they're switching from deterministic SaaS,

3
00:00:05,880 --> 00:00:07,560
where you can diagram cause an effect

4
00:00:07,560 --> 00:00:09,360
to probabilistic orchestration,

5
00:00:09,360 --> 00:00:12,160
where behavior emerges at runtime and drifts quietly.

6
00:00:12,160 --> 00:00:14,320
This episode gives you a post-sass mental model,

7
00:00:14,320 --> 00:00:16,800
three Microsoft scenarios you'll recognize immediately,

8
00:00:16,800 --> 00:00:20,280
and one metric that exposes the real risk, mean time to explain.

9
00:00:20,280 --> 00:00:23,240
If you're responsible for Microsoft 365, Power Platform,

10
00:00:23,240 --> 00:00:24,600
or Azure AI subscribe,

11
00:00:24,600 --> 00:00:27,320
because agent sprawl isn't coming, it's already here.

12
00:00:27,320 --> 00:00:30,160
Now, the foundational misunderstanding,

13
00:00:30,160 --> 00:00:33,480
the foundational misunderstanding, AI as a feature,

14
00:00:33,480 --> 00:00:34,880
not an operating model.

15
00:00:34,880 --> 00:00:37,560
The most comforting story in enterprise IT right now

16
00:00:37,560 --> 00:00:40,160
is that AI is a feature, a checkbox,

17
00:00:40,160 --> 00:00:43,680
a license, a rollout plan, a change advisory board item,

18
00:00:43,680 --> 00:00:46,720
something you enable the same way you enabled exchange online,

19
00:00:46,720 --> 00:00:48,760
teams, or e5 security.

20
00:00:48,760 --> 00:00:51,800
People wanted to fit inside the existing SaaS operating model

21
00:00:51,800 --> 00:00:53,320
because that model is familiar,

22
00:00:53,320 --> 00:00:57,320
you provision accounts, assigned permissions, configure policies,

23
00:00:57,320 --> 00:00:59,760
publish guidance, and then the system mostly behaves

24
00:00:59,760 --> 00:01:02,640
the same way tomorrow as it behaves today.

25
00:01:02,640 --> 00:01:05,280
That model worked because SaaS for all its floors

26
00:01:05,280 --> 00:01:07,080
is still largely deterministic.

27
00:01:07,080 --> 00:01:09,480
Deterministic doesn't mean perfect, it means legible,

28
00:01:09,480 --> 00:01:12,080
it means state transitions are predictable enough

29
00:01:12,080 --> 00:01:16,120
that architects can draw boundaries, auditors can map controls,

30
00:01:16,120 --> 00:01:17,720
and operators can build runbooks

31
00:01:17,720 --> 00:01:19,520
that assume the platform will execute

32
00:01:19,520 --> 00:01:21,480
what it was configured to execute.

33
00:01:21,480 --> 00:01:23,840
When SaaS fails, it tends to fail like a machine,

34
00:01:23,840 --> 00:01:26,040
outages, throttling, expired certificates,

35
00:01:26,040 --> 00:01:30,120
broken dependencies, bad deployments, ugly, but explainable.

36
00:01:30,120 --> 00:01:32,360
AI doesn't land as a feature inside that world,

37
00:01:32,360 --> 00:01:34,080
it lands as a new execution layer

38
00:01:34,080 --> 00:01:36,760
that sits inside every workload you already run.

39
00:01:36,760 --> 00:01:38,760
And the moment that execution layer makes decisions

40
00:01:38,760 --> 00:01:40,880
at runtime, your old assumptions start decaying,

41
00:01:40,880 --> 00:01:42,960
not because Microsoft broke something,

42
00:01:42,960 --> 00:01:45,440
because you moved from configuration-driven execution

43
00:01:45,440 --> 00:01:47,360
to interpretation-driven execution,

44
00:01:47,360 --> 00:01:49,160
that distinction matters.

45
00:01:49,160 --> 00:01:51,320
In deterministic SaaS, the workflow is defined

46
00:01:51,320 --> 00:01:52,440
at design time.

47
00:01:52,440 --> 00:01:55,200
Someone models a process, writes a flow, builds a form,

48
00:01:55,200 --> 00:01:57,040
configures a connector, assigns a role.

49
00:01:57,040 --> 00:01:58,320
When a user clicks the button,

50
00:01:58,320 --> 00:02:01,080
the system executes the path you already defined.

51
00:02:01,080 --> 00:02:03,080
You can be wrong, but you're wrong in a stable way.

52
00:02:03,080 --> 00:02:06,360
In agentic systems, the workflow is assembled at runtime.

53
00:02:06,360 --> 00:02:07,720
The system doesn't just execute,

54
00:02:07,720 --> 00:02:10,640
it decides what to execute based on intent, context,

55
00:02:10,640 --> 00:02:13,160
tool availability, and whatever memory you're grounding,

56
00:02:13,160 --> 00:02:14,320
you've allowed it to access.

57
00:02:14,320 --> 00:02:17,320
It chooses a path, it chooses a tool, it chooses a source.

58
00:02:17,320 --> 00:02:19,320
And if you think that choice is just the model,

59
00:02:19,320 --> 00:02:20,400
you miss the point.

60
00:02:20,400 --> 00:02:22,520
The choice is the product of an orchestration stack,

61
00:02:22,520 --> 00:02:25,440
prompts, policies, plug-ins, connectors, permissions,

62
00:02:25,440 --> 00:02:27,840
retrieval, ranking, and the user's environment.

63
00:02:27,840 --> 00:02:29,480
That stack becomes your new runtime.

64
00:02:29,480 --> 00:02:31,920
So when leaders ask for the co-pilot rollout plan,

65
00:02:31,920 --> 00:02:34,480
what they're actually asking without realizing it is,

66
00:02:34,480 --> 00:02:36,880
how do we deploy a distributed decision engine

67
00:02:36,880 --> 00:02:38,720
into our organization without changing

68
00:02:38,720 --> 00:02:40,560
how we control decisions?

69
00:02:40,560 --> 00:02:42,960
They're asking for a plan that preserves the old contract,

70
00:02:42,960 --> 00:02:43,920
user to app.

71
00:02:43,920 --> 00:02:45,960
User to app is the SaaS era contract.

72
00:02:45,960 --> 00:02:47,960
The user initiates the app executes.

73
00:02:47,960 --> 00:02:50,600
Identity and access management is built around that.

74
00:02:50,600 --> 00:02:53,000
A human principle signs in, gets a token,

75
00:02:53,000 --> 00:02:55,120
performs an action inside a bounded app surface.

76
00:02:55,120 --> 00:02:57,440
The blast radius is mostly the app plus the permissions

77
00:02:57,440 --> 00:02:58,240
you granted.

78
00:02:58,240 --> 00:03:00,080
Post-SaaS breaks that contract.

79
00:03:00,080 --> 00:03:02,480
The new contract is intent to orchestration.

80
00:03:02,480 --> 00:03:04,800
The user expresses intent, the orchestration layer

81
00:03:04,800 --> 00:03:07,800
interprets it and then delegates execution across tools,

82
00:03:07,800 --> 00:03:09,960
sometimes across multiple tools.

83
00:03:09,960 --> 00:03:11,840
Using authorities that are often broader

84
00:03:11,840 --> 00:03:13,480
than the user understands.

85
00:03:13,480 --> 00:03:15,560
The user doesn't use SharePoint.

86
00:03:15,560 --> 00:03:18,280
The user expresses, find the doc, summarize it,

87
00:03:18,280 --> 00:03:20,920
send the action items, and the orchestration layer

88
00:03:20,920 --> 00:03:23,440
touches SharePoint Outlook teams.

89
00:03:23,440 --> 00:03:25,760
Maybe a power automate flow, maybe a connector,

90
00:03:25,760 --> 00:03:27,000
maybe an external system.

91
00:03:27,000 --> 00:03:28,080
That's not user to app.

92
00:03:28,080 --> 00:03:31,000
That's intent to tool chain, and it's not optional.

93
00:03:31,000 --> 00:03:32,320
This is the uncomfortable truth.

94
00:03:32,320 --> 00:03:34,840
Once you introduce agents, you are no longer running

95
00:03:34,840 --> 00:03:36,600
a set of SaaS services.

96
00:03:36,600 --> 00:03:38,480
You are running an orchestration fabric.

97
00:03:38,480 --> 00:03:41,480
The SaaS services become tool endpoints inside that fabric.

98
00:03:41,480 --> 00:03:43,760
The UI becomes a conversational interface,

99
00:03:43,760 --> 00:03:46,080
and the workflow becomes a probabilistic plan

100
00:03:46,080 --> 00:03:47,240
assembled on demand.

101
00:03:47,240 --> 00:03:49,000
This is why so many organizations feel

102
00:03:49,000 --> 00:03:51,520
like they're making progress, but their architecture feels

103
00:03:51,520 --> 00:03:52,880
less stable every quarter.

104
00:03:52,880 --> 00:03:55,560
They treat AI like an ad on, but it behaves like

105
00:03:55,560 --> 00:03:57,120
an operating model shift.

106
00:03:57,120 --> 00:03:59,120
They stand up adoption training and call it done,

107
00:03:59,120 --> 00:04:01,800
but the system changes where decisions get made.

108
00:04:01,800 --> 00:04:03,520
They add a few guardrails, but guardrails

109
00:04:03,520 --> 00:04:04,880
don't define contracts.

110
00:04:04,880 --> 00:04:07,920
They create approved prompts, but prompts are not controls.

111
00:04:07,920 --> 00:04:11,440
They are suggestions to a reasoning system that is optimized

112
00:04:11,440 --> 00:04:13,360
to be helpful, not obedient.

113
00:04:13,360 --> 00:04:14,640
Here's what most people miss.

114
00:04:14,640 --> 00:04:17,200
The real scaling event isn't that more people will use

115
00:04:17,200 --> 00:04:18,000
co-pilot.

116
00:04:18,000 --> 00:04:20,040
The real scaling event is that you're introducing

117
00:04:20,040 --> 00:04:22,880
non-human actors, agents that will perform actions,

118
00:04:22,880 --> 00:04:24,600
chain actions, and delegate actions,

119
00:04:24,600 --> 00:04:27,040
and those actions will be shaped by a constantly changing

120
00:04:27,040 --> 00:04:27,880
environment.

121
00:04:27,880 --> 00:04:30,480
New connectors, updated models, revised prompts,

122
00:04:30,480 --> 00:04:32,880
shifting data quality, changing permissions,

123
00:04:32,880 --> 00:04:34,800
and drift in the information estate.

124
00:04:34,800 --> 00:04:37,280
That means your system can have the same configuration

125
00:04:37,280 --> 00:04:39,560
and still produce different outcomes week to week.

126
00:04:39,560 --> 00:04:40,600
That's not a bug.

127
00:04:40,600 --> 00:04:42,480
That's probabilistic execution.

128
00:04:42,480 --> 00:04:44,680
So the foundational misunderstanding is simple.

129
00:04:44,680 --> 00:04:46,720
If you approach AI as a feature,

130
00:04:46,720 --> 00:04:50,480
you'll keep applying SAS era controls to a post-SAS runtime.

131
00:04:50,480 --> 00:04:52,280
You'll measure adoption, not behavior.

132
00:04:52,280 --> 00:04:54,720
You'll inventory licenses, not decision pathways.

133
00:04:54,720 --> 00:04:56,280
You'll ask, is it enabled?

134
00:04:56,280 --> 00:04:57,600
Not is it legible?

135
00:04:57,600 --> 00:04:58,920
And the consequence is predictable.

136
00:04:58,920 --> 00:05:00,400
You won't get simplification.

137
00:05:00,400 --> 00:05:02,680
You'll get acceleration, and the architecture

138
00:05:02,680 --> 00:05:04,040
won't visibly collapse.

139
00:05:04,040 --> 00:05:05,600
It'll just stop matching reality.

140
00:05:05,600 --> 00:05:07,880
Now define what post-SAS actually means

141
00:05:07,880 --> 00:05:10,240
without the futurist nonsense.

142
00:05:10,240 --> 00:05:13,280
What post-SAS actually means in enterprise architecture.

143
00:05:13,280 --> 00:05:15,360
Post-SAS doesn't mean SAS is dead.

144
00:05:15,360 --> 00:05:18,480
It means SAS stopped being the place where work completes.

145
00:05:18,480 --> 00:05:20,720
In the SAS era, enterprise architecture

146
00:05:20,720 --> 00:05:23,760
leaned on a stable contract, a user interface,

147
00:05:23,760 --> 00:05:27,280
an API surface, and predictable state transitions.

148
00:05:27,280 --> 00:05:29,960
You could argue about quality, uptime, licensing,

149
00:05:29,960 --> 00:05:32,600
or integration pain, but the shape of the system

150
00:05:32,600 --> 00:05:33,440
was consistent.

151
00:05:33,440 --> 00:05:36,800
A request came in, the platform executed a defined operation,

152
00:05:36,800 --> 00:05:38,640
and a record-changed state operators

153
00:05:38,640 --> 00:05:40,480
could observe it, architects could bound it,

154
00:05:40,480 --> 00:05:41,560
auditors could test it.

155
00:05:41,560 --> 00:05:43,960
That contract is what made service ownership work.

156
00:05:43,960 --> 00:05:47,920
Teams owned exchange, SharePoint, Teams, Dynamics, whatever.

157
00:05:47,920 --> 00:05:49,720
Because the workload boundary roughly matched

158
00:05:49,720 --> 00:05:51,000
where execution happened.

159
00:05:51,000 --> 00:05:52,960
When something went wrong, you knew where to look.

160
00:05:52,960 --> 00:05:54,960
It might take time, but the system

161
00:05:54,960 --> 00:05:57,880
gave you a finite set of places to interrogate.

162
00:05:57,880 --> 00:06:01,360
Logs, policies, permissions, connectors, runbooks.

163
00:06:01,360 --> 00:06:04,520
Post-SAS is what happens when you add a probabilistic overlay

164
00:06:04,520 --> 00:06:06,080
that sits above those contracts

165
00:06:06,080 --> 00:06:09,800
and starts interpreting intent instead of executing commands.

166
00:06:09,800 --> 00:06:12,760
That overlay has four parts that matter architecturally.

167
00:06:12,760 --> 00:06:15,680
Prompts, tools, memory, and delegation.

168
00:06:15,680 --> 00:06:17,320
Prompts are not user input.

169
00:06:17,320 --> 00:06:18,480
They're runtime policy.

170
00:06:18,480 --> 00:06:19,360
They shape behavior.

171
00:06:19,360 --> 00:06:21,240
They constrain scope, and they change faster

172
00:06:21,240 --> 00:06:23,240
than change management can track.

173
00:06:23,240 --> 00:06:24,960
Tools are not integrations.

174
00:06:24,960 --> 00:06:26,880
They're executable capabilities.

175
00:06:26,880 --> 00:06:30,480
Connectors, plugins, graph calls, flows, APIs.

176
00:06:30,480 --> 00:06:32,040
Memory isn't just chat history.

177
00:06:32,040 --> 00:06:35,040
It's what the system can remember, retrieve, and treat

178
00:06:35,040 --> 00:06:38,800
as context across sessions, across users, across time.

179
00:06:38,800 --> 00:06:40,880
Delegation is the quiet multiplier.

180
00:06:40,880 --> 00:06:43,880
One agent hands work to another agent, which calls another tool,

181
00:06:43,880 --> 00:06:45,280
which triggers another workflow.

182
00:06:45,280 --> 00:06:48,840
So the system, you thought, was Microsoft 365 plus some

183
00:06:48,840 --> 00:06:51,600
automations becomes a distributed orchestration

184
00:06:51,600 --> 00:06:54,360
fabric that assembles execution parts on demand.

185
00:06:54,360 --> 00:06:55,640
Here's where the contract breaks.

186
00:06:55,640 --> 00:06:57,760
In SAS, the boundary lives at the API.

187
00:06:57,760 --> 00:06:59,840
If the API call happened, you can trace it.

188
00:06:59,840 --> 00:07:02,200
If a permission allowed it, you can justify it.

189
00:07:02,200 --> 00:07:04,360
If an audit log recorded it, you can defend it.

190
00:07:04,360 --> 00:07:06,160
The system is still deterministic enough

191
00:07:06,160 --> 00:07:08,640
that what happened and why it happened are linked.

192
00:07:08,640 --> 00:07:11,280
In post-SARS, interpretation replaces execution

193
00:07:11,280 --> 00:07:12,960
as the dominant mechanism.

194
00:07:12,960 --> 00:07:14,800
The agent doesn't just call create event.

195
00:07:14,800 --> 00:07:18,040
It decides whether the user meant schedule, draft,

196
00:07:18,040 --> 00:07:21,760
delegate, or summarize, then chooses which tools to invoke

197
00:07:21,760 --> 00:07:25,120
in what order, with what parameters, based on context,

198
00:07:25,120 --> 00:07:27,320
that is not visible to the user, and often not

199
00:07:27,320 --> 00:07:28,960
visible to the operator.

200
00:07:28,960 --> 00:07:30,720
The output looks like a single experience.

201
00:07:30,720 --> 00:07:32,240
The reality is a tool chain.

202
00:07:32,240 --> 00:07:34,680
That distinction matters because architecture

203
00:07:34,680 --> 00:07:37,040
is fundamentally about controlling side effects.

204
00:07:37,040 --> 00:07:40,360
In deterministic systems, side effects come from explicit calls.

205
00:07:40,360 --> 00:07:42,160
In probabilistic systems, side effects

206
00:07:42,160 --> 00:07:43,400
come from implicit plans.

207
00:07:43,400 --> 00:07:46,360
And you don't control implicit plans with documentation.

208
00:07:46,360 --> 00:07:48,520
You control them with contracts and boundaries.

209
00:07:48,520 --> 00:07:50,720
The orchestration layer can't casually step over.

210
00:07:50,720 --> 00:07:53,400
This is why more automation is the wrong frame.

211
00:07:53,400 --> 00:07:56,000
Automation assumes you're codifying a known sequence.

212
00:07:56,000 --> 00:07:58,120
You design it, you test it, you deploy it.

213
00:07:58,120 --> 00:08:00,960
If it breaks, it breaks in the same place until you fix it.

214
00:08:00,960 --> 00:08:03,120
Post-sass systems don't just run sequences.

215
00:08:03,120 --> 00:08:04,120
They synthesize them.

216
00:08:04,120 --> 00:08:06,040
Two users ask the same thing.

217
00:08:06,040 --> 00:08:07,960
And the system takes two different paths

218
00:08:07,960 --> 00:08:10,000
because context differs, tool availability

219
00:08:10,000 --> 00:08:13,240
differs, permissions differ, or the model selection differs.

220
00:08:13,240 --> 00:08:14,840
You get different execution, not because you

221
00:08:14,840 --> 00:08:16,960
change configuration, but because the runtime

222
00:08:16,960 --> 00:08:18,560
interpreted the intent differently.

223
00:08:18,560 --> 00:08:20,440
So Post-sass is a new control surface.

224
00:08:20,440 --> 00:08:23,080
The control plane is no longer only policies, roles,

225
00:08:23,080 --> 00:08:25,480
and settings inside each SAS workload.

226
00:08:25,480 --> 00:08:26,960
It becomes the orchestration layer.

227
00:08:26,960 --> 00:08:28,080
What tools exist?

228
00:08:28,080 --> 00:08:31,280
Who can use them? How identity is represented to tools?

229
00:08:31,280 --> 00:08:33,840
What context is allowed? How memory persists?

230
00:08:33,840 --> 00:08:35,680
How delegation is constrained?

231
00:08:35,680 --> 00:08:38,360
And what gets logged in a way humans can reconstruct?

232
00:08:38,360 --> 00:08:39,320
And it's not theoretical.

233
00:08:39,320 --> 00:08:41,160
Microsoft is building toward this with agent

234
00:08:41,160 --> 00:08:44,680
runtimes across M365, agent building in Copilot Studio,

235
00:08:44,680 --> 00:08:47,120
and orchestration stacks in Azure AI Foundry.

236
00:08:47,120 --> 00:08:48,040
The details change.

237
00:08:48,040 --> 00:08:49,840
The architectural behavior does not.

238
00:08:49,840 --> 00:08:53,080
Once an enterprise allows intent to orchestration at scale,

239
00:08:53,080 --> 00:08:56,000
the architecture stops being a diagram of apps and services.

240
00:08:56,000 --> 00:08:57,960
It becomes a graph of decision pathways

241
00:08:57,960 --> 00:09:00,280
and if you don't model that graph explicitly,

242
00:09:00,280 --> 00:09:02,120
you don't have a Post-sass strategy.

243
00:09:02,120 --> 00:09:04,040
You have a collection of probabilistic behaviors

244
00:09:04,040 --> 00:09:06,840
that only look coherent because the UI hides the wiring.

245
00:09:06,840 --> 00:09:08,880
Now the paradox, the more intelligence you add,

246
00:09:08,880 --> 00:09:11,040
the faster that wiring fragments.

247
00:09:11,040 --> 00:09:12,400
The Post-sass paradox.

248
00:09:12,400 --> 00:09:14,720
Intelligence accelerates fragmentation.

249
00:09:14,720 --> 00:09:16,880
The promise of agents is consolidation.

250
00:09:16,880 --> 00:09:19,440
One interface, one copilot, one place to ask,

251
00:09:19,440 --> 00:09:20,800
handle this and have the platform

252
00:09:20,800 --> 00:09:23,240
stitch the work together across SharePoint teams,

253
00:09:23,240 --> 00:09:26,240
Outlook, Power Platform, and whatever else you connected.

254
00:09:26,240 --> 00:09:28,880
Leadership hears that and thinks, fewer apps,

255
00:09:28,880 --> 00:09:30,720
fewer processes, fewer tickets,

256
00:09:30,720 --> 00:09:33,000
fewer people needed to babysit the mess.

257
00:09:33,000 --> 00:09:34,440
They're not wrong about the intent.

258
00:09:34,440 --> 00:09:36,400
They're wrong about the system behavior

259
00:09:36,400 --> 00:09:38,440
because intelligence doesn't remove complexity.

260
00:09:38,440 --> 00:09:41,000
It redistributes it and when you redistribute complexity

261
00:09:41,000 --> 00:09:44,040
into runtime decisions, fragmentation stops being an accident.

262
00:09:44,040 --> 00:09:45,680
It becomes the default outcome.

263
00:09:45,680 --> 00:09:47,240
Here's what most people miss.

264
00:09:47,240 --> 00:09:49,640
SAS era fragmentation was mostly structural.

265
00:09:49,640 --> 00:09:51,960
Too many apps, too many sites, too many teams,

266
00:09:51,960 --> 00:09:52,760
too many connectors.

267
00:09:52,760 --> 00:09:54,600
You could see it, you could inventory it.

268
00:09:54,600 --> 00:09:56,240
You could produce a depressing spreadsheet

269
00:09:56,240 --> 00:09:58,200
and pretend that was control.

270
00:09:58,200 --> 00:10:00,640
Agent-era fragmentation is behavioral.

271
00:10:00,640 --> 00:10:03,480
And behavior fragments faster than configuration ever did.

272
00:10:03,480 --> 00:10:04,320
Why?

273
00:10:04,320 --> 00:10:05,600
Because every team optimizes locally.

274
00:10:05,600 --> 00:10:06,280
Always.

275
00:10:06,280 --> 00:10:09,120
Sales tunes copilot prompts for pipeline updates.

276
00:10:09,120 --> 00:10:11,040
Legal tunes it for contract analysis.

277
00:10:11,040 --> 00:10:12,840
Finance tunes it for reconciliation.

278
00:10:12,840 --> 00:10:14,720
HR tunes it for onboarding.

279
00:10:14,720 --> 00:10:16,560
Each group adds just one more plug-in,

280
00:10:16,560 --> 00:10:18,760
just one more connector, just one more exception,

281
00:10:18,760 --> 00:10:21,840
until the orchestration layer stops representing an enterprise

282
00:10:21,840 --> 00:10:25,960
and starts representing a set of departments with incompatible assumptions.

283
00:10:25,960 --> 00:10:28,440
Local optimization creates global incoherence.

284
00:10:28,440 --> 00:10:29,320
That's the paradox.

285
00:10:29,320 --> 00:10:32,080
The more useful the agent becomes for each team,

286
00:10:32,080 --> 00:10:34,560
the less consistent the overall system becomes.

287
00:10:34,560 --> 00:10:36,640
And it doesn't look like fragmentation in the UI.

288
00:10:36,640 --> 00:10:38,160
It looks like copilot working.

289
00:10:38,160 --> 00:10:40,520
Until someone crosses a boundary and discovers the agent

290
00:10:40,520 --> 00:10:42,160
they thought was a shared capability,

291
00:10:42,160 --> 00:10:45,360
is actually a dozen different runtimes with a dozen different toolchains.

292
00:10:45,360 --> 00:10:48,160
This is where standardization becomes an endless chase.

293
00:10:48,160 --> 00:10:50,160
Organizations respond the same way they always do.

294
00:10:50,160 --> 00:10:51,080
They write guidance.

295
00:10:51,080 --> 00:10:52,400
They publish a prompt library.

296
00:10:52,400 --> 00:10:54,240
They declare approved plug-ins.

297
00:10:54,240 --> 00:10:55,680
They create a governance page.

298
00:10:55,680 --> 00:10:57,040
They schedule a quarterly review.

299
00:10:57,040 --> 00:10:58,840
And then the system keeps drifting anyway

300
00:10:58,840 --> 00:11:01,600
because the drift isn't coming from a missing policy document.

301
00:11:01,600 --> 00:11:03,240
It's coming from the runtime itself.

302
00:11:03,240 --> 00:11:06,160
A model update changes tool selection patterns.

303
00:11:06,160 --> 00:11:09,240
A connector update changes what data is reachable.

304
00:11:09,240 --> 00:11:12,000
A new team's feature changes the context surface.

305
00:11:12,000 --> 00:11:15,040
A user discovers a better phrasing and shares it in a chat.

306
00:11:15,040 --> 00:11:17,440
A maker copies a flow and tweaks one step.

307
00:11:17,440 --> 00:11:19,880
Nothing big changed, but outcomes diverged.

308
00:11:19,880 --> 00:11:21,560
That's not configuration drift.

309
00:11:21,560 --> 00:11:23,000
That's behavior drift.

310
00:11:23,000 --> 00:11:25,440
And behavior drift beats configuration drift

311
00:11:25,440 --> 00:11:27,880
because you can't differ the way you diff settings.

312
00:11:27,880 --> 00:11:30,320
You can't audit it the way you audit roles.

313
00:11:30,320 --> 00:11:33,280
You can't test it once and assume stability for six months.

314
00:11:33,280 --> 00:11:35,920
The system makes new decisions every time it runs.

315
00:11:35,920 --> 00:11:38,040
So the paradox becomes operationally visible

316
00:11:38,040 --> 00:11:39,480
in a very specific way.

317
00:11:39,480 --> 00:11:42,880
Incidents shift from the system is down to the system behaved wrong.

318
00:11:42,880 --> 00:11:44,160
Nobody gets an outage banner.

319
00:11:44,160 --> 00:11:45,000
Nothing is throttled.

320
00:11:45,000 --> 00:11:46,840
The service health page is green.

321
00:11:46,840 --> 00:11:49,320
But a team swears copilot used to

322
00:11:49,320 --> 00:11:52,280
find the right policy doc and now it cites the wrong one.

323
00:11:52,280 --> 00:11:55,040
Or an agent used to summarize a meeting accurately

324
00:11:55,040 --> 00:11:57,520
and now it pulls in irrelevant context.

325
00:11:57,520 --> 00:11:59,280
Or a flow used to create one record

326
00:11:59,280 --> 00:12:00,880
and now it creates duplicates.

327
00:12:00,880 --> 00:12:03,800
Or the agent helpfully emailed a draft

328
00:12:03,800 --> 00:12:05,200
to the wrong distribution list

329
00:12:05,200 --> 00:12:07,400
because the runtime chose a different toolpath

330
00:12:07,400 --> 00:12:08,080
than last week.

331
00:12:08,080 --> 00:12:09,480
That's a different class of failure.

332
00:12:09,480 --> 00:12:11,640
And it's worse for leaders because it turns control

333
00:12:11,640 --> 00:12:12,560
into probability.

334
00:12:12,560 --> 00:12:13,880
The platform isn't broken.

335
00:12:13,880 --> 00:12:15,960
Your assumptions are.

336
00:12:15,960 --> 00:12:17,920
This might seem backwards, but the more intelligence

337
00:12:17,920 --> 00:12:20,520
you add, the more you multiply the number of possible execution

338
00:12:20,520 --> 00:12:21,320
paths.

339
00:12:21,320 --> 00:12:23,880
Every tool you attach is another branch in the decision graph.

340
00:12:23,880 --> 00:12:25,640
Every memory source is another influence.

341
00:12:25,640 --> 00:12:28,560
Every delegated agent is another interpreter.

342
00:12:28,560 --> 00:12:32,120
The system becomes a branching tree of could do options.

343
00:12:32,120 --> 00:12:34,880
And you no longer control which branch gets taken

344
00:12:34,880 --> 00:12:36,680
by setting a policy in one admin center.

345
00:12:36,680 --> 00:12:38,200
You control it by designing boundaries

346
00:12:38,200 --> 00:12:39,560
the runtime can't violate.

347
00:12:39,560 --> 00:12:42,920
Without those boundaries, standardization becomes theater.

348
00:12:42,920 --> 00:12:44,720
You will be rolling out copilot forever

349
00:12:44,720 --> 00:12:47,480
because every new use case creates a new local optimum.

350
00:12:47,480 --> 00:12:50,280
Every local optimum becomes another divergence.

351
00:12:50,280 --> 00:12:52,920
And over time, the enterprise stops having an architecture.

352
00:12:52,920 --> 00:12:55,200
It has a collection of probabilistic behaviors

353
00:12:55,200 --> 00:12:56,360
that sometimes align.

354
00:12:56,360 --> 00:12:58,640
The real enemy isn't that teams move too fast.

355
00:12:58,640 --> 00:13:00,520
The real enemy is that nobody defined

356
00:13:00,520 --> 00:13:02,480
what must remain deterministic.

357
00:13:02,480 --> 00:13:04,400
So intelligence accelerates fragmentation

358
00:13:04,400 --> 00:13:06,720
because it turns execution into choice.

359
00:13:06,720 --> 00:13:09,680
And choice always follows incentives, not diagrams.

360
00:13:09,680 --> 00:13:12,720
And incentives are local.

361
00:13:12,720 --> 00:13:14,360
Now name the thing that's actually happening.

362
00:13:14,360 --> 00:13:17,680
Not disorder, not sprawl, not governance gaps.

363
00:13:17,680 --> 00:13:18,600
Entropy.

364
00:13:18,600 --> 00:13:22,280
Architectural entropy, not disorder, but unmanaged decision pathways.

365
00:13:22,280 --> 00:13:26,160
Entropy gets used like an insult, like it means messy, uncontrolled.

366
00:13:26,160 --> 00:13:27,800
People aren't following the process.

367
00:13:27,800 --> 00:13:28,800
That's not what's happening.

368
00:13:28,800 --> 00:13:30,600
Architectural entropy is not disorder.

369
00:13:30,600 --> 00:13:33,480
It's the accumulation of unmanaged decision pathways

370
00:13:33,480 --> 00:13:35,360
that produce side effects you didn't model,

371
00:13:35,360 --> 00:13:38,400
didn't approve and can't reliably trace after the fact.

372
00:13:38,400 --> 00:13:41,400
In the SAS era, the dominant pathways were predictable.

373
00:13:41,400 --> 00:13:42,720
A user clicked in the UI.

374
00:13:42,720 --> 00:13:43,920
An API call executed.

375
00:13:43,920 --> 00:13:46,920
A record change state, you could argue about who should have had access

376
00:13:46,920 --> 00:13:48,680
or whether the process was designed well,

377
00:13:48,680 --> 00:13:50,480
but the pathway itself was visible.

378
00:13:50,480 --> 00:13:52,840
It left a trail you could follow because the system ran

379
00:13:52,840 --> 00:13:54,000
what you configured.

380
00:13:54,000 --> 00:13:57,160
In post-SARS, systems, pathways multiply at runtime.

381
00:13:57,160 --> 00:14:00,200
An agent interprets intent, selects tools, pulls context,

382
00:14:00,200 --> 00:14:02,880
chooses an action sequence, and sometimes delegates.

383
00:14:02,880 --> 00:14:06,360
That creates a decision graph that is wider than your documentation

384
00:14:06,360 --> 00:14:08,040
and faster than your review cycles.

385
00:14:08,040 --> 00:14:10,400
And every time you add one more connector, one more plug-in,

386
00:14:10,400 --> 00:14:11,640
one more helpful automation,

387
00:14:11,640 --> 00:14:13,400
you add branches to that graph.

388
00:14:13,400 --> 00:14:16,840
That's entropy, more branches, more side effects, less certainty.

389
00:14:16,840 --> 00:14:18,200
Here's the uncomfortable truth.

390
00:14:18,200 --> 00:14:20,600
Most organizations are still trying to manage entropy

391
00:14:20,600 --> 00:14:22,000
like its configuration drift.

392
00:14:22,000 --> 00:14:23,600
They look for the settings that changed.

393
00:14:23,600 --> 00:14:25,080
They hunt for the toggle that flipped.

394
00:14:25,080 --> 00:14:26,840
They ask who modified the policy.

395
00:14:26,840 --> 00:14:28,120
And sometimes that's valid.

396
00:14:28,120 --> 00:14:30,480
But the new failure mode isn't a setting changing.

397
00:14:30,480 --> 00:14:32,080
It's a pathway becoming possible.

398
00:14:32,080 --> 00:14:34,680
Once a pathway exists, it will eventually be used,

399
00:14:34,680 --> 00:14:36,640
not maliciously, not even intentionally,

400
00:14:36,640 --> 00:14:39,200
just because the system optimizes for completion

401
00:14:39,200 --> 00:14:41,920
and humans optimize for it worked once.

402
00:14:41,920 --> 00:14:42,920
So ship it.

403
00:14:42,920 --> 00:14:44,520
Those pathways accumulate.

404
00:14:44,520 --> 00:14:46,600
And they don't show up in your architecture diagrams

405
00:14:46,600 --> 00:14:48,720
because diagrams describe designed flows.

406
00:14:48,720 --> 00:14:50,360
Agents create executed flows.

407
00:14:50,360 --> 00:14:51,880
That distinction matters.

408
00:14:51,880 --> 00:14:54,200
Deterministic systems fail like machines.

409
00:14:54,200 --> 00:14:56,560
They fail loudly, outages, errors, timeouts,

410
00:14:56,560 --> 00:14:57,560
authentication breaks.

411
00:14:57,560 --> 00:14:59,800
You get MTTR because you can point at a component

412
00:14:59,800 --> 00:15:01,440
and say this thing failed.

413
00:15:01,440 --> 00:15:03,520
Probabilistic systems fail like organizations.

414
00:15:03,520 --> 00:15:05,120
They fail ambiguously.

415
00:15:05,120 --> 00:15:07,200
Nothing is down, but the outcome is wrong.

416
00:15:07,200 --> 00:15:08,360
The system did something.

417
00:15:08,360 --> 00:15:10,360
And now you're arguing about whether it was a bug,

418
00:15:10,360 --> 00:15:12,000
a misinterpretation of permissions edge,

419
00:15:12,000 --> 00:15:13,880
a context issue, or a prompt drift problem.

420
00:15:13,880 --> 00:15:15,720
That's not MTTR. That's a debate.

421
00:15:15,720 --> 00:15:16,920
And the debate is the cost.

422
00:15:16,920 --> 00:15:19,960
This is why exceptions are entropy generators.

423
00:15:19,960 --> 00:15:22,640
In the SAS era, exceptions were already dangerous,

424
00:15:22,640 --> 00:15:24,200
but they were usually bounded.

425
00:15:24,200 --> 00:15:26,920
A specific mailbox gets a transport rule exception.

426
00:15:26,920 --> 00:15:29,360
A specific group gets an access exception.

427
00:15:29,360 --> 00:15:32,040
A specific site gets an external sharing exception.

428
00:15:32,040 --> 00:15:34,000
It's bad, but at least it's a stable bad.

429
00:15:34,000 --> 00:15:36,640
In the agent era, exceptions don't stay local.

430
00:15:36,640 --> 00:15:38,720
A, just this one's connector approval

431
00:15:38,720 --> 00:15:40,360
becomes a reusable capability.

432
00:15:40,360 --> 00:15:43,000
A temporary graph permission becomes a new normal.

433
00:15:43,000 --> 00:15:45,000
A prompt tweak becomes a copy template.

434
00:15:45,000 --> 00:15:46,560
A flow fork becomes a pattern.

435
00:15:46,560 --> 00:15:48,280
An environment created for testing

436
00:15:48,280 --> 00:15:51,200
becomes the place where production runs because it worked.

437
00:15:51,200 --> 00:15:52,320
These aren't accidents.

438
00:15:52,320 --> 00:15:55,480
They're how systems behave when intent is not enforced by design.

439
00:15:55,480 --> 00:15:57,440
So entropy isn't the absence of governance.

440
00:15:57,440 --> 00:16:00,920
It's the absence of boundaries that make your assumptions true.

441
00:16:00,920 --> 00:16:04,320
And the cost shows up in three places, leaders actually feel.

442
00:16:04,320 --> 00:16:06,960
First, change slows down.

443
00:16:06,960 --> 00:16:09,120
Not because teams are lazy, because nobody

444
00:16:09,120 --> 00:16:10,800
knows what a change will break anymore.

445
00:16:10,800 --> 00:16:13,640
When execution is probabilistic and tool chains are implicit,

446
00:16:13,640 --> 00:16:16,520
every change becomes a risk to pathways you didn't know existed.

447
00:16:16,520 --> 00:16:19,000
So teams add reviews, then add more reviews,

448
00:16:19,000 --> 00:16:22,240
then add manual approvals, and eventually velocity collapses--

449
00:16:22,240 --> 00:16:24,200
entropy taxes, speed.

450
00:16:24,200 --> 00:16:26,720
Second, incident ambiguity explodes.

451
00:16:26,720 --> 00:16:28,360
Your best engineers spend their time

452
00:16:28,360 --> 00:16:30,720
reconstructing what the system saw, what it decided,

453
00:16:30,720 --> 00:16:31,520
and what it did.

454
00:16:31,520 --> 00:16:34,000
The work turns into forensic analysis of tool calls,

455
00:16:34,000 --> 00:16:36,720
context selection, memory retrieval, and delegation chains.

456
00:16:36,720 --> 00:16:38,320
You're not fixing a broken server.

457
00:16:38,320 --> 00:16:39,640
You're reconstructing a decision.

458
00:16:39,640 --> 00:16:42,040
Third, invisible dependencies multiply.

459
00:16:42,040 --> 00:16:45,520
In deterministic SAS, dependencies are mostly explicit.

460
00:16:45,520 --> 00:16:48,720
This app calls that API, this workflow triggers that service.

461
00:16:48,720 --> 00:16:50,960
In post-SAS, dependencies become conditional.

462
00:16:50,960 --> 00:16:54,280
The agent might call this tool if it interprets the request that way,

463
00:16:54,280 --> 00:16:55,000
but it might not.

464
00:16:55,000 --> 00:16:57,720
So you can't map dependencies as a static graph.

465
00:16:57,720 --> 00:16:59,240
You inherit a probabilistic one.

466
00:16:59,240 --> 00:17:01,880
And that is exactly how architectural erosion happens,

467
00:17:01,880 --> 00:17:03,600
not with a single catastrophic failure,

468
00:17:03,600 --> 00:17:05,960
with a thousand small pathways nobody owned.

469
00:17:05,960 --> 00:17:08,080
So when people say AI is making things messy,

470
00:17:08,080 --> 00:17:09,480
the correction is simple.

471
00:17:09,480 --> 00:17:11,600
AI is making decision pathways cheap,

472
00:17:11,600 --> 00:17:13,320
and anything cheap gets overproduced.

473
00:17:13,320 --> 00:17:15,400
The fix doesn't start with a new admin center.

474
00:17:15,400 --> 00:17:17,280
It starts with making those pathways measurable

475
00:17:17,280 --> 00:17:19,160
because what can't be measured will be explained away

476
00:17:19,160 --> 00:17:22,560
as user error until it becomes systemic.

477
00:17:22,560 --> 00:17:25,320
The next section is the metric leaders keep ignoring.

478
00:17:25,320 --> 00:17:27,040
Mean time to explain.

479
00:17:27,040 --> 00:17:28,360
The metric leaders ignore.

480
00:17:28,360 --> 00:17:32,720
Mean time to explain MTTR is the metric everyone knows

481
00:17:32,720 --> 00:17:35,840
because MTTR fits deterministic failure, something breaks,

482
00:17:35,840 --> 00:17:38,000
you identify the component, you restore service,

483
00:17:38,000 --> 00:17:39,040
you close the ticket.

484
00:17:39,040 --> 00:17:42,200
MTTR assumes the question is how fast can we fix it?

485
00:17:42,200 --> 00:17:44,720
Because the system already told you what it is.

486
00:17:44,720 --> 00:17:46,480
Post-SAS breaks that assumption.

487
00:17:46,480 --> 00:17:48,960
The new bottleneck is not fixing, it's explaining.

488
00:17:48,960 --> 00:17:52,600
Mean time to explain.

489
00:17:52,600 --> 00:17:54,640
Is the time it takes your best people to answer

490
00:17:54,640 --> 00:17:56,640
a single, humiliating question?

491
00:17:56,640 --> 00:17:58,000
Why did the system do that?

492
00:17:58,000 --> 00:17:59,120
Not why did it fail?

493
00:17:59,120 --> 00:18:00,520
Why did it behave that way?

494
00:18:00,520 --> 00:18:03,400
MTTR shows up the moment your incident narrative stops being

495
00:18:03,400 --> 00:18:05,200
technical and becomes interpretive.

496
00:18:05,200 --> 00:18:07,600
The service health page is green, authentication works,

497
00:18:07,600 --> 00:18:10,000
no CPU spikes, no obvious outage,

498
00:18:10,000 --> 00:18:12,400
but the output is wrong or inconsistent or risky

499
00:18:12,400 --> 00:18:13,360
or just different.

500
00:18:13,360 --> 00:18:14,800
And now you're not restoring service.

501
00:18:14,800 --> 00:18:17,480
You're reconstructing intent, context, and delegation

502
00:18:17,480 --> 00:18:19,800
across a toolchain that nobody can see in one place.

503
00:18:19,800 --> 00:18:21,600
This is the part executives underestimate

504
00:18:21,600 --> 00:18:24,200
because it looks like software, it isn't.

505
00:18:24,200 --> 00:18:27,440
MTTR is the cost of operating a distributed decision

506
00:18:27,440 --> 00:18:29,400
engine without deterministic boundaries.

507
00:18:29,400 --> 00:18:32,120
And it grows with every new tool, every new connector,

508
00:18:32,120 --> 00:18:35,400
every new prompt variant, and every new small automation

509
00:18:35,400 --> 00:18:37,240
that becomes part of the runtime.

510
00:18:37,240 --> 00:18:38,840
Here's what drives MTT in practice.

511
00:18:38,840 --> 00:18:40,400
First, tool calls.

512
00:18:40,400 --> 00:18:43,520
An agent doesn't just answer, it calls tools, graph,

513
00:18:43,520 --> 00:18:46,360
connectors, flows, external APIs,

514
00:18:46,360 --> 00:18:48,640
sometimes multiple tools in a chain.

515
00:18:48,640 --> 00:18:50,120
If you can't see the tool sequence

516
00:18:50,120 --> 00:18:52,480
and the parameters used, you can't explain the outcome.

517
00:18:52,480 --> 00:18:53,640
You can only guess.

518
00:18:53,640 --> 00:18:55,720
Guessing is not an incident response strategy.

519
00:18:55,720 --> 00:18:56,760
It's a career hazard.

520
00:18:56,760 --> 00:18:58,920
Second, delegated actions.

521
00:18:58,920 --> 00:19:00,800
An agent that delegates to another agent

522
00:19:00,800 --> 00:19:02,640
creates a second decision boundary.

523
00:19:02,640 --> 00:19:04,560
The parent agent made a choice to delegate.

524
00:19:04,560 --> 00:19:06,920
The child agent made a choice about execution.

525
00:19:06,920 --> 00:19:09,120
And now you have at least two sets of instructions,

526
00:19:09,120 --> 00:19:11,520
two context windows, and potentially two different tool

527
00:19:11,520 --> 00:19:12,080
catalogs.

528
00:19:12,080 --> 00:19:14,080
That delegation chain is an entropy multiplier

529
00:19:14,080 --> 00:19:16,000
because it fragments accountability.

530
00:19:16,000 --> 00:19:18,760
Everyone will claim their piece worked as designed

531
00:19:18,760 --> 00:19:21,000
because nobody owns the behavior of the whole.

532
00:19:21,000 --> 00:19:22,960
Third, hidden grounding.

533
00:19:22,960 --> 00:19:26,760
In M365 land, grounding is often whatever the system could see,

534
00:19:26,760 --> 00:19:28,280
which sounds safe until you remember.

535
00:19:28,280 --> 00:19:29,880
Visibility is not intent.

536
00:19:29,880 --> 00:19:32,280
If copilot pulled in a document, a chat thread,

537
00:19:32,280 --> 00:19:34,920
or a meeting transcript, the user didn't expect,

538
00:19:34,920 --> 00:19:37,720
the output can drift without any configuration change.

539
00:19:37,720 --> 00:19:40,040
And when you investigate, you realize your logs can tell

540
00:19:40,040 --> 00:19:42,120
you something accessed SharePoint,

541
00:19:42,120 --> 00:19:44,240
but not what the model selected as relevant

542
00:19:44,240 --> 00:19:46,440
or why it ranked one source above another.

543
00:19:46,440 --> 00:19:47,640
That gap is MTT.

544
00:19:47,640 --> 00:19:49,720
Fourth, prompt and version drift.

545
00:19:49,720 --> 00:19:52,320
In the SAS era, you tracked configuration versions

546
00:19:52,320 --> 00:19:53,640
and release notes.

547
00:19:53,640 --> 00:19:55,720
In the agent era, prompts are runtime logic

548
00:19:55,720 --> 00:19:57,120
and they drift like folk knowledge.

549
00:19:57,120 --> 00:19:58,280
A better prompt gets shared.

550
00:19:58,280 --> 00:20:00,720
Someone forks an agent, a maker tweaks instructions,

551
00:20:00,720 --> 00:20:03,560
a model update shifts how the same prompt is interpreted.

552
00:20:03,560 --> 00:20:05,960
Now, the organization has multiple behavioral versions

553
00:20:05,960 --> 00:20:08,360
of what everyone thinks is the same copilot.

554
00:20:08,360 --> 00:20:10,560
And when something goes wrong, the hardest part

555
00:20:10,560 --> 00:20:12,840
is just finding which version of the instructions

556
00:20:12,840 --> 00:20:13,840
produce the output.

557
00:20:13,840 --> 00:20:17,160
So MTT is not a new KPI for the sake of novelty.

558
00:20:17,160 --> 00:20:20,360
It's the board-relevant risk metric for agentic systems.

559
00:20:20,360 --> 00:20:22,640
Because audits don't care that you have logging.

560
00:20:22,640 --> 00:20:25,080
Audits care that you can explain a decision path.

561
00:20:25,080 --> 00:20:27,120
If your best answer is the model decided,

562
00:20:27,120 --> 00:20:28,520
you don't have auditability.

563
00:20:28,520 --> 00:20:30,720
You have theater with timestamps.

564
00:20:30,720 --> 00:20:34,120
An MTT connects directly to velocity, variety and volume.

565
00:20:34,120 --> 00:20:36,480
The forces that harbored points at, but most leaders treat

566
00:20:36,480 --> 00:20:37,960
like adoption trivia.

567
00:20:37,960 --> 00:20:39,760
Velocity compresses change cycles

568
00:20:39,760 --> 00:20:42,480
until your explanations lag behind reality.

569
00:20:42,480 --> 00:20:45,080
Variety multiplies the number of possible runtimes

570
00:20:45,080 --> 00:20:46,960
that could have produced the behavior.

571
00:20:46,960 --> 00:20:49,920
Volume increases the count of autonomous decisions per day

572
00:20:49,920 --> 00:20:52,120
until we'll look into it becomes the default state

573
00:20:52,120 --> 00:20:52,880
of operations.

574
00:20:52,880 --> 00:20:55,120
This is why MTT matters more than MTTR.

575
00:20:55,120 --> 00:20:58,200
MTTR tells you how fast you can recover a system you understand.

576
00:20:58,200 --> 00:21:01,240
MTT tells you how often you operate a system you don't.

577
00:21:01,240 --> 00:21:03,920
And once MTT crosses a threshold, your architecture

578
00:21:03,920 --> 00:21:05,000
stops scaling.

579
00:21:05,000 --> 00:21:07,880
Not because compute is expensive, but because explanation is.

580
00:21:07,880 --> 00:21:10,040
At that point, you can still deploy more agents.

581
00:21:10,040 --> 00:21:11,160
The platform will let you.

582
00:21:11,160 --> 00:21:13,000
You just won't be able to defend what they did

583
00:21:13,000 --> 00:21:15,400
or prove why they did it or predict what they'll do next.

584
00:21:15,400 --> 00:21:17,280
And that's the moment the enterprise realizes

585
00:21:17,280 --> 00:21:18,480
it didn't buy automation.

586
00:21:18,480 --> 00:21:20,040
It bought ambiguity at scale.

587
00:21:20,040 --> 00:21:21,920
Now take that metric and apply it to the first

588
00:21:21,920 --> 00:21:24,920
accelerant velocity because AI compresses change cycles

589
00:21:24,920 --> 00:21:27,120
until governance, review, and even architecture

590
00:21:27,120 --> 00:21:28,240
language can't keep up.

591
00:21:28,240 --> 00:21:31,120
Velocity, AI compresses change cycles until governance

592
00:21:31,120 --> 00:21:32,320
becomes irrelevant.

593
00:21:32,320 --> 00:21:34,320
Velocity is the first accelerant because it attacks

594
00:21:34,320 --> 00:21:37,160
the one thing enterprise IT relies on to stay sane time.

595
00:21:37,160 --> 00:21:38,920
In the SAS era, change had friction.

596
00:21:38,920 --> 00:21:40,600
Product teams shipped monthly.

597
00:21:40,600 --> 00:21:42,400
Enterprises reviewed quarterly.

598
00:21:42,400 --> 00:21:47,000
Security did annual attestations and called it continuous improvement.

599
00:21:47,000 --> 00:21:49,840
Nobody loved that cadence, but it matched reality.

600
00:21:49,840 --> 00:21:52,280
Configuration changed slower than people's ability

601
00:21:52,280 --> 00:21:53,240
to understand it.

602
00:21:53,240 --> 00:21:55,520
AI breaks that, not because it ships faster,

603
00:21:55,520 --> 00:21:56,840
because it behaves faster.

604
00:21:56,840 --> 00:21:59,720
Harbridge frames velocity as the pace of technology change,

605
00:21:59,720 --> 00:22:00,320
and he's right.

606
00:22:00,320 --> 00:22:03,520
But most leaders still translate that into feature velocity,

607
00:22:03,520 --> 00:22:05,960
new buttons in teams, a new co-pilot pain,

608
00:22:05,960 --> 00:22:07,360
a new admin setting.

609
00:22:07,360 --> 00:22:08,120
That's manageable.

610
00:22:08,120 --> 00:22:10,160
Annoying but manageable, agent velocity

611
00:22:10,160 --> 00:22:11,600
is behavioral velocity.

612
00:22:11,600 --> 00:22:14,360
It's how quickly the system's decision patterns shift,

613
00:22:14,360 --> 00:22:16,480
even when you didn't approve a change.

614
00:22:16,480 --> 00:22:19,560
A model update changes how intent is classified.

615
00:22:19,560 --> 00:22:21,840
A retrieval change changes what gets grounded.

616
00:22:21,840 --> 00:22:24,280
A connector change changes what tools are available.

617
00:22:24,280 --> 00:22:27,520
A new prompt pattern goes viral inside one department

618
00:22:27,520 --> 00:22:30,120
and becomes de facto runtime policy by lunchtime.

619
00:22:30,120 --> 00:22:32,280
The system is not waiting for your change window.

620
00:22:32,280 --> 00:22:35,120
It's evolving while you're still writing the risk assessment.

621
00:22:35,120 --> 00:22:36,480
This is the uncomfortable truth.

622
00:22:36,480 --> 00:22:39,240
Your control plane lags behind your execution plane.

623
00:22:39,240 --> 00:22:40,840
And the gap is where entropy grows.

624
00:22:40,840 --> 00:22:43,920
Look at what happens in Microsoft ecosystem specifically.

625
00:22:43,920 --> 00:22:46,480
A co-pilot experience lands in one workload than another.

626
00:22:46,480 --> 00:22:47,560
A preview becomes GA.

627
00:22:47,560 --> 00:22:48,880
A plug-in gets introduced.

628
00:22:48,880 --> 00:22:50,840
A co-pilot studio expands capability.

629
00:22:50,840 --> 00:22:53,320
As your eye foundry adds orchestration features

630
00:22:53,320 --> 00:22:55,920
like connected agents or workflow patterns.

631
00:22:55,920 --> 00:22:58,680
Meanwhile teams are iterating prompts and automations daily

632
00:22:58,680 --> 00:23:00,880
because the cost of iteration is basically zero.

633
00:23:00,880 --> 00:23:03,240
So policy review cadences stop being governance.

634
00:23:03,240 --> 00:23:05,280
They become archeology.

635
00:23:05,280 --> 00:23:07,840
By the time a committee meets to decide whether a connector

636
00:23:07,840 --> 00:23:09,600
is approved, someone already used it,

637
00:23:09,600 --> 00:23:11,920
wrapped it in a flow, embedded it in an agent,

638
00:23:11,920 --> 00:23:14,360
and shipped it as just a productivity helper.

639
00:23:14,360 --> 00:23:15,880
The decision got made at runtime.

640
00:23:15,880 --> 00:23:17,480
After the fact you can argue about it,

641
00:23:17,480 --> 00:23:19,160
the system already executed it.

642
00:23:19,160 --> 00:23:21,120
This is why we'll govern after the pilot

643
00:23:21,120 --> 00:23:23,200
is such a reliable failure pattern.

644
00:23:23,200 --> 00:23:25,800
In deterministic systems, pilots are bounded.

645
00:23:25,800 --> 00:23:28,520
A subset of users, a subset of capabilities,

646
00:23:28,520 --> 00:23:30,080
a stable set of controls.

647
00:23:30,080 --> 00:23:31,920
In agentex systems, pilots leak.

648
00:23:31,920 --> 00:23:33,960
People copy what works, templates spread.

649
00:23:33,960 --> 00:23:35,800
A single agent becomes 24x.

650
00:23:35,800 --> 00:23:38,320
A single good prompt becomes a library of variations.

651
00:23:38,320 --> 00:23:40,680
And because the experience is conversational,

652
00:23:40,680 --> 00:23:42,520
people don't treat it like code.

653
00:23:42,520 --> 00:23:43,600
They treat it like advice.

654
00:23:43,600 --> 00:23:44,720
But it runs like code.

655
00:23:44,720 --> 00:23:47,640
That mismatch is exactly where velocity turns into risk.

656
00:23:47,640 --> 00:23:49,360
And here's the part leaders hate hearing.

657
00:23:49,360 --> 00:23:51,080
Citizen builders are not the problem.

658
00:23:51,080 --> 00:23:52,640
They are the delivery mechanism.

659
00:23:52,640 --> 00:23:55,400
Power platform, co-pilot studio, and reusable templates

660
00:23:55,400 --> 00:23:57,160
are accelerants that compress the time

661
00:23:57,160 --> 00:23:58,720
between intent and execution.

662
00:23:58,720 --> 00:23:59,440
That's the point.

663
00:23:59,440 --> 00:24:01,760
The platform is designed to reduce friction.

664
00:24:01,760 --> 00:24:03,800
And friction is what used to protect the enterprise

665
00:24:03,800 --> 00:24:04,480
from itself.

666
00:24:04,480 --> 00:24:06,280
So when velocity spikes, the enterprise

667
00:24:06,280 --> 00:24:07,400
doesn't just ship more.

668
00:24:07,400 --> 00:24:08,960
It revises reality more often.

669
00:24:08,960 --> 00:24:11,280
And when reality revises faster than architecture

670
00:24:11,280 --> 00:24:14,200
can be explained, M-T-T-E explodes.

671
00:24:14,200 --> 00:24:16,000
Your operators spend their time answering,

672
00:24:16,000 --> 00:24:17,680
why did it do that?

673
00:24:17,680 --> 00:24:21,240
Instead of improving the system, because that keeps changing.

674
00:24:21,240 --> 00:24:23,440
This also changes how security debt behaves.

675
00:24:23,440 --> 00:24:25,920
In the SAS era, security debt was mostly dormant

676
00:24:25,920 --> 00:24:29,360
until something poked it and audit a breach, a migration.

677
00:24:29,360 --> 00:24:32,800
In the agent era, security debt becomes active fuel.

678
00:24:32,800 --> 00:24:35,520
Old oversharing in SharePoint isn't just an ugly legacy

679
00:24:35,520 --> 00:24:36,160
problem.

680
00:24:36,160 --> 00:24:37,920
It becomes immediate model context.

681
00:24:37,920 --> 00:24:39,680
Old guest access isn't just a risk.

682
00:24:39,680 --> 00:24:41,160
It becomes an action pathway.

683
00:24:41,160 --> 00:24:43,040
Old often groups aren't just clutter.

684
00:24:43,040 --> 00:24:45,440
They become permissioned edges an agent can traverse

685
00:24:45,440 --> 00:24:46,520
if it's allowed to.

686
00:24:46,520 --> 00:24:48,000
Velocity doesn't create the debt.

687
00:24:48,000 --> 00:24:49,320
It monetizes it.

688
00:24:49,320 --> 00:24:51,600
And because velocity compresses the feedback loop,

689
00:24:51,600 --> 00:24:54,120
organizations start responding with the wrong tool.

690
00:24:54,120 --> 00:24:56,240
More meetings, more approvals, more checklists,

691
00:24:56,240 --> 00:24:57,280
more governance.

692
00:24:57,280 --> 00:24:58,720
That doesn't slow the runtime.

693
00:24:58,720 --> 00:24:59,800
It just slows the humans.

694
00:24:59,800 --> 00:25:01,200
The system keeps executing.

695
00:25:01,200 --> 00:25:03,560
The organization becomes the bottleneck.

696
00:25:03,560 --> 00:25:06,440
So the practical definition of velocity in post-SAS

697
00:25:06,440 --> 00:25:07,400
is simple.

698
00:25:07,400 --> 00:25:09,280
It's the rate at which behavior changes

699
00:25:09,280 --> 00:25:11,160
relative to your ability to explain it.

700
00:25:11,160 --> 00:25:13,240
Once that ratio breaks, governance becomes

701
00:25:13,240 --> 00:25:15,520
irrelevant in the literal sense, not important,

702
00:25:15,520 --> 00:25:18,360
but unable to influence outcomes before they occur.

703
00:25:18,360 --> 00:25:20,480
And that's why velocity never arrives alone.

704
00:25:20,480 --> 00:25:23,320
It immediately collides with the second accelerant, variety.

705
00:25:23,320 --> 00:25:25,280
Because once the platform can change this fast,

706
00:25:25,280 --> 00:25:27,720
it also changes in more ways than your architecture language

707
00:25:27,720 --> 00:25:29,000
can keep up with.

708
00:25:29,000 --> 00:25:30,000
Variety.

709
00:25:30,000 --> 00:25:32,440
Agent experiences multiply faster than your architecture

710
00:25:32,440 --> 00:25:33,160
language.

711
00:25:33,160 --> 00:25:35,080
Variety is where leaders lose the plot because it

712
00:25:35,080 --> 00:25:36,080
doesn't look like risk.

713
00:25:36,080 --> 00:25:38,840
It looks like options, one copilot experience in teams,

714
00:25:38,840 --> 00:25:40,840
another in outlook, a copilot painting

715
00:25:40,840 --> 00:25:42,920
SharePoint, a declarative agent someone

716
00:25:42,920 --> 00:25:44,680
made in five minutes, a custom engine

717
00:25:44,680 --> 00:25:47,560
agent built by a dev team, a power automate flow

718
00:25:47,560 --> 00:25:51,440
that just calls AI once, a plug-in, a connector, a tool,

719
00:25:51,440 --> 00:25:54,480
a memory store, a retrieval system, a model switch,

720
00:25:54,480 --> 00:25:56,960
all of that feels like the ecosystem getting richer.

721
00:25:56,960 --> 00:26:00,160
Architecturally, it's the ecosystem getting less coherent.

722
00:26:00,160 --> 00:26:02,600
Because variety isn't just more ways to build.

723
00:26:02,600 --> 00:26:05,960
It's more runtimes, more context surfaces, more tool catalogs,

724
00:26:05,960 --> 00:26:08,440
more execution semantics, and every runtime

725
00:26:08,440 --> 00:26:10,120
behaves slightly differently.

726
00:26:10,120 --> 00:26:12,400
Even when the branding is identical and the user thinks

727
00:26:12,400 --> 00:26:16,480
they're talking to copilot, that distinction matters.

728
00:26:16,480 --> 00:26:19,040
In the SAS era, you could build an architecture language

729
00:26:19,040 --> 00:26:20,320
around workloads.

730
00:26:20,320 --> 00:26:21,960
Exchange behaves like exchange.

731
00:26:21,960 --> 00:26:23,600
SharePoint behaves like SharePoint.

732
00:26:23,600 --> 00:26:24,920
Teams behaves like teams.

733
00:26:24,920 --> 00:26:27,000
You could argue about integration, but you could still

734
00:26:27,000 --> 00:26:29,360
model boundaries because the execution semantics

735
00:26:29,360 --> 00:26:30,280
were stable enough.

736
00:26:30,280 --> 00:26:32,400
In the agent era, those boundaries blur

737
00:26:32,400 --> 00:26:34,400
because the work stops happening inside the app

738
00:26:34,400 --> 00:26:36,280
and starts happening across a tool chain.

739
00:26:36,280 --> 00:26:40,120
Now, the same user intent, summarize this, draft that,

740
00:26:40,120 --> 00:26:42,680
find the policy, notify the group,

741
00:26:42,680 --> 00:26:44,600
can land in different orchestration stacks

742
00:26:44,600 --> 00:26:46,720
depending on where the user asked.

743
00:26:46,720 --> 00:26:48,400
Teams has one context surface.

744
00:26:48,400 --> 00:26:52,080
Chats, channels, meetings, transcripts, Outlook has another.

745
00:26:52,080 --> 00:26:55,040
Mail threads, calendars, attachments, mailboxes.

746
00:26:55,040 --> 00:26:57,960
SharePoint has another, sites, pages, libraries, permissions,

747
00:26:57,960 --> 00:26:58,960
metadata.

748
00:26:58,960 --> 00:27:01,200
Even if the model is shared, the retrieval and grounding

749
00:27:01,200 --> 00:27:02,320
pathways aren't.

750
00:27:02,320 --> 00:27:04,720
So the enterprise ends up with one copilot that behaves

751
00:27:04,720 --> 00:27:05,800
like 3, 5, or 10.

752
00:27:05,800 --> 00:27:06,920
This is the hidden variety.

753
00:27:06,920 --> 00:27:07,760
It isn't the UX.

754
00:27:07,760 --> 00:27:09,360
It's the tool chain and the reasoning pattern

755
00:27:09,360 --> 00:27:10,520
behind the UX.

756
00:27:10,520 --> 00:27:12,160
And it multiplies in two ways at once.

757
00:27:12,160 --> 00:27:15,160
First, the visible variety, which Microsoft will happily ship,

758
00:27:15,160 --> 00:27:17,800
copilot UX in multiple apps, the Clarity of agents

759
00:27:17,800 --> 00:27:19,000
in copilot studio.

760
00:27:19,000 --> 00:27:21,520
Custom engine agents via Pro Code Toolkits.

761
00:27:21,520 --> 00:27:23,560
Azure AI Foundry orchestration patterns

762
00:27:23,560 --> 00:27:26,240
like connected agents and multi agent workflows,

763
00:27:26,240 --> 00:27:29,400
MCP servers exposing tools, agent to agent delegation,

764
00:27:29,400 --> 00:27:32,280
different model options, different grounding approaches.

765
00:27:32,280 --> 00:27:33,680
None of this is inherently bad.

766
00:27:33,680 --> 00:27:35,520
The system is behaving like a platform.

767
00:27:35,520 --> 00:27:38,080
But a platform doesn't give you one standard way to operate.

768
00:27:38,080 --> 00:27:39,040
It gives you a menu.

769
00:27:39,040 --> 00:27:40,800
And enterprises are terrible at menus.

770
00:27:40,800 --> 00:27:42,960
They select based on local pain, local skills,

771
00:27:42,960 --> 00:27:44,120
and local deadlines.

772
00:27:44,120 --> 00:27:45,680
Then they call it strategy.

773
00:27:45,680 --> 00:27:49,000
Second, the invisible variety, which enterprises

774
00:27:49,000 --> 00:27:50,600
create for themselves.

775
00:27:50,600 --> 00:27:52,440
Different teams build different tool chains.

776
00:27:52,440 --> 00:27:54,560
One group relies on SharePoint as a knowledge base.

777
00:27:54,560 --> 00:27:55,880
Another relies on one note.

778
00:27:55,880 --> 00:27:57,480
Another relies on teams' messages.

779
00:27:57,480 --> 00:28:00,160
Another relies on PDFs in random libraries.

780
00:28:00,160 --> 00:28:02,360
One team builds a flow that writes to dataverse.

781
00:28:02,360 --> 00:28:03,920
Another team writes to a spreadsheet.

782
00:28:03,920 --> 00:28:05,320
Another team sends an email.

783
00:28:05,320 --> 00:28:07,320
Another team posts into a team's channel,

784
00:28:07,320 --> 00:28:08,720
same business intent.

785
00:28:08,720 --> 00:28:10,440
Four different execution parts.

786
00:28:10,440 --> 00:28:12,080
Four different side effects.

787
00:28:12,080 --> 00:28:13,520
Four different failure modes.

788
00:28:13,520 --> 00:28:16,360
And now the same policy doesn't create the same posture.

789
00:28:16,360 --> 00:28:18,280
This is where security teams get blindsided.

790
00:28:18,280 --> 00:28:20,000
They assume that if conditional access,

791
00:28:20,000 --> 00:28:22,560
DLP labels and access reviews are central,

792
00:28:22,560 --> 00:28:25,240
then the agent experience is centrally controlled.

793
00:28:25,240 --> 00:28:26,920
That was true when the application boundary

794
00:28:26,920 --> 00:28:28,600
was the control surface.

795
00:28:28,600 --> 00:28:31,520
In posts, the control surface is the orchestration layer.

796
00:28:31,520 --> 00:28:34,280
What tools are reachable, what context is selectable,

797
00:28:34,280 --> 00:28:37,040
what memory is persistent, what delegation is allowed,

798
00:28:37,040 --> 00:28:39,480
and what identity is presented to the tools.

799
00:28:39,480 --> 00:28:40,880
So even with central policies,

800
00:28:40,880 --> 00:28:43,360
variety creates inconsistent outcomes.

801
00:28:43,360 --> 00:28:45,680
One agent uses a connector with delegated permissions

802
00:28:45,680 --> 00:28:48,640
that quietly exceeds what the user thinks they authorized.

803
00:28:48,640 --> 00:28:50,680
Another agent uses a different connector

804
00:28:50,680 --> 00:28:54,000
that fails and falls back to a different data source.

805
00:28:54,000 --> 00:28:55,880
One runtime strips citations.

806
00:28:55,880 --> 00:28:57,160
Another keeps them.

807
00:28:57,160 --> 00:28:58,200
One runtime can act.

808
00:28:58,200 --> 00:28:59,480
Another can only suggest.

809
00:28:59,480 --> 00:29:02,520
One runtime logs tool calls in a way you can trace.

810
00:29:02,520 --> 00:29:04,920
Another leaves you with conversational smoke.

811
00:29:04,920 --> 00:29:07,760
Same organization, same intent, different behavior.

812
00:29:07,760 --> 00:29:09,960
And because the variety is distributed across tools,

813
00:29:09,960 --> 00:29:12,680
builders and teams, your architecture language can't keep up.

814
00:29:12,680 --> 00:29:14,920
Your diagram still shows apps and services.

815
00:29:14,920 --> 00:29:17,800
The system is actually a shifting set of agent runtimes

816
00:29:17,800 --> 00:29:18,840
and toolchains.

817
00:29:18,840 --> 00:29:20,520
You're describing a deterministic world

818
00:29:20,520 --> 00:29:22,560
while operating a probabilistic one.

819
00:29:22,560 --> 00:29:25,320
That mismatch is why incidents feel surreal.

820
00:29:25,320 --> 00:29:27,720
Operators aren't asking which service failed.

821
00:29:27,720 --> 00:29:29,760
They're asking which runtime did this user hit

822
00:29:29,760 --> 00:29:31,720
with which context, with which tool catalog

823
00:29:31,720 --> 00:29:34,560
with which prompt version and which permission edge.

824
00:29:34,560 --> 00:29:36,680
That's M-T-T-E getting paid in full.

825
00:29:36,680 --> 00:29:39,200
And variety is also the bridge to the final accelerant

826
00:29:39,200 --> 00:29:41,040
because once you have many runtimes,

827
00:29:41,040 --> 00:29:42,800
you inevitably get many instances.

828
00:29:42,800 --> 00:29:45,680
Variety becomes volume the moment those experiences scale

829
00:29:45,680 --> 00:29:46,920
beyond the handful of pilots

830
00:29:46,920 --> 00:29:49,320
and become the default way work gets done.

831
00:29:49,320 --> 00:29:50,160
Volume.

832
00:29:50,160 --> 00:29:53,000
The agent to human ratio quietly explodes.

833
00:29:53,000 --> 00:29:54,800
Volume is the part leaders think they understand

834
00:29:54,800 --> 00:29:57,200
because they've lived through volume for 20 years.

835
00:29:57,200 --> 00:30:00,080
More mailboxes, more teams, more sharepoint sites,

836
00:30:00,080 --> 00:30:02,800
more documents, more groups, more apps, more logs,

837
00:30:02,800 --> 00:30:04,280
more tickets.

838
00:30:04,280 --> 00:30:06,520
Volume felt like a storage and operations problem.

839
00:30:06,520 --> 00:30:09,720
So enterprises build inventory thinking, count the things,

840
00:30:09,720 --> 00:30:12,360
classify the things, put policies on the things,

841
00:30:12,360 --> 00:30:15,720
then try to slow the rate at which new things appear.

842
00:30:15,720 --> 00:30:17,480
That logic collapses in the agent era

843
00:30:17,480 --> 00:30:19,680
because volume isn't primarily artifacts.

844
00:30:19,680 --> 00:30:20,800
It's decisions.

845
00:30:20,800 --> 00:30:23,920
The real scaling event is not that you'll have a lot of agents.

846
00:30:23,920 --> 00:30:26,200
It's that you'll have a lot of autonomous decision points

847
00:30:26,200 --> 00:30:28,760
firing all day across thousands of users

848
00:30:28,760 --> 00:30:30,720
and those decisions will create side effects

849
00:30:30,720 --> 00:30:32,040
in systems of record.

850
00:30:32,040 --> 00:30:34,600
Calendar entries, emails, records in dataverse,

851
00:30:34,600 --> 00:30:36,920
permissions changes, tickets, notifications,

852
00:30:36,920 --> 00:30:39,200
file copies, labels, shares, links,

853
00:30:39,200 --> 00:30:40,760
and unlike SaaS era volume,

854
00:30:40,760 --> 00:30:43,320
you don't get one decision per click, you get chains.

855
00:30:43,320 --> 00:30:47,720
A single user intent becomes multiple tool calls

856
00:30:47,720 --> 00:30:50,000
and each tool call becomes a potential fork.

857
00:30:50,000 --> 00:30:52,560
Retries, fallbacks, alternate sources,

858
00:30:52,560 --> 00:30:55,320
delegated sub agents and compensating actions

859
00:30:55,320 --> 00:30:57,160
when something partially succeeds.

860
00:30:57,160 --> 00:31:00,280
That means the number that matters isn't agents per tenant.

861
00:31:00,280 --> 00:31:02,240
It's autonomous actions per day.

862
00:31:02,240 --> 00:31:03,880
This is why the agent to human ratio

863
00:31:03,880 --> 00:31:05,560
is such a useful mental model.

864
00:31:05,560 --> 00:31:06,880
The ratio is never stable.

865
00:31:06,880 --> 00:31:08,760
It always grows because once an organization

866
00:31:08,760 --> 00:31:10,320
has one working agent pattern,

867
00:31:10,320 --> 00:31:13,240
it gets copied, templated, and embedded into workflows

868
00:31:13,240 --> 00:31:16,640
until the default expectation becomes the agent handles it.

869
00:31:16,640 --> 00:31:18,200
Humans only review the exceptions.

870
00:31:18,200 --> 00:31:18,960
That's fine.

871
00:31:18,960 --> 00:31:22,120
Right up until you realize the ratio also drives blast radius.

872
00:31:22,120 --> 00:31:25,000
Every additional agent doesn't just add another capability.

873
00:31:25,000 --> 00:31:28,400
It adds another execution pathway that can touch data,

874
00:31:28,400 --> 00:31:30,560
trigger workflows, and create side effects.

875
00:31:30,560 --> 00:31:32,680
And those pathways don't exist in isolation.

876
00:31:32,680 --> 00:31:34,920
They share tool catalogs, they share connectors,

877
00:31:34,920 --> 00:31:37,120
they share permissions, they share data stores.

878
00:31:37,120 --> 00:31:39,200
So the marginal risk of one more agent

879
00:31:39,200 --> 00:31:40,720
isn't one more thing to manage.

880
00:31:40,720 --> 00:31:42,400
It's more load on the same brittle graph.

881
00:31:42,400 --> 00:31:44,080
Here's where inventory thinking fails.

882
00:31:44,080 --> 00:31:46,720
Counting agents doesn't tell you anything about their authority.

883
00:31:46,720 --> 00:31:48,840
A declarative agent that can only retrieve

884
00:31:48,840 --> 00:31:52,440
and summarize content behaves like a read-only reporting surface.

885
00:31:52,440 --> 00:31:55,600
It can still leak information, but it can't mutate systems.

886
00:31:55,600 --> 00:31:58,240
A task agent that can send mail, create records,

887
00:31:58,240 --> 00:32:01,040
or trigger flows is a different class of risk.

888
00:32:01,040 --> 00:32:04,120
A decision agent that can choose actions without human review

889
00:32:04,120 --> 00:32:05,560
is a different class again.

890
00:32:05,560 --> 00:32:08,200
So if leadership asks how many agents do we have,

891
00:32:08,200 --> 00:32:10,440
the only accurate answer is that's the wrong question.

892
00:32:10,440 --> 00:32:13,040
The right question is how many autonomous decisions

893
00:32:13,040 --> 00:32:15,760
can execute side effects and where are those decisions

894
00:32:15,760 --> 00:32:16,560
allowed to land?

895
00:32:16,560 --> 00:32:18,760
Volume also creates a specific sprawl pattern

896
00:32:18,760 --> 00:32:21,160
that looks harmless until it becomes permanent.

897
00:32:21,160 --> 00:32:24,640
Duplicated agents, forked prompts, often flows,

898
00:32:24,640 --> 00:32:26,960
environment drift, someone copies an agent

899
00:32:26,960 --> 00:32:29,080
because it's faster than requesting access,

900
00:32:29,080 --> 00:32:31,160
someone forks a prompt because it's just wording.

901
00:32:31,160 --> 00:32:32,960
Someone creates a new connector

902
00:32:32,960 --> 00:32:34,680
because the approved one is slow.

903
00:32:34,680 --> 00:32:36,720
Someone builds a flow in a personal environment

904
00:32:36,720 --> 00:32:39,360
because they're testing, then the test becomes production

905
00:32:39,360 --> 00:32:40,200
because it works.

906
00:32:40,200 --> 00:32:41,160
Those are not exceptions.

907
00:32:41,160 --> 00:32:43,080
Those are entropy factories.

908
00:32:43,080 --> 00:32:45,760
And volume turns them into normal operations.

909
00:32:45,760 --> 00:32:48,360
This is where MTT becomes a certainty, not a risk.

910
00:32:48,360 --> 00:32:50,160
Because the more autonomous decisions you have,

911
00:32:50,160 --> 00:32:52,240
the more often you'll need to explain one.

912
00:32:52,240 --> 00:32:55,360
And the explanation burden doesn't scale linearly.

913
00:32:55,360 --> 00:32:57,720
It scales with the number of possible pathways,

914
00:32:57,720 --> 00:32:59,160
the number of runtime versions,

915
00:32:59,160 --> 00:33:01,440
and the number of implicit dependencies.

916
00:33:01,440 --> 00:33:03,560
So the enterprise does what it always does.

917
00:33:03,560 --> 00:33:05,960
It tries to centralize visibility after the fact,

918
00:33:05,960 --> 00:33:08,400
a registry, a dashboard, a report, a monthly review

919
00:33:08,400 --> 00:33:10,040
of top agents that can help,

920
00:33:10,040 --> 00:33:12,080
but only if it's tied to contracts.

921
00:33:12,080 --> 00:33:14,040
Otherwise, it becomes another spreadsheet of comfort

922
00:33:14,040 --> 00:33:17,160
because volume isn't the enemy, unbounded volume is.

923
00:33:17,160 --> 00:33:18,600
An unbounded volume is what happens

924
00:33:18,600 --> 00:33:21,400
when organizations treat agents as helpers instead of products.

925
00:33:21,400 --> 00:33:23,560
Products have owners, products have versions,

926
00:33:23,560 --> 00:33:26,560
products have deprecation, products have telemetry

927
00:33:26,560 --> 00:33:28,240
that answers uncomfortable questions,

928
00:33:28,240 --> 00:33:30,840
helpers have enthusiasm, templates, and no life cycle.

929
00:33:30,840 --> 00:33:33,680
Over time, the agent workforce becomes the dominant workforce,

930
00:33:33,680 --> 00:33:36,200
not in headcount, but in executed actions.

931
00:33:36,200 --> 00:33:38,680
And once that happens, every weakness in identity,

932
00:33:38,680 --> 00:33:40,880
permissions, data quality, and observability

933
00:33:40,880 --> 00:33:42,360
gets amplified by automation.

934
00:33:42,360 --> 00:33:44,040
The system doesn't just scale outcomes.

935
00:33:44,040 --> 00:33:46,320
It scales mistakes.

936
00:33:46,320 --> 00:33:48,760
That's the point where leaders finally feel the paradox

937
00:33:48,760 --> 00:33:49,600
in their calendar.

938
00:33:49,600 --> 00:33:53,200
Nothing is down, but everything takes longer to trust.

939
00:33:53,200 --> 00:33:55,200
Now shift from theory to the first scenario

940
00:33:55,200 --> 00:33:56,720
everyone recognizes.

941
00:33:56,720 --> 00:33:58,440
We rolled out co-pilot.

942
00:33:58,440 --> 00:33:59,920
Scenario one setup.

943
00:33:59,920 --> 00:34:01,400
We rolled out co-pilot.

944
00:34:01,400 --> 00:34:03,760
This is the story every Microsoft leader tells right now

945
00:34:03,760 --> 00:34:05,600
because it sounds responsible.

946
00:34:05,600 --> 00:34:06,920
We rolled out co-pilot.

947
00:34:06,920 --> 00:34:09,120
Translation, procurement, bought the licenses,

948
00:34:09,120 --> 00:34:10,320
someone flipped the toggles.

949
00:34:10,320 --> 00:34:12,640
There was a readiness checklist, a couple of pilot teams,

950
00:34:12,640 --> 00:34:15,000
some prompt training, maybe a security review,

951
00:34:15,000 --> 00:34:17,240
and then a launch email with a SharePoint page

952
00:34:17,240 --> 00:34:18,760
full of cheerful guidance.

953
00:34:18,760 --> 00:34:21,280
If they're more mature, they also turned on some reporting

954
00:34:21,280 --> 00:34:24,360
and created a channel where users can share great prompts.

955
00:34:24,360 --> 00:34:26,240
And then leadership expects the return.

956
00:34:26,240 --> 00:34:27,800
Fewer hours lost in email.

957
00:34:27,800 --> 00:34:28,880
Better meeting follow-ups.

958
00:34:28,880 --> 00:34:30,800
Less time searching for documents.

959
00:34:30,800 --> 00:34:33,520
Faster drafting, faster analysis, less friction.

960
00:34:33,520 --> 00:34:35,360
The usual narrative of productivity gain

961
00:34:35,360 --> 00:34:37,280
and to be clear, some of that is real.

962
00:34:37,280 --> 00:34:38,800
But the rollout framing is the trap

963
00:34:38,800 --> 00:34:40,800
because co-pilot is not an app you deployed

964
00:34:40,800 --> 00:34:41,880
into a clean environment.

965
00:34:41,880 --> 00:34:43,320
It's an orchestrator you deployed

966
00:34:43,320 --> 00:34:45,600
on top of your existing information estate.

967
00:34:45,600 --> 00:34:46,960
And that estate is not tidy.

968
00:34:46,960 --> 00:34:47,640
It never was.

969
00:34:47,640 --> 00:34:49,160
It's a decade of SharePoint permissions

970
00:34:49,160 --> 00:34:50,880
that drifted teams that proliferated,

971
00:34:50,880 --> 00:34:54,400
sites nobody owns anymore, documents with unclear lineage,

972
00:34:54,400 --> 00:34:56,960
retention policies that got applied unevenly,

973
00:34:56,960 --> 00:34:59,640
and a pile of temporary access that became permanent

974
00:34:59,640 --> 00:35:02,760
during the pandemic and was never revisited.

975
00:35:02,760 --> 00:35:04,200
Co-pilot doesn't create that mess.

976
00:35:04,200 --> 00:35:05,640
It simply makes it executable.

977
00:35:05,640 --> 00:35:08,120
Here's what most organizations miss in the first 90 days.

978
00:35:08,120 --> 00:35:10,600
The first order effect isn't users got faster.

979
00:35:10,600 --> 00:35:12,360
The first order effect is that teams learn

980
00:35:12,360 --> 00:35:15,560
which contact surfaces co-pilot can see, which it can't,

981
00:35:15,560 --> 00:35:18,160
and which it can be coaxed into seeing through workarounds.

982
00:35:18,160 --> 00:35:21,280
They learn which prompts reliably produce useful outputs.

983
00:35:21,280 --> 00:35:22,840
They learn which plugins or connectors

984
00:35:22,840 --> 00:35:24,400
unlock the missing capability.

985
00:35:24,400 --> 00:35:26,240
They learn which data sources are too noisy,

986
00:35:26,240 --> 00:35:27,240
so they root around them.

987
00:35:27,240 --> 00:35:28,600
That learning becomes behavior

988
00:35:28,600 --> 00:35:30,240
and behavior becomes a local standard.

989
00:35:30,240 --> 00:35:32,520
So the first thing that diverges is enablement,

990
00:35:32,520 --> 00:35:34,640
not the formal enablement, the real one.

991
00:35:34,640 --> 00:35:37,800
One business unit runs internal prompt clinics.

992
00:35:37,800 --> 00:35:39,920
Another shares prompts in a team's chat.

993
00:35:39,920 --> 00:35:42,320
Another builds a private prompt library in one note,

994
00:35:42,320 --> 00:35:45,320
another hires a consultant who hands them a pack of templates,

995
00:35:45,320 --> 00:35:47,920
another quietly decides co-pilot is unreliable

996
00:35:47,920 --> 00:35:50,840
and stops using it, except for drafting emails

997
00:35:50,840 --> 00:35:52,280
because that's safe.

998
00:35:52,280 --> 00:35:54,040
Now you don't have one co-pilot rollout.

999
00:35:54,040 --> 00:35:55,640
You have multiple co-pilot cultures,

1000
00:35:55,640 --> 00:35:58,080
and that cultural drift turns into technical drift faster

1001
00:35:58,080 --> 00:35:59,480
than most architects expect

1002
00:35:59,480 --> 00:36:01,440
because co-pilot's value rises with reach.

1003
00:36:01,440 --> 00:36:02,800
The moment a team hits the limit

1004
00:36:02,800 --> 00:36:04,320
of what basic co-pilot can do,

1005
00:36:04,320 --> 00:36:06,560
they don't file a request for a new application.

1006
00:36:06,560 --> 00:36:08,880
They attach a capability, a plug-in,

1007
00:36:08,880 --> 00:36:10,760
a connector, a graph permission,

1008
00:36:10,760 --> 00:36:13,360
a co-pilot studio action, a power automate flow

1009
00:36:13,360 --> 00:36:16,360
that just helps co-pilot by doing the last mile,

1010
00:36:16,360 --> 00:36:18,320
a shortcut that creates a side effect

1011
00:36:18,320 --> 00:36:20,320
without making the side effect visible

1012
00:36:20,320 --> 00:36:22,320
and those attachments don't happen centrally,

1013
00:36:22,320 --> 00:36:24,880
they happen where pain exists locally.

1014
00:36:24,880 --> 00:36:27,400
Under time pressure with good intentions.

1015
00:36:27,400 --> 00:36:30,840
This is where we rolled out co-pilot becomes structurally false

1016
00:36:30,840 --> 00:36:32,640
because you didn't roll out a single thing.

1017
00:36:32,640 --> 00:36:34,280
You rolled out an orchestration layer

1018
00:36:34,280 --> 00:36:36,240
that behaves differently depending on the workload

1019
00:36:36,240 --> 00:36:37,080
and the team.

1020
00:36:37,080 --> 00:36:38,360
Teams becomes one runtime.

1021
00:36:38,360 --> 00:36:41,120
It has meetings, transcripts, chats, channels,

1022
00:36:41,120 --> 00:36:43,720
and a social graph that changes by the hour.

1023
00:36:43,720 --> 00:36:45,440
Outlook becomes another runtime,

1024
00:36:45,440 --> 00:36:48,280
mail threads, calendar context, attachments

1025
00:36:48,280 --> 00:36:49,840
and delegated mailboxes.

1026
00:36:49,840 --> 00:36:51,840
SharePoint becomes another runtime,

1027
00:36:51,840 --> 00:36:54,600
site permissions, library structures, metadata,

1028
00:36:54,600 --> 00:36:57,440
link sharing patterns, and an information architecture

1029
00:36:57,440 --> 00:37:01,040
that mostly exists in someone's head from 2019.

1030
00:37:01,040 --> 00:37:04,080
So when an exec says co-pilot couldn't find the policy,

1031
00:37:04,080 --> 00:37:05,400
that sentence is meaningless,

1032
00:37:05,400 --> 00:37:06,520
which co-pilot's surface,

1033
00:37:06,520 --> 00:37:08,360
in which app grounded on which sources,

1034
00:37:08,360 --> 00:37:10,680
under which permissions, with which connectors enabled,

1035
00:37:10,680 --> 00:37:13,120
with what chat history, in which tenant configuration,

1036
00:37:13,120 --> 00:37:14,960
after which recent model update,

1037
00:37:14,960 --> 00:37:16,200
the platform isn't one thing.

1038
00:37:16,200 --> 00:37:18,640
It's a set of agent runtimes with a shared brand

1039
00:37:18,640 --> 00:37:20,760
and then the sprawl starts to look helpful.

1040
00:37:20,760 --> 00:37:21,920
It always does it first.

1041
00:37:21,920 --> 00:37:24,360
A department creates an approved prompt list.

1042
00:37:24,360 --> 00:37:26,400
Someone builds an HR co-pilot helper

1043
00:37:26,400 --> 00:37:27,600
that points at their SharePoint.

1044
00:37:27,600 --> 00:37:29,720
Someone builds a sales follow-up agent

1045
00:37:29,720 --> 00:37:32,520
that drafts emails and updates a CRM through a connector.

1046
00:37:32,520 --> 00:37:33,680
Someone creates a team's tab

1047
00:37:33,680 --> 00:37:35,480
with a custom co-pilot experience.

1048
00:37:35,480 --> 00:37:36,960
It's all incremental.

1049
00:37:36,960 --> 00:37:38,400
Nothing feels like architecture

1050
00:37:38,400 --> 00:37:40,640
until you try to explain why the same question

1051
00:37:40,640 --> 00:37:42,920
yields different answers for different users.

1052
00:37:42,920 --> 00:37:44,960
Or why co-pilot cited a document,

1053
00:37:44,960 --> 00:37:47,120
someone insists they don't have access to,

1054
00:37:47,120 --> 00:37:48,760
because the permission edge is real,

1055
00:37:48,760 --> 00:37:50,960
even if nobody remembers granting it.

1056
00:37:50,960 --> 00:37:54,640
Or why a summary changed week to week, even though nothing changed,

1057
00:37:54,640 --> 00:37:56,480
because the context surface did.

1058
00:37:56,480 --> 00:37:59,080
This is the setup co-pilot didn't simplify your tenant.

1059
00:37:59,080 --> 00:38:00,800
It turned your tenant into the runtime

1060
00:38:00,800 --> 00:38:03,000
and the moment the tenant becomes the runtime,

1061
00:38:03,000 --> 00:38:05,080
you are no longer managing a product rollout.

1062
00:38:05,080 --> 00:38:08,400
You are managing an emerging behavior system with side effects.

1063
00:38:08,400 --> 00:38:09,960
Scenario one entropy signals,

1064
00:38:09,960 --> 00:38:13,560
co-pilot across M365 becomes micro agent divergence.

1065
00:38:13,560 --> 00:38:15,640
Entropy signals in co-pilot aren't dramatic.

1066
00:38:15,640 --> 00:38:16,640
They're boring.

1067
00:38:16,640 --> 00:38:20,040
That's why they get ignored until they stack into operational pain.

1068
00:38:20,040 --> 00:38:22,720
The first signal is that SharePoint, Teams, and Outlook

1069
00:38:22,720 --> 00:38:24,640
are not three front ends.

1070
00:38:24,640 --> 00:38:26,400
They are three different agent runtimes

1071
00:38:26,400 --> 00:38:27,960
with three different context surfaces

1072
00:38:27,960 --> 00:38:30,560
and three different default assumptions about what matters.

1073
00:38:30,560 --> 00:38:32,240
Teams is conversation first.

1074
00:38:32,240 --> 00:38:33,680
Outlook is thread first.

1075
00:38:33,680 --> 00:38:35,360
SharePoint is content first.

1076
00:38:35,360 --> 00:38:37,400
The same prompt lands on different grounding,

1077
00:38:37,400 --> 00:38:40,000
different retrieval, and different relevance ranking

1078
00:38:40,000 --> 00:38:41,800
depending on where the user asked.

1079
00:38:41,800 --> 00:38:44,600
So co-pilot gave a different answer, isn't user error.

1080
00:38:44,600 --> 00:38:46,120
It's runtime variance.

1081
00:38:46,120 --> 00:38:49,080
And once leadership hears variance, they do what they always do.

1082
00:38:49,080 --> 00:38:49,920
They standardize.

1083
00:38:49,920 --> 00:38:51,880
So the second signal is the prompt library.

1084
00:38:51,880 --> 00:38:53,560
Every organization ends up creating one.

1085
00:38:53,560 --> 00:38:54,680
Sometimes it's official.

1086
00:38:54,680 --> 00:38:55,840
Sometimes it's folklore.

1087
00:38:55,840 --> 00:38:58,160
Sometimes it's a Teams channel with screenshots.

1088
00:38:58,160 --> 00:39:00,200
Either way, it becomes a comforting artifact

1089
00:39:00,200 --> 00:39:02,960
because it feels like policy, but prompts aren't controls.

1090
00:39:02,960 --> 00:39:04,440
They don't enforce boundaries.

1091
00:39:04,440 --> 00:39:06,280
They're input to a reasoning system

1092
00:39:06,280 --> 00:39:09,200
that can interpret, skip, or reframe them based on context.

1093
00:39:09,200 --> 00:39:11,400
What this actually looks like in the wild is simple.

1094
00:39:11,400 --> 00:39:13,680
Someone says, use the approved prompt

1095
00:39:13,680 --> 00:39:18,760
and the response improves for that user in that app

1096
00:39:18,760 --> 00:39:20,720
for that data set this week.

1097
00:39:20,720 --> 00:39:22,760
Then another team copies it, tweaks three words,

1098
00:39:22,760 --> 00:39:26,080
adds beacon size, adds actors A, and now you have prompt drift.

1099
00:39:26,080 --> 00:39:27,600
Not because people are reckless

1100
00:39:27,600 --> 00:39:30,080
because prompts are the easiest thing in the stack to edit

1101
00:39:30,080 --> 00:39:31,840
and editing feels harmless.

1102
00:39:31,840 --> 00:39:34,000
But prompt edits are runtime logic changes.

1103
00:39:34,000 --> 00:39:36,960
You're changing the decision surface, not the documentation.

1104
00:39:36,960 --> 00:39:38,800
The third signal is permission edges,

1105
00:39:38,800 --> 00:39:40,880
copilot rides, Microsoft Graph.

1106
00:39:40,880 --> 00:39:42,720
And Graph is not a single permission boundary.

1107
00:39:42,720 --> 00:39:45,840
It's an authorization graph that's shaped by groups, sites,

1108
00:39:45,840 --> 00:39:48,560
sharing links, delegated mailboxes, sensitivity labels,

1109
00:39:48,560 --> 00:39:51,080
and all the historical decisions nobody revisited.

1110
00:39:51,080 --> 00:39:53,720
So you get the same intent producing different access outcomes.

1111
00:39:53,720 --> 00:39:56,440
One user gets the right answer because they're in the right group.

1112
00:39:56,440 --> 00:39:59,000
Another user gets a weaker answer because they're not.

1113
00:39:59,000 --> 00:40:01,520
And a third user gets a dangerously confident answer

1114
00:40:01,520 --> 00:40:03,960
because they have access through a link-based permission

1115
00:40:03,960 --> 00:40:05,680
that no one remembers granting.

1116
00:40:05,680 --> 00:40:07,720
That's the core, post-sass issue.

1117
00:40:07,720 --> 00:40:09,440
Authorization is still deterministic,

1118
00:40:09,440 --> 00:40:11,680
but the user experience becomes probabilistic.

1119
00:40:11,680 --> 00:40:13,280
So you get the weird incident class

1120
00:40:13,280 --> 00:40:16,600
where nobody can tell if the problem is copilot, permissions,

1121
00:40:16,600 --> 00:40:19,520
or content hygiene because all three are now coupled

1122
00:40:19,520 --> 00:40:20,440
in the output.

1123
00:40:20,440 --> 00:40:23,440
The fourth signal is connector and plug-in divergence.

1124
00:40:23,440 --> 00:40:26,320
Even when the enterprise thinks it enabled copilot,

1125
00:40:26,320 --> 00:40:28,320
the real copilot experience becomes defined

1126
00:40:28,320 --> 00:40:30,280
by what extra capabilities teams attach.

1127
00:40:30,280 --> 00:40:32,440
Some teams allow more plug-ins, some block them,

1128
00:40:32,440 --> 00:40:34,240
some discover third-party connectors,

1129
00:40:34,240 --> 00:40:36,080
some build copilot studio actions.

1130
00:40:36,080 --> 00:40:38,600
Each choice expands the tool catalog

1131
00:40:38,600 --> 00:40:41,400
and expanding the tool catalog expands the decision pathways.

1132
00:40:41,400 --> 00:40:42,640
That's not a governance point.

1133
00:40:42,640 --> 00:40:43,600
It's mechanical.

1134
00:40:43,600 --> 00:40:45,240
More tools means more branches.

1135
00:40:45,240 --> 00:40:48,480
Over time, copilot stops being a single capability.

1136
00:40:48,480 --> 00:40:50,920
It becomes a family of microagents.

1137
00:40:50,920 --> 00:40:52,960
One inside teams with meeting context,

1138
00:40:52,960 --> 00:40:55,400
one inside outlook with mailbox context,

1139
00:40:55,400 --> 00:40:57,840
one inside SharePoint with library context,

1140
00:40:57,840 --> 00:41:00,840
plus a handful of departmental agents with custom tools

1141
00:41:00,840 --> 00:41:03,160
and instructions, plus whatever people built

1142
00:41:03,160 --> 00:41:05,640
in copilot studio to patch gaps.

1143
00:41:05,640 --> 00:41:07,840
Leadership keeps calling it one rollout,

1144
00:41:07,840 --> 00:41:09,880
operators start seeing it as multiple systems.

1145
00:41:09,880 --> 00:41:11,760
The fifth signal is output quality drift

1146
00:41:11,760 --> 00:41:13,320
that correlates with nothing obvious.

1147
00:41:13,320 --> 00:41:15,680
Week one, summaries are solid, week six,

1148
00:41:15,680 --> 00:41:18,920
the same meeting format yields inconsistent action items.

1149
00:41:18,920 --> 00:41:22,440
Week 10, citations shift, week 14, users complain

1150
00:41:22,440 --> 00:41:23,760
that it's not as good anymore

1151
00:41:23,760 --> 00:41:25,440
and nobody can tie it to a change ticket

1152
00:41:25,440 --> 00:41:27,000
because the change wasn't a single thing.

1153
00:41:27,000 --> 00:41:30,160
It was an accumulation, a model update, a team's feature change,

1154
00:41:30,160 --> 00:41:32,480
new content in SharePoint, a permission cleanup

1155
00:41:32,480 --> 00:41:34,560
that removed something, a new channel created,

1156
00:41:34,560 --> 00:41:37,680
a different meeting organizer, a different transcript quality,

1157
00:41:37,680 --> 00:41:39,320
a different retrieval ranking.

1158
00:41:39,320 --> 00:41:41,680
In deterministic sass, you'd isolate variables.

1159
00:41:41,680 --> 00:41:44,080
In post sass, variables are the runtime.

1160
00:41:44,080 --> 00:41:45,920
And that's where MTTE becomes real

1161
00:41:45,920 --> 00:41:48,000
because the practical debugging question is not

1162
00:41:48,000 --> 00:41:49,360
is copilot up.

1163
00:41:49,360 --> 00:41:50,840
It's what did copilot see?

1164
00:41:50,840 --> 00:41:52,600
Not what it could see, what it did see.

1165
00:41:52,600 --> 00:41:54,560
What context it selected, what it ignored

1166
00:41:54,560 --> 00:41:56,040
and which tool calls it executed

1167
00:41:56,040 --> 00:41:57,920
without that you can't explain behavior,

1168
00:41:57,920 --> 00:41:59,360
you can only argue about it.

1169
00:41:59,360 --> 00:42:01,360
And the final entropy signal in copilot

1170
00:42:01,360 --> 00:42:03,760
is the slow collapse of shared assumptions.

1171
00:42:03,760 --> 00:42:06,160
The organization thinks it has one assistant.

1172
00:42:06,160 --> 00:42:08,640
In reality, it has multiple execution parts

1173
00:42:08,640 --> 00:42:10,480
and multiple behavioral versions.

1174
00:42:10,480 --> 00:42:12,680
Different teams start trusting different patterns,

1175
00:42:12,680 --> 00:42:14,280
building different workarounds

1176
00:42:14,280 --> 00:42:16,800
and relying on different known good prompts

1177
00:42:16,800 --> 00:42:19,080
that only work inside their slice of the tenant.

1178
00:42:19,080 --> 00:42:21,320
That's micro agent divergence, the same brand,

1179
00:42:21,320 --> 00:42:22,960
the same license, the same platform,

1180
00:42:22,960 --> 00:42:24,480
different behavior, different risks,

1181
00:42:24,480 --> 00:42:26,360
different incident narratives.

1182
00:42:26,360 --> 00:42:28,240
And once that divergence becomes normal,

1183
00:42:28,240 --> 00:42:30,240
the next move is predictable.

1184
00:42:30,240 --> 00:42:31,720
Make a step into fix it.

1185
00:42:31,720 --> 00:42:34,400
Scenario two set up, power platform agents at scale,

1186
00:42:34,400 --> 00:42:36,880
and that's when the maker step into fix it.

1187
00:42:36,880 --> 00:42:39,440
Not because they're reckless, because they're useful.

1188
00:42:39,440 --> 00:42:41,360
Power platform exists to turn local pain

1189
00:42:41,360 --> 00:42:42,760
into local solutions.

1190
00:42:42,760 --> 00:42:45,160
And in the sass era, that was mostly fine.

1191
00:42:45,160 --> 00:42:46,800
A flow that copies an attachment,

1192
00:42:46,800 --> 00:42:48,480
a form that standardizes intake,

1193
00:42:48,480 --> 00:42:50,320
a little app that replaces a spreadsheet,

1194
00:42:50,320 --> 00:42:53,000
you could call it sprawl, but it was legible sprawl.

1195
00:42:53,000 --> 00:42:55,400
Apps and flows you could list, owners you could ping,

1196
00:42:55,400 --> 00:42:57,200
environments you could lock down,

1197
00:42:57,200 --> 00:42:59,080
when someone finally complained.

1198
00:42:59,080 --> 00:43:01,760
Agenetic power platform changes the shape of that sprawl,

1199
00:43:01,760 --> 00:43:05,120
because the power platform isn't just low code automation anymore.

1200
00:43:05,120 --> 00:43:07,440
It's a distribution channel for decision logic.

1201
00:43:07,440 --> 00:43:09,080
Copilot Studio and power automate

1202
00:43:09,080 --> 00:43:10,680
don't just help someone build a workflow.

1203
00:43:10,680 --> 00:43:12,760
They help someone package reasoning, retrieval,

1204
00:43:12,760 --> 00:43:14,800
and actions into a reusable capability

1205
00:43:14,800 --> 00:43:17,520
that other humans will treat as the system.

1206
00:43:17,520 --> 00:43:19,160
And the cost of doing that is low enough

1207
00:43:19,160 --> 00:43:20,720
that it will happen everywhere.

1208
00:43:20,720 --> 00:43:22,200
This is the uncomfortable truth.

1209
00:43:22,200 --> 00:43:24,400
If you want to understand how fast an organization

1210
00:43:24,400 --> 00:43:27,320
will scale agents, don't look at Azure, look at power platform.

1211
00:43:27,320 --> 00:43:29,320
Azure is where teams build carefully.

1212
00:43:29,320 --> 00:43:31,640
Power platform is where teams build constantly.

1213
00:43:31,640 --> 00:43:32,560
And the reason is simple,

1214
00:43:32,560 --> 00:43:34,520
it sits at the intersection of three things

1215
00:43:34,520 --> 00:43:36,880
enterprises can't control with policy docs,

1216
00:43:36,880 --> 00:43:38,880
business urgency, permission convenience,

1217
00:43:38,880 --> 00:43:40,320
and template gravity.

1218
00:43:40,320 --> 00:43:43,320
Business urgency means the moment a team has a recurring annoyance,

1219
00:43:43,320 --> 00:43:45,320
they don't open a project, they open a float,

1220
00:43:45,320 --> 00:43:46,840
they don't ask for a system change,

1221
00:43:46,840 --> 00:43:49,040
they ask copilot to draft something,

1222
00:43:49,040 --> 00:43:51,840
route something, create something, notify someone,

1223
00:43:51,840 --> 00:43:53,800
and when that something works once,

1224
00:43:53,800 --> 00:43:56,280
the next move is predictable, schedule it, trigger it,

1225
00:43:56,280 --> 00:43:57,800
wrap it, turn it into an agent.

1226
00:43:57,800 --> 00:44:00,160
Now it's no longer assistance, it's execution.

1227
00:44:00,160 --> 00:44:02,160
Permission convenience is the part nobody likes

1228
00:44:02,160 --> 00:44:03,680
talking about in architecture meetings.

1229
00:44:03,680 --> 00:44:06,040
Connectors are power, delegated connectors are borrowed

1230
00:44:06,040 --> 00:44:06,880
authority.

1231
00:44:06,880 --> 00:44:09,080
And the platform is designed to make connecting easy

1232
00:44:09,080 --> 00:44:10,960
because friction kills adoption.

1233
00:44:10,960 --> 00:44:13,800
So a maker connects to SharePoint, Outlook, Teams,

1234
00:44:13,800 --> 00:44:16,880
Dataverse, maybe an ERP, maybe a ticketing system,

1235
00:44:16,880 --> 00:44:19,280
and now the flow has reached across systems

1236
00:44:19,280 --> 00:44:21,760
that were previously separated by human effort.

1237
00:44:21,760 --> 00:44:23,360
The flow becomes a cross domain actor.

1238
00:44:23,360 --> 00:44:25,400
Template gravity is why this scales

1239
00:44:25,400 --> 00:44:27,040
without anyone intending it to.

1240
00:44:27,040 --> 00:44:29,360
Power platform is full of examples, starter kits,

1241
00:44:29,360 --> 00:44:31,400
copy this and tweak it patterns.

1242
00:44:31,400 --> 00:44:33,440
Copilot makes that even worse in a useful way

1243
00:44:33,440 --> 00:44:35,960
because it reduces the work of copying to basically nothing.

1244
00:44:35,960 --> 00:44:37,640
A team sees a working agent, forks it,

1245
00:44:37,640 --> 00:44:39,720
changes a couple of prompts, swaps a connector,

1246
00:44:39,720 --> 00:44:41,120
and now they have their own version.

1247
00:44:41,120 --> 00:44:42,200
It looks like innovation.

1248
00:44:42,200 --> 00:44:44,560
Architecturally, it's divergence with a smile,

1249
00:44:44,560 --> 00:44:47,920
so scenario two starts the same way every time.

1250
00:44:47,920 --> 00:44:50,080
A business unit gets excited about copilot,

1251
00:44:50,080 --> 00:44:52,560
hits a limitation, and then discovers they can build

1252
00:44:52,560 --> 00:44:54,640
their own agent-like behavior in power,

1253
00:44:54,640 --> 00:44:56,800
automate, and copilot studio.

1254
00:44:56,800 --> 00:45:00,320
It starts as just a helper, something that drafts a response,

1255
00:45:00,320 --> 00:45:03,120
summarizes a request, or triages in email,

1256
00:45:03,120 --> 00:45:05,080
then it becomes just a workflow,

1257
00:45:05,080 --> 00:45:07,640
something that roots approvals, updates, records,

1258
00:45:07,640 --> 00:45:10,600
creates tasks, posts, notifications.

1259
00:45:10,600 --> 00:45:12,520
And then quietly it becomes business logic

1260
00:45:12,520 --> 00:45:15,280
because once the system can take an unstructured input,

1261
00:45:15,280 --> 00:45:18,600
an email, a form, a chat message, interpret it,

1262
00:45:18,600 --> 00:45:21,680
choose a path and execute actions across systems,

1263
00:45:21,680 --> 00:45:23,120
you've moved past automation,

1264
00:45:23,120 --> 00:45:25,760
you've embedded decision pathways into the organization.

1265
00:45:25,760 --> 00:45:27,480
This is where the ownership model breaks

1266
00:45:27,480 --> 00:45:29,640
in a very specific way, team's own outcomes,

1267
00:45:29,640 --> 00:45:31,280
nobody owns life cycles.

1268
00:45:31,280 --> 00:45:34,720
A maker owns the flow, a manager owns the process,

1269
00:45:34,720 --> 00:45:37,800
the eye owns the platform, security owns the policy,

1270
00:45:37,800 --> 00:45:40,800
compliance owns the audit, and the agent-like behavior

1271
00:45:40,800 --> 00:45:43,080
sits across all of them, prompt instructions

1272
00:45:43,080 --> 00:45:46,360
in copilot studio, branching logic in power automate,

1273
00:45:46,360 --> 00:45:49,720
data in data-vers, a youth in connectors, context in SharePoint,

1274
00:45:49,720 --> 00:45:51,440
notifications in teams.

1275
00:45:51,440 --> 00:45:53,200
So when it works, everyone claims value,

1276
00:45:53,200 --> 00:45:55,240
when it fails, nobody owns the behavior.

1277
00:45:55,240 --> 00:45:56,360
That's not a tooling flaw.

1278
00:45:56,360 --> 00:45:58,200
That's the operating model mismatch

1279
00:45:58,200 --> 00:46:00,400
showing up in the place where scale is easiest.

1280
00:46:00,400 --> 00:46:01,720
And it produces a failure mode

1281
00:46:01,720 --> 00:46:03,960
that looks different from copilot variants.

1282
00:46:03,960 --> 00:46:07,640
With copilot, people argue about output quality and citations.

1283
00:46:07,640 --> 00:46:09,000
With Power Platform agents,

1284
00:46:09,000 --> 00:46:10,920
the system starts doing things in the background.

1285
00:46:10,920 --> 00:46:12,720
It creates records, it sends emails,

1286
00:46:12,720 --> 00:46:14,320
it triggers downstream processes,

1287
00:46:14,320 --> 00:46:15,680
it touches systems of records.

1288
00:46:15,680 --> 00:46:18,760
So the consequences aren't just copilot answered weird.

1289
00:46:18,760 --> 00:46:21,880
The consequences are side effects, duplicates in data-verse,

1290
00:46:21,880 --> 00:46:25,280
premature notifications, silent routing to the wrong queue,

1291
00:46:25,280 --> 00:46:27,240
a connector that was authorized for convenience

1292
00:46:27,240 --> 00:46:29,520
and now acts as an escalation path,

1293
00:46:29,520 --> 00:46:32,880
an environment that got cloned and now runs the same flow

1294
00:46:32,880 --> 00:46:35,440
with different secrets, a prompt tweak

1295
00:46:35,440 --> 00:46:37,000
that changes which branch fires

1296
00:46:37,000 --> 00:46:39,480
and nobody realizes until three weeks later.

1297
00:46:39,480 --> 00:46:41,280
And because the platform makes building easy,

1298
00:46:41,280 --> 00:46:43,720
the organization will build faster than it can observe.

1299
00:46:43,720 --> 00:46:45,880
That's the entire setup for scenario two.

1300
00:46:45,880 --> 00:46:48,200
Low friction creation of agent-like behavior

1301
00:46:48,200 --> 00:46:51,200
in the one place enterprises already struggle to keep legible.

1302
00:46:51,200 --> 00:46:53,040
What follows is the real entropy signal.

1303
00:46:53,040 --> 00:46:55,680
It isn't shadow IT, it's shadow cognition.

1304
00:46:55,680 --> 00:46:57,800
Scenario two, entropy signals.

1305
00:46:57,800 --> 00:47:00,120
From shadow IT to shadow cognition,

1306
00:47:00,120 --> 00:47:02,280
shadow IT was annoying, but it was visible.

1307
00:47:02,280 --> 00:47:04,120
Someone spun up an unsanctioned app.

1308
00:47:04,120 --> 00:47:05,640
Someone moved files into Dropbox,

1309
00:47:05,640 --> 00:47:07,680
someone paid for a tool with a credit card,

1310
00:47:07,680 --> 00:47:10,120
you could discover it, block it, or at least name it.

1311
00:47:10,120 --> 00:47:13,120
Shadow cognition is worse because it doesn't look like a thing.

1312
00:47:13,120 --> 00:47:14,720
It looks like a reasonable workflow

1313
00:47:14,720 --> 00:47:16,360
that happens to contain decision logic

1314
00:47:16,360 --> 00:47:18,680
nobody can fully see, version, or test.

1315
00:47:18,680 --> 00:47:21,640
The first entropy signal is where the logic actually lives.

1316
00:47:21,640 --> 00:47:23,400
In Power Platform agent scenarios,

1317
00:47:23,400 --> 00:47:26,040
the business logic is no longer just in a flow definition

1318
00:47:26,040 --> 00:47:27,640
you can export and review.

1319
00:47:27,640 --> 00:47:29,360
It's split across four layers.

1320
00:47:29,360 --> 00:47:32,440
Natural language instructions, connector configuration,

1321
00:47:32,440 --> 00:47:34,520
data shape and branching behavior.

1322
00:47:34,520 --> 00:47:37,680
The instructions in Copilot Studio become the decision policy,

1323
00:47:37,680 --> 00:47:39,560
the connector becomes the authority boundary,

1324
00:47:39,560 --> 00:47:41,520
data verse becomes the memory and state

1325
00:47:41,520 --> 00:47:43,680
and the flow becomes the execution engine

1326
00:47:43,680 --> 00:47:45,640
that turns a judgment into side effects.

1327
00:47:45,640 --> 00:47:48,520
That fragmentation matters because you can't review the agent

1328
00:47:48,520 --> 00:47:49,880
as a single artifact anymore.

1329
00:47:49,880 --> 00:47:52,360
You can review a flow, you can review a DLP policy,

1330
00:47:52,360 --> 00:47:53,520
you can review a connector.

1331
00:47:53,520 --> 00:47:54,960
But the behavior is the composite

1332
00:47:54,960 --> 00:47:57,640
and composites are where audit narratives go to die.

1333
00:47:57,640 --> 00:47:59,360
The second signal is drift vectors

1334
00:47:59,360 --> 00:48:02,720
that have nothing to do with someone changing the process.

1335
00:48:02,720 --> 00:48:05,480
Connector auth changes, someone reauthenticates

1336
00:48:05,480 --> 00:48:08,160
with a different account because the original owner left

1337
00:48:08,160 --> 00:48:09,760
a token scope changes.

1338
00:48:09,760 --> 00:48:11,800
A conditional access rule gets tightened.

1339
00:48:11,800 --> 00:48:14,440
A premium connector gets swapped for a non-premium one

1340
00:48:14,440 --> 00:48:16,160
to avoid licensing friction.

1341
00:48:16,160 --> 00:48:18,880
Suddenly, the same agent takes a different path.

1342
00:48:18,880 --> 00:48:20,280
Not because logic changed,

1343
00:48:20,280 --> 00:48:22,520
but because reachable capabilities changed.

1344
00:48:22,520 --> 00:48:24,840
Environment moves are another drift vector.

1345
00:48:24,840 --> 00:48:27,800
Make us clone environments, copy solutions, migrate flows

1346
00:48:27,800 --> 00:48:30,560
and bring along just enough configuration to make it run.

1347
00:48:30,560 --> 00:48:32,160
The flow still says production,

1348
00:48:32,160 --> 00:48:35,520
but the secrets, endpoints or connection references aren't the same.

1349
00:48:35,520 --> 00:48:38,400
So behavior diverges while the artifact looks identical.

1350
00:48:38,400 --> 00:48:40,120
Schema drift is the quiet killer.

1351
00:48:40,120 --> 00:48:41,240
A column gets renamed.

1352
00:48:41,240 --> 00:48:42,200
A choice value changes.

1353
00:48:42,200 --> 00:48:43,400
A table gets extended.

1354
00:48:43,400 --> 00:48:44,800
A view gets filtered differently.

1355
00:48:44,800 --> 00:48:47,560
The agent still works, but it now grounds decisions

1356
00:48:47,560 --> 00:48:49,440
on slightly different data.

1357
00:48:49,440 --> 00:48:51,480
And because the decision layer is probabilistic,

1358
00:48:51,480 --> 00:48:52,680
you don't get a clean error.

1359
00:48:52,680 --> 00:48:54,280
You get subtly wrong outcomes

1360
00:48:54,280 --> 00:48:57,240
that only show up weeks later as operational friction.

1361
00:48:57,240 --> 00:48:58,800
And then there's prompt drift,

1362
00:48:58,800 --> 00:49:01,280
which is basically configuration drift with better PR.

1363
00:49:01,280 --> 00:49:05,200
A maker tweaks instructions because the agent fell to verbose.

1364
00:49:05,200 --> 00:49:06,720
Someone adds a guardrail sentence,

1365
00:49:06,720 --> 00:49:09,480
someone copies the agent and customizes it for their team.

1366
00:49:09,480 --> 00:49:11,840
Now the organization has multiple cognitive variants

1367
00:49:11,840 --> 00:49:15,080
of the same workflow, same name, same intent, different reasoning.

1368
00:49:15,080 --> 00:49:16,080
You have forked brains.

1369
00:49:16,080 --> 00:49:17,680
The third signal is the audit gap.

1370
00:49:17,680 --> 00:49:19,800
Most organizations can see that a flow ran.

1371
00:49:19,800 --> 00:49:21,240
They can see inputs and outputs.

1372
00:49:21,240 --> 00:49:23,040
They can see which connector call happened.

1373
00:49:23,040 --> 00:49:26,360
That sounds sufficient until the incident question becomes,

1374
00:49:26,360 --> 00:49:28,000
why did it choose that branch?

1375
00:49:28,000 --> 00:49:30,160
Why did it mark this request as urgent?

1376
00:49:30,160 --> 00:49:31,480
Why did it notify that group?

1377
00:49:31,480 --> 00:49:34,080
Why did it open a ticket instead of asking for clarification?

1378
00:49:34,080 --> 00:49:36,040
Why did it write to data verse before approval?

1379
00:49:36,040 --> 00:49:37,720
The flow log can show what happened.

1380
00:49:37,720 --> 00:49:40,480
It cannot show the internal decision path that produced,

1381
00:49:40,480 --> 00:49:42,600
therefore, due X because that decision path

1382
00:49:42,600 --> 00:49:44,320
is embedded in a probabilistic layer

1383
00:49:44,320 --> 00:49:46,840
with context selection and instruction interpretation.

1384
00:49:46,840 --> 00:49:48,680
So you can prove that the system executed.

1385
00:49:48,680 --> 00:49:50,600
You can't prove why it executed that way.

1386
00:49:50,600 --> 00:49:51,800
That's shadow cognition.

1387
00:49:51,800 --> 00:49:53,920
Decision making that affects systems of record

1388
00:49:53,920 --> 00:49:55,840
but can't be reconstructed in human terms

1389
00:49:55,840 --> 00:49:57,200
fast enough to be safe.

1390
00:49:57,200 --> 00:49:59,360
The fourth signal is behavioral side effects

1391
00:49:59,360 --> 00:50:01,440
that look like data quality issues,

1392
00:50:01,440 --> 00:50:03,360
but are actually decision pathway issues.

1393
00:50:03,360 --> 00:50:05,200
Duplicate records are the classic one.

1394
00:50:05,200 --> 00:50:07,120
The agent interprets two similar emails

1395
00:50:07,120 --> 00:50:10,200
as two distinct requests triggers the same flow twice,

1396
00:50:10,200 --> 00:50:13,840
creates two cases, and now humans spend hours reconciling.

1397
00:50:13,840 --> 00:50:15,440
Primature notifications are another.

1398
00:50:15,440 --> 00:50:17,440
The agent decides it has enough context

1399
00:50:17,440 --> 00:50:19,520
to alert stakeholders, but it's wrong.

1400
00:50:19,520 --> 00:50:22,040
And now the organization burns credibility.

1401
00:50:22,040 --> 00:50:25,120
Silent permission escalation is the most uncomfortable.

1402
00:50:25,120 --> 00:50:27,640
Delegated connectors run under a service identity

1403
00:50:27,640 --> 00:50:30,520
that has broader reach than the initiating user understands,

1404
00:50:30,520 --> 00:50:33,000
so the agent can move data or trigger actions

1405
00:50:33,000 --> 00:50:34,640
that feel like privilege creep,

1406
00:50:34,640 --> 00:50:36,920
even if nothing malicious happened.

1407
00:50:36,920 --> 00:50:39,320
The fifth signal is MTT spiking into permanence.

1408
00:50:39,320 --> 00:50:42,240
Debugging stops being engineering and becomes archaeology.

1409
00:50:42,240 --> 00:50:43,560
You're not tracing one system.

1410
00:50:43,560 --> 00:50:45,400
You're correlating copilot studio instructions,

1411
00:50:45,400 --> 00:50:47,360
flow history, connector, or context,

1412
00:50:47,360 --> 00:50:50,240
environment configuration, dataverse state,

1413
00:50:50,240 --> 00:50:52,400
and whatever prompt changes someone made last month

1414
00:50:52,400 --> 00:50:54,640
because it worked better.

1415
00:50:54,640 --> 00:50:56,800
You ask who owns it and you get three names.

1416
00:50:56,800 --> 00:50:59,200
You ask who can change it and you get six.

1417
00:50:59,200 --> 00:51:01,920
You ask what version is running and you get silence.

1418
00:51:01,920 --> 00:51:04,280
And then the most predictable outcome happens.

1419
00:51:04,280 --> 00:51:05,320
The business doesn't stop.

1420
00:51:05,320 --> 00:51:06,720
They can't, so they patch again.

1421
00:51:06,720 --> 00:51:10,680
Another flow, another exception, another connector, another tweak.

1422
00:51:10,680 --> 00:51:11,880
That's the loop.

1423
00:51:11,880 --> 00:51:13,800
Shadow it created unapproved tools.

1424
00:51:13,800 --> 00:51:16,000
Shadow cognition creates unowned decisions.

1425
00:51:16,000 --> 00:51:18,720
And once unowned decisions can execute side effects,

1426
00:51:18,720 --> 00:51:20,640
you're no longer scaling productivity,

1427
00:51:20,640 --> 00:51:22,400
you're scaling ambiguity.

1428
00:51:22,400 --> 00:51:24,000
Scenario three, set up.

1429
00:51:24,000 --> 00:51:26,840
As your AI orchestration without a control plane,

1430
00:51:26,840 --> 00:51:28,280
shadow cognition is what happens

1431
00:51:28,280 --> 00:51:30,640
when makers distribute decision logic faster

1432
00:51:30,640 --> 00:51:32,080
than anyone can see it.

1433
00:51:32,080 --> 00:51:33,320
Scenario three is what happens

1434
00:51:33,320 --> 00:51:34,560
when engineers do the same thing

1435
00:51:34,560 --> 00:51:36,800
but with better tooling and higher blast radius.

1436
00:51:36,800 --> 00:51:38,840
This is where Azure shows up in the story

1437
00:51:38,840 --> 00:51:40,800
and the comforting myth returns.

1438
00:51:40,800 --> 00:51:42,880
At least the Pro Code teams will do it properly.

1439
00:51:42,880 --> 00:51:44,600
They won't. They'll do it efficiently.

1440
00:51:44,600 --> 00:51:45,640
They'll do it under pressure.

1441
00:51:45,640 --> 00:51:46,960
They'll do it in fragments.

1442
00:51:46,960 --> 00:51:49,560
And then they'll move on to the next backlog item

1443
00:51:49,560 --> 00:51:52,400
while the fragments stay behind as permanent infrastructure

1444
00:51:52,400 --> 00:51:54,880
because Azure AI orchestration isn't one product.

1445
00:51:54,880 --> 00:51:57,840
It's an assembly line, a model endpoint, a tool layer,

1446
00:51:57,840 --> 00:52:01,040
some retrieval, a queue, a worker, a database for state,

1447
00:52:01,040 --> 00:52:03,080
a memory store, a set of retries,

1448
00:52:03,080 --> 00:52:05,800
some temporary glue to connect a system of record,

1449
00:52:05,800 --> 00:52:08,400
a dashboard maybe, a tracing setup hopefully.

1450
00:52:08,400 --> 00:52:10,480
And a dozen small decisions about identity,

1451
00:52:10,480 --> 00:52:12,200
secrets, networking and logging

1452
00:52:12,200 --> 00:52:14,560
that determine whether this thing is an engineered system

1453
00:52:14,560 --> 00:52:16,840
or a probabilistic pile of side effects.

1454
00:52:16,840 --> 00:52:19,600
Most organizations start Scenario three the same way.

1455
00:52:19,600 --> 00:52:21,360
A team gets asked to build an agent

1456
00:52:21,360 --> 00:52:24,040
that does something real, not summarize documents,

1457
00:52:24,040 --> 00:52:27,440
something with consequences, create tickets, update records,

1458
00:52:27,440 --> 00:52:29,280
trigger approvals, triage incidents,

1459
00:52:29,280 --> 00:52:31,920
draft customer responses and push them into a CRM.

1460
00:52:31,920 --> 00:52:33,480
The exact use case doesn't matter.

1461
00:52:33,480 --> 00:52:34,360
The pattern does.

1462
00:52:34,360 --> 00:52:37,480
It starts as an experiment because everything starts as an experiment.

1463
00:52:37,480 --> 00:52:40,040
So they spin up an Azure open AI deployment

1464
00:52:40,040 --> 00:52:43,080
or use Foundry or whatever their internal standard is this quarter.

1465
00:52:43,080 --> 00:52:44,080
They add a little rag.

1466
00:52:44,080 --> 00:52:45,360
They wire up a few tools.

1467
00:52:45,360 --> 00:52:47,000
They test it with happy path prompts.

1468
00:52:47,000 --> 00:52:48,280
It looks good in a demo.

1469
00:52:48,280 --> 00:52:50,880
Leadership sees the demo and thinks the hard part is done.

1470
00:52:50,880 --> 00:52:53,560
The hard part hasn't started because the system that demo as well

1471
00:52:53,560 --> 00:52:56,520
is almost never the system that survives production reality.

1472
00:52:56,520 --> 00:52:58,720
Partial failures, inconsistent inputs,

1473
00:52:58,720 --> 00:53:02,200
permission edges, rate limits, downstream API quirks,

1474
00:53:02,200 --> 00:53:04,600
and the simple fact that human workflows are messy

1475
00:53:04,600 --> 00:53:06,640
and rarely match the data model.

1476
00:53:06,640 --> 00:53:08,320
So the team adds orchestration,

1477
00:53:08,320 --> 00:53:09,840
not because they love architecture,

1478
00:53:09,840 --> 00:53:13,040
because they need the agent to do multiple steps reliably.

1479
00:53:13,040 --> 00:53:15,040
And this is where the entropy begins.

1480
00:53:15,040 --> 00:53:17,600
Each project invents orchestration from scratch.

1481
00:53:17,600 --> 00:53:19,720
One team builds a state machine in code.

1482
00:53:19,720 --> 00:53:21,240
Another uses durable functions.

1483
00:53:21,240 --> 00:53:24,880
Another uses logic apps for steps and a custom worker for reasoning.

1484
00:53:24,880 --> 00:53:27,960
Another uses cues and retries and calls it event driven.

1485
00:53:27,960 --> 00:53:31,640
Another uses a framework and assumes the framework is the architecture.

1486
00:53:31,640 --> 00:53:34,840
Another uses a notebook that becomes a scheduled job

1487
00:53:34,840 --> 00:53:36,440
that becomes a production dependency,

1488
00:53:36,440 --> 00:53:38,200
because nobody had time to rewrite it.

1489
00:53:38,200 --> 00:53:41,240
Same outcome, bespoke state, bespoke memory, bespoke logging.

1490
00:53:41,240 --> 00:53:43,480
It's not malicious, it's normal.

1491
00:53:43,480 --> 00:53:45,640
And because every team has slightly different skills

1492
00:53:45,640 --> 00:53:47,000
and slightly different constraints,

1493
00:53:47,000 --> 00:53:48,680
they pick different building blocks,

1494
00:53:48,680 --> 00:53:51,720
different storage, different telemetry, different auth strategies,

1495
00:53:51,720 --> 00:53:53,400
different ways to do tool calling,

1496
00:53:53,400 --> 00:53:55,160
different ways to handle human in the loop,

1497
00:53:55,160 --> 00:53:56,760
different ways to package prompts,

1498
00:53:56,760 --> 00:53:58,520
different ways to version anything at all.

1499
00:53:58,520 --> 00:54:01,160
So the enterprise doesn't get an agent platform.

1500
00:54:01,160 --> 00:54:04,200
It gets multiple orchestration dialects that can't explain each other.

1501
00:54:04,200 --> 00:54:07,240
This is the part nobody says out loud in architecture reviews.

1502
00:54:07,240 --> 00:54:10,040
Orchestration logic becomes the new integration layer.

1503
00:54:10,040 --> 00:54:13,800
And integration layers are where enterprises accumulate their worst legacy.

1504
00:54:13,800 --> 00:54:15,480
Not because the code is old,

1505
00:54:15,480 --> 00:54:18,120
because the dependency density becomes untouchable.

1506
00:54:18,120 --> 00:54:20,120
Then the second predictable thing happens.

1507
00:54:20,120 --> 00:54:21,480
Prototype gravity.

1508
00:54:21,480 --> 00:54:24,120
A proof of concept gets used just for a pilot.

1509
00:54:24,120 --> 00:54:26,680
Then the pilot gets used just for this one team.

1510
00:54:26,680 --> 00:54:29,160
Then the team depends on it for a quarterly process,

1511
00:54:29,160 --> 00:54:30,760
then monthly, then daily.

1512
00:54:30,760 --> 00:54:33,160
And now the agent is part of the operating model.

1513
00:54:33,160 --> 00:54:35,320
But it still runs on POC assumptions.

1514
00:54:35,320 --> 00:54:38,440
Week versioning informal ownership, missing kill switches,

1515
00:54:38,440 --> 00:54:39,640
inconsistent tracing,

1516
00:54:39,640 --> 00:54:41,480
and an identity model that looks fine

1517
00:54:41,480 --> 00:54:43,800
until it has to touch a system of record at scale.

1518
00:54:43,800 --> 00:54:46,200
At this point, the architecture diagram

1519
00:54:46,200 --> 00:54:47,720
stops representing reality.

1520
00:54:47,720 --> 00:54:49,880
Because the diagram shows components and arrows,

1521
00:54:49,880 --> 00:54:52,120
the runtime is decisions and side effects.

1522
00:54:52,120 --> 00:54:54,360
And when a probabilistic system executes,

1523
00:54:54,360 --> 00:54:57,240
the most important details are the ones diagrams don't capture,

1524
00:54:57,240 --> 00:54:58,600
which tool was selected,

1525
00:54:58,600 --> 00:55:00,200
what context was retrieved,

1526
00:55:00,200 --> 00:55:01,560
which retries happened,

1527
00:55:01,560 --> 00:55:03,160
what partial execution occurred,

1528
00:55:03,160 --> 00:55:04,680
which compensations ran,

1529
00:55:04,680 --> 00:55:07,240
and what authority the agent carried when it acted.

1530
00:55:07,240 --> 00:55:08,680
Without a control plane,

1531
00:55:08,680 --> 00:55:10,600
none of that is consistently captured.

1532
00:55:10,600 --> 00:55:12,440
So every incident becomes bespoke,

1533
00:55:12,440 --> 00:55:14,120
every post-mortem becomes a debate

1534
00:55:14,120 --> 00:55:16,040
about whether the agent did something wrong

1535
00:55:16,040 --> 00:55:18,600
or whether the downstream system behaved strangely

1536
00:55:18,600 --> 00:55:20,440
or whether the input was ambiguous

1537
00:55:20,440 --> 00:55:23,000
or whether the model update changed behavior.

1538
00:55:23,000 --> 00:55:24,200
All of those can be true.

1539
00:55:24,200 --> 00:55:24,840
That's the point.

1540
00:55:24,840 --> 00:55:28,120
In scenario three, as your doesn't just amplify the agent problem,

1541
00:55:28,120 --> 00:55:29,640
it industrializes it.

1542
00:55:29,640 --> 00:55:32,200
Because now the organization can build agents

1543
00:55:32,200 --> 00:55:35,240
that run continuously at scale across many systems

1544
00:55:35,240 --> 00:55:37,320
with autonomous retries and delegation chains

1545
00:55:37,320 --> 00:55:41,400
and tool catalogs that evolve faster than any centralized document can track.

1546
00:55:41,400 --> 00:55:42,760
And if there's no control plane,

1547
00:55:42,760 --> 00:55:45,480
no enforced identity, no consistent telemetry,

1548
00:55:45,480 --> 00:55:46,760
no life cycle ownership,

1549
00:55:46,760 --> 00:55:49,000
no single place where tool authorization

1550
00:55:49,000 --> 00:55:51,000
and version responsibility are anchored,

1551
00:55:51,000 --> 00:55:52,520
you don't have an agent estate.

1552
00:55:52,520 --> 00:55:54,600
You have a fleet of unsupervised workflows

1553
00:55:54,600 --> 00:55:56,200
pretending to be software.

1554
00:55:56,200 --> 00:55:57,960
Next comes the uncomfortable part.

1555
00:55:57,960 --> 00:56:00,040
When orchestration becomes the new legacy,

1556
00:56:00,040 --> 00:56:01,720
it fails in a very specific way.

1557
00:56:01,720 --> 00:56:04,120
It doesn't crash, it leaves side effects.

1558
00:56:04,120 --> 00:56:05,960
Scenario three entropy signals.

1559
00:56:05,960 --> 00:56:08,280
Orchestration logic becomes the new legacy.

1560
00:56:08,280 --> 00:56:10,200
The entropy signals in Azure orchestration

1561
00:56:10,200 --> 00:56:11,720
don't show up as AI problems,

1562
00:56:11,720 --> 00:56:13,320
then they show up as software problems

1563
00:56:13,320 --> 00:56:15,000
that don't behave like software anymore.

1564
00:56:15,000 --> 00:56:16,600
The first signal is that orchestration

1565
00:56:16,600 --> 00:56:17,960
becomes the hidden monolith,

1566
00:56:17,960 --> 00:56:19,560
not because the code base is huge,

1567
00:56:19,560 --> 00:56:22,760
because the dependency density is one agent now depends on,

1568
00:56:22,760 --> 00:56:25,880
model deployments, prompt variants,

1569
00:56:25,880 --> 00:56:28,040
tool schemers, secrets,

1570
00:56:28,040 --> 00:56:30,920
queues, state stores, retrieval indexes,

1571
00:56:30,920 --> 00:56:32,520
downstream APIs,

1572
00:56:32,520 --> 00:56:36,040
and whatever retry policy someone chose at 2AM during the pilot.

1573
00:56:36,040 --> 00:56:38,280
Each dependency is reasonable on its own.

1574
00:56:38,280 --> 00:56:40,920
Together, they form a system no one can safely change

1575
00:56:40,920 --> 00:56:42,760
without breaking something they can't see.

1576
00:56:42,760 --> 00:56:44,920
So the system keeps running and it keeps a greeting.

1577
00:56:46,120 --> 00:56:48,120
That's how legacy is born in the cloud,

1578
00:56:48,120 --> 00:56:51,320
not by age, but by accumulated reluctance to touch it.

1579
00:56:51,320 --> 00:56:54,360
The second signal is the partial execution failure mode.

1580
00:56:54,360 --> 00:56:56,600
Deterministic workflows usually fail cleanly.

1581
00:56:56,600 --> 00:56:58,600
The transaction rolls back, the drop errors out,

1582
00:56:58,600 --> 00:57:01,080
the process stops, you get a single failure point.

1583
00:57:01,080 --> 00:57:01,960
You know where to look.

1584
00:57:01,960 --> 00:57:05,240
Agent orchestration fails like a distributed set of side effects.

1585
00:57:05,240 --> 00:57:06,920
A tool called succeeds,

1586
00:57:06,920 --> 00:57:08,520
the next one times out,

1587
00:57:08,520 --> 00:57:09,640
retries fire,

1588
00:57:09,640 --> 00:57:11,320
compensations don't,

1589
00:57:11,320 --> 00:57:13,160
and now the system has done some of the work

1590
00:57:13,160 --> 00:57:15,640
with no coherent boundary around what's complete.

1591
00:57:15,640 --> 00:57:17,400
It created a ticket but didn't notify.

1592
00:57:17,400 --> 00:57:19,480
It sent the email but didn't update the record.

1593
00:57:19,480 --> 00:57:22,040
It updated the record twice because the retry logic

1594
00:57:22,040 --> 00:57:23,720
didn't understand the importance.

1595
00:57:23,720 --> 00:57:24,680
Nothing is down,

1596
00:57:24,680 --> 00:57:26,120
but the business state is wrong,

1597
00:57:26,120 --> 00:57:28,520
and because it's wrong in small ways, it doesn't trip alarms.

1598
00:57:28,520 --> 00:57:29,720
It trips humans.

1599
00:57:29,720 --> 00:57:31,640
That's where MTE gets paid again,

1600
00:57:31,640 --> 00:57:33,160
not explaining an outage,

1601
00:57:33,160 --> 00:57:35,000
explaining a trail of half-actions.

1602
00:57:35,000 --> 00:57:37,640
The third signal is that retries become policy decisions.

1603
00:57:37,640 --> 00:57:38,680
In classic systems,

1604
00:57:38,680 --> 00:57:40,360
retry logic is mostly technical,

1605
00:57:40,360 --> 00:57:41,480
exponential back-off,

1606
00:57:41,480 --> 00:57:43,480
circuit breakers, dead-letter cues.

1607
00:57:43,480 --> 00:57:44,920
Boring, fine.

1608
00:57:44,920 --> 00:57:46,040
In orchestration systems,

1609
00:57:46,040 --> 00:57:47,720
retries become behavioral governance,

1610
00:57:47,720 --> 00:57:48,920
whether you admit it or not.

1611
00:57:48,920 --> 00:57:50,760
Do you retry an action that sends an email?

1612
00:57:50,760 --> 00:57:52,520
Do you retry something that creates a record?

1613
00:57:52,520 --> 00:57:54,520
Do you retry something that triggers a payment

1614
00:57:54,520 --> 00:57:56,840
or changes a permission or posts into a channel

1615
00:57:56,840 --> 00:57:57,640
that people act on?

1616
00:57:57,640 --> 00:57:59,960
Every retry risks duplicating a side effect.

1617
00:57:59,960 --> 00:58:03,720
Every, don't retry risks abandoning a workflow mid-flight.

1618
00:58:03,720 --> 00:58:06,120
So engineers end up encoding business policy

1619
00:58:06,120 --> 00:58:07,240
into technical defaults

1620
00:58:07,240 --> 00:58:08,600
because there is no separate layer

1621
00:58:08,600 --> 00:58:10,040
where those decisions live.

1622
00:58:10,040 --> 00:58:11,800
That's entropy when policy migrates

1623
00:58:11,800 --> 00:58:13,720
into the least-reviewed code path.

1624
00:58:13,720 --> 00:58:16,040
The fourth signal is tool-call reliability

1625
00:58:16,040 --> 00:58:17,480
turning into a lottery.

1626
00:58:17,480 --> 00:58:19,800
Every tool is available until it isn't.

1627
00:58:19,800 --> 00:58:21,880
Graph throttles.

1628
00:58:21,880 --> 00:58:22,920
API's change.

1629
00:58:22,920 --> 00:58:24,520
A connector version shifts.

1630
00:58:24,520 --> 00:58:27,320
A downstream system enforces a new validation rule.

1631
00:58:27,320 --> 00:58:29,320
A key rotates, a permission gets removed.

1632
00:58:29,320 --> 00:58:31,560
The orchestrator still plans as if the tool exists

1633
00:58:31,560 --> 00:58:33,160
because the catalog says it does.

1634
00:58:33,160 --> 00:58:35,000
But runtime reality disagrees.

1635
00:58:35,000 --> 00:58:36,360
So the system adapts.

1636
00:58:36,360 --> 00:58:38,120
And adapts is the dangerous word here

1637
00:58:38,120 --> 00:58:39,800
because adaptation without constraints

1638
00:58:39,800 --> 00:58:42,120
is just improvisation with production data.

1639
00:58:42,120 --> 00:58:44,040
One agent falls back to a different source.

1640
00:58:44,040 --> 00:58:45,960
Another changes the order of operations.

1641
00:58:45,960 --> 00:58:48,920
Another asks the user for input in one channel

1642
00:58:48,920 --> 00:58:50,680
and proceeds without input in another.

1643
00:58:50,680 --> 00:58:53,560
Over time, the behavior becomes a statistical distribution,

1644
00:58:53,560 --> 00:58:54,680
not a design flow.

1645
00:58:54,680 --> 00:58:57,080
Again, nothing is down, but outcomes drift.

1646
00:58:57,080 --> 00:59:01,000
The fifth signal is delegation chain blast radius.

1647
00:59:01,000 --> 00:59:02,520
Teams love multi-agent patterns

1648
00:59:02,520 --> 00:59:04,120
because they look clean on paper.

1649
00:59:04,120 --> 00:59:06,280
Specialize the agents, delegate the tasks,

1650
00:59:06,280 --> 00:59:08,920
keep prompt small, keep responsibilities clear.

1651
00:59:08,920 --> 00:59:11,560
In production, delegation chains

1652
00:59:11,560 --> 00:59:13,240
are how you lose accountability.

1653
00:59:13,240 --> 00:59:15,400
A parent agent delegates to a retrieval agent

1654
00:59:15,400 --> 00:59:18,280
which delegates to a data agent which calls an MCP server

1655
00:59:18,280 --> 00:59:20,040
which calls an internal API,

1656
00:59:20,040 --> 00:59:21,960
which triggers an event that wakes a worker

1657
00:59:21,960 --> 00:59:23,640
that runs another tool call.

1658
00:59:23,640 --> 00:59:26,440
At the end of that chain, a side effect lands

1659
00:59:26,440 --> 00:59:27,800
in a system of record.

1660
00:59:27,800 --> 00:59:30,440
And the only useful question is whose authority was that?

1661
00:59:30,440 --> 00:59:32,120
Most stacks can't answer it cleanly.

1662
00:59:32,120 --> 00:59:34,760
They can tell you which service principle executed the call.

1663
00:59:34,760 --> 00:59:37,400
They can't tell you which decision pathway authorized it,

1664
00:59:37,400 --> 00:59:38,920
which context justified it

1665
00:59:38,920 --> 00:59:40,600
and which human intended traces back to

1666
00:59:40,600 --> 00:59:42,280
because the chain is assembled dynamically.

1667
00:59:42,280 --> 00:59:44,520
So you end up with a system that is order table

1668
00:59:44,520 --> 00:59:46,440
in the shallow sense, logs exist,

1669
00:59:46,440 --> 00:59:48,360
but illegible in the operational sense,

1670
00:59:48,360 --> 00:59:51,160
meaning can't be reconstructed quickly enough to matter.

1671
00:59:51,160 --> 00:59:53,560
The sixth signal is telemetry that exists

1672
00:59:53,560 --> 00:59:55,400
but doesn't compile into explanation.

1673
00:59:55,400 --> 00:59:57,560
Teams will instrument, they'll add open telemetry,

1674
00:59:57,560 --> 00:59:59,320
they'll capture traces, they'll log prompts,

1675
00:59:59,320 --> 01:00:01,320
they'll store outputs, they'll have dashboards.

1676
01:00:01,320 --> 01:00:03,480
And still, in the incident,

1677
01:00:03,480 --> 01:00:05,560
someone asks the question that matters.

1678
01:00:05,560 --> 01:00:08,040
Why did it choose that tool in that order

1679
01:00:08,040 --> 01:00:10,200
with that authority given that context?

1680
01:00:10,200 --> 01:00:13,080
And the traces don't answer it because tracing tells you what happened.

1681
01:00:13,080 --> 01:00:15,880
It doesn't tell you what the system believed when it happened.

1682
01:00:15,880 --> 01:00:18,280
Or what it ignored, or what it couldn't see.

1683
01:00:18,280 --> 01:00:21,400
Or which version of the reasoning instructions it was operating under.

1684
01:00:21,400 --> 01:00:24,040
That's the real entropy signal in scenario three.

1685
01:00:24,040 --> 01:00:26,200
Orchestration logic becomes the new legacy

1686
01:00:26,200 --> 01:00:29,080
because it accumulates decisions faster than your organization

1687
01:00:29,080 --> 01:00:30,120
can keep them legible.

1688
01:00:30,120 --> 01:00:31,560
It doesn't crash, it corrods.

1689
01:00:31,560 --> 01:00:33,960
And once it corrods, the enterprise does what it always does.

1690
01:00:33,960 --> 01:00:35,080
It blames the platform.

1691
01:00:35,080 --> 01:00:37,400
But the platform did exactly what it was designed to do.

1692
01:00:37,400 --> 01:00:39,080
It executed the reveal.

1693
01:00:39,080 --> 01:00:42,440
Entropy is an operating model failure, not a platform failure.

1694
01:00:42,440 --> 01:00:43,960
Here's what always happens next.

1695
01:00:43,960 --> 01:00:45,560
The organization blames the platform.

1696
01:00:45,560 --> 01:00:47,400
Copilot is unreliable.

1697
01:00:47,400 --> 01:00:49,560
Power platform is the wild west.

1698
01:00:49,560 --> 01:00:51,160
Azure is too flexible.

1699
01:00:51,160 --> 01:00:53,240
MCP is another thing to govern.

1700
01:00:53,240 --> 01:00:55,160
Foundry is moving too fast.

1701
01:00:55,160 --> 01:00:56,520
The vendor narrative is tempting

1702
01:00:56,520 --> 01:00:58,840
because it gives leadership a clean scapegoat.

1703
01:00:58,840 --> 01:01:00,520
The tooling created the chaos.

1704
01:01:00,520 --> 01:01:02,360
Therefore, better tooling will remove it.

1705
01:01:02,360 --> 01:01:03,480
It won't.

1706
01:01:03,480 --> 01:01:05,480
Because the platform didn't create the entropy,

1707
01:01:05,480 --> 01:01:06,440
the organization did,

1708
01:01:06,440 --> 01:01:09,480
by deploying probabilistic execution into an operating model

1709
01:01:09,480 --> 01:01:11,080
designed for deterministic systems.

1710
01:01:11,080 --> 01:01:12,760
That distinction matters.

1711
01:01:12,760 --> 01:01:14,920
Microsoft platforms behave predictably,

1712
01:01:14,920 --> 01:01:16,840
not in the nothing changes sense.

1713
01:01:16,840 --> 01:01:17,880
In the system sense.

1714
01:01:17,880 --> 01:01:19,720
They do exactly what they are designed to do.

1715
01:01:19,720 --> 01:01:21,960
They expose capability, they reduce friction,

1716
01:01:21,960 --> 01:01:23,240
they enable delegation,

1717
01:01:23,240 --> 01:01:25,400
they let teams compose solutions locally

1718
01:01:25,400 --> 01:01:27,800
and they keep running even when no one is watching.

1719
01:01:27,800 --> 01:01:28,600
That isn't the flaw.

1720
01:01:28,600 --> 01:01:29,400
That's the product.

1721
01:01:29,400 --> 01:01:31,960
The failure is that enterprises

1722
01:01:31,960 --> 01:01:34,920
keep treating agent systems like feature rollouts

1723
01:01:34,920 --> 01:01:36,920
when they are actually operating model changes.

1724
01:01:36,920 --> 01:01:38,760
A new execution layer doesn't fit inside

1725
01:01:38,760 --> 01:01:40,120
the older accountability model.

1726
01:01:40,120 --> 01:01:40,840
It breaks it.

1727
01:01:40,840 --> 01:01:41,960
In deterministic SaaS,

1728
01:01:41,960 --> 01:01:43,720
responsibility is easy to assign.

1729
01:01:43,720 --> 01:01:45,240
IT owns the service configuration,

1730
01:01:45,240 --> 01:01:46,520
security owns policy,

1731
01:01:46,520 --> 01:01:47,720
the business owns process,

1732
01:01:47,720 --> 01:01:49,240
support owns incidents,

1733
01:01:49,240 --> 01:01:50,600
vendors own uptime.

1734
01:01:50,600 --> 01:01:52,520
And most of the time, that mapping works.

1735
01:01:52,520 --> 01:01:53,880
Because execution is bounded.

1736
01:01:53,880 --> 01:01:55,240
Users click systems run,

1737
01:01:55,240 --> 01:01:56,600
logs tell a coherent story.

1738
01:01:56,600 --> 01:01:57,400
In post-SaaS,

1739
01:01:57,400 --> 01:01:59,480
execution is not bounded by the UI.

1740
01:01:59,480 --> 01:02:01,720
Execution is bounded by whatever tools are reachable,

1741
01:02:01,720 --> 01:02:03,320
whatever context is selectable,

1742
01:02:03,320 --> 01:02:06,200
and whatever authority the agent can present when it acts.

1743
01:02:06,200 --> 01:02:07,560
Those are not settings.

1744
01:02:07,560 --> 01:02:08,840
They are decision rights.

1745
01:02:08,840 --> 01:02:11,800
And most enterprises have never explicitly designed decision rights

1746
01:02:11,800 --> 01:02:13,160
for non-human actors.

1747
01:02:13,160 --> 01:02:15,080
So you get the predictable failure mode.

1748
01:02:15,080 --> 01:02:17,320
Everyone owns a slice, nobody owns the behavior.

1749
01:02:17,320 --> 01:02:18,440
The business unit says,

1750
01:02:18,440 --> 01:02:19,400
we own the outcome.

1751
01:02:19,400 --> 01:02:21,240
As I'd says, we own the platform.

1752
01:02:21,240 --> 01:02:23,000
Security says, we set the policies.

1753
01:02:23,000 --> 01:02:24,760
That you make us say, we build the flow.

1754
01:02:24,760 --> 01:02:26,760
Developers say, we ship the API.

1755
01:02:26,760 --> 01:02:28,600
And the agent sits across all of them,

1756
01:02:28,600 --> 01:02:30,920
making runtime choices that no single team

1757
01:02:30,920 --> 01:02:32,760
is accountable for explaining end-to-end.

1758
01:02:32,760 --> 01:02:33,880
That's not a tooling gap.

1759
01:02:33,880 --> 01:02:35,960
That's an operating model with a missing role.

1760
01:02:35,960 --> 01:02:38,520
Someone has to own behavior, not just resources.

1761
01:02:38,520 --> 01:02:41,240
Now, mostly this respond with the word governance.

1762
01:02:41,240 --> 01:02:43,560
And then they do the thing enterprises always do

1763
01:02:43,560 --> 01:02:45,160
when reality gets messy.

1764
01:02:45,160 --> 01:02:46,520
They schedule meetings.

1765
01:02:46,520 --> 01:02:49,720
Committees, review boards, intake forms, approval workflows,

1766
01:02:49,720 --> 01:02:51,640
centers of excellence, quarterly check-ins,

1767
01:02:51,640 --> 01:02:54,360
a big spreadsheet where someone tries to list every agent,

1768
01:02:54,360 --> 01:02:55,800
every flow, every connector,

1769
01:02:55,800 --> 01:02:58,760
every prompt library, every plug-in, every experiment.

1770
01:02:58,760 --> 01:03:00,680
That approach fails for a simple reason.

1771
01:03:00,680 --> 01:03:02,200
Decisions happen at runtime.

1772
01:03:02,200 --> 01:03:06,120
A meeting cannot govern a decision the system already executed.

1773
01:03:06,120 --> 01:03:08,600
A policy doc cannot constrain a tool call the agent

1774
01:03:08,600 --> 01:03:09,800
can still reach.

1775
01:03:09,800 --> 01:03:11,960
A review board cannot keep up with prompt drift

1776
01:03:11,960 --> 01:03:14,120
that spreads in a team's chat in an afternoon.

1777
01:03:14,120 --> 01:03:15,160
So the reveal is blunt.

1778
01:03:15,160 --> 01:03:17,240
The organization thinks it has a governance problem.

1779
01:03:17,240 --> 01:03:19,160
It actually has a contract problem.

1780
01:03:19,160 --> 01:03:21,240
Agentex systems need explicit contracts.

1781
01:03:21,240 --> 01:03:22,840
What the agent is allowed to decide,

1782
01:03:22,840 --> 01:03:24,440
what it is not allowed to decide,

1783
01:03:24,440 --> 01:03:25,640
what tools it can call,

1784
01:03:25,640 --> 01:03:26,920
what data it can ground on,

1785
01:03:26,920 --> 01:03:28,520
what identity it must use,

1786
01:03:28,520 --> 01:03:29,960
what telemetry it must emit,

1787
01:03:29,960 --> 01:03:32,360
and what constitutes a recoverable failure

1788
01:03:32,360 --> 01:03:34,680
versus a business impacting side effect.

1789
01:03:34,680 --> 01:03:37,320
Without those contracts, you don't have AI adoption.

1790
01:03:37,320 --> 01:03:39,000
You have conditional chaos.

1791
01:03:39,000 --> 01:03:40,760
And the most uncomfortable part is this.

1792
01:03:40,760 --> 01:03:42,440
The platform can't solve that for you

1793
01:03:42,440 --> 01:03:44,040
because it's not a product decision.

1794
01:03:44,040 --> 01:03:45,320
It's an organizational decision.

1795
01:03:45,320 --> 01:03:47,400
It's the definition of intent enforced by design.

1796
01:03:47,400 --> 01:03:49,880
The platform will happily give you more capability.

1797
01:03:49,880 --> 01:03:51,640
More connectors, more models,

1798
01:03:51,640 --> 01:03:52,920
more orchestration patterns,

1799
01:03:52,920 --> 01:03:54,200
more automation surfaces,

1800
01:03:54,200 --> 01:03:55,240
that's not the problem.

1801
01:03:55,240 --> 01:03:57,560
The problem is that your scaling execution

1802
01:03:57,560 --> 01:04:00,440
without scaling accountability for decision pathways,

1803
01:04:00,440 --> 01:04:02,760
you're giving the enterprises second workforce.

1804
01:04:02,760 --> 01:04:04,280
An agent workforce,

1805
01:04:04,280 --> 01:04:07,320
without redefining how work gets authorized,

1806
01:04:07,320 --> 01:04:08,680
observed, and retired.

1807
01:04:08,680 --> 01:04:09,800
So when leaders ask,

1808
01:04:09,800 --> 01:04:11,400
why is entropy increasing?

1809
01:04:11,400 --> 01:04:12,280
The answer is simple,

1810
01:04:12,280 --> 01:04:14,760
because you tried to run probabilistic systems

1811
01:04:14,760 --> 01:04:16,920
with a deterministic operating model.

1812
01:04:16,920 --> 01:04:19,000
You kept ownership at the resource layer

1813
01:04:19,000 --> 01:04:21,000
and you left behavior unowned.

1814
01:04:21,000 --> 01:04:22,520
And that's why entropy keeps winning.

1815
01:04:22,520 --> 01:04:24,120
It has no counterforce.

1816
01:04:24,120 --> 01:04:25,400
The way out is not more tooling.

1817
01:04:25,400 --> 01:04:26,520
It's a design discipline.

1818
01:04:27,160 --> 01:04:28,840
Agent First Architecture,

1819
01:04:28,840 --> 01:04:31,400
explicit boundaries for probabilistic systems,

1820
01:04:31,400 --> 01:04:33,160
where reasoning stays conditional,

1821
01:04:33,160 --> 01:04:35,240
but execution stays deterministic,

1822
01:04:35,240 --> 01:04:36,280
legible, and owned.

1823
01:04:36,280 --> 01:04:38,360
Agent First Architecture,

1824
01:04:38,360 --> 01:04:40,760
explicit boundaries for probabilistic systems.

1825
01:04:40,760 --> 01:04:43,480
Agent First Architecture is not a new diagram style.

1826
01:04:43,480 --> 01:04:45,800
It's a discipline for keeping probabilistic reasoning

1827
01:04:45,800 --> 01:04:47,880
from infecting deterministic execution.

1828
01:04:47,880 --> 01:04:49,960
Most organizations inverted by accident.

1829
01:04:49,960 --> 01:04:51,640
They let the agent reason,

1830
01:04:51,640 --> 01:04:53,800
choose tools, execute actions,

1831
01:04:53,800 --> 01:04:56,280
and then they ask humans to review

1832
01:04:56,280 --> 01:04:59,080
outcomes after the fact that is not human in the loop.

1833
01:04:59,080 --> 01:05:00,280
That's human as auditor.

1834
01:05:00,280 --> 01:05:02,360
And auditors don't prevent side effects.

1835
01:05:02,360 --> 01:05:04,120
And they just write reports about them.

1836
01:05:04,120 --> 01:05:05,640
The core principle is simple.

1837
01:05:05,640 --> 01:05:07,400
Probabilistic reasoning must wrap

1838
01:05:07,400 --> 01:05:09,080
deterministic execution.

1839
01:05:09,080 --> 01:05:10,120
Never the reverse.

1840
01:05:10,120 --> 01:05:11,880
Reesoning can propose, reasoning can rank,

1841
01:05:11,880 --> 01:05:13,640
reasoning can draft, reasoning can

1842
01:05:13,640 --> 01:05:14,920
ask for missing context.

1843
01:05:14,920 --> 01:05:16,360
Execution must be constrained.

1844
01:05:16,360 --> 01:05:17,800
Execution must have contracts.

1845
01:05:17,800 --> 01:05:19,400
Execution must be legible.

1846
01:05:19,400 --> 01:05:22,040
If an agent can trigger an external side effect,

1847
01:05:22,040 --> 01:05:24,600
then the system must force that side effect

1848
01:05:24,600 --> 01:05:28,040
through a deterministic boundary that enforces assumptions.

1849
01:05:28,040 --> 01:05:29,880
Identity, authorization,

1850
01:05:29,880 --> 01:05:32,680
identity, approvals, and telemetry.

1851
01:05:32,680 --> 01:05:35,480
That boundary is where the enterprise stops improvisation.

1852
01:05:35,480 --> 01:05:37,080
This is where most people misunderstand

1853
01:05:37,080 --> 01:05:38,200
what agents are doing.

1854
01:05:38,200 --> 01:05:39,720
They think the agent is the worker.

1855
01:05:39,720 --> 01:05:41,640
Architecturally, the agent is the planner.

1856
01:05:41,640 --> 01:05:44,360
The worker is your existing automation layer.

1857
01:05:44,360 --> 01:05:47,240
APIs, workflows, cues, transactional systems,

1858
01:05:47,240 --> 01:05:48,360
and the parts of the platform

1859
01:05:48,360 --> 01:05:50,120
that already know how to do reliable work.

1860
01:05:50,120 --> 01:05:51,720
The agent should not replace those.

1861
01:05:51,720 --> 01:05:53,720
It should call them through a controlled interface

1862
01:05:53,720 --> 01:05:55,080
with narrow capabilities.

1863
01:05:55,080 --> 01:05:58,280
So the first design move is separation of agent types.

1864
01:05:58,280 --> 01:06:00,360
Task agents versus decision agents.

1865
01:06:00,360 --> 01:06:03,480
Task agents operate inside a deterministic envelope.

1866
01:06:03,480 --> 01:06:05,560
Collect these inputs, fill this template,

1867
01:06:05,560 --> 01:06:08,760
open this ticket, post the summary, schedule this meeting.

1868
01:06:08,760 --> 01:06:10,040
Their decisions are bounded

1869
01:06:10,040 --> 01:06:11,560
and their actions are reversible

1870
01:06:11,560 --> 01:06:13,160
or at least compensatable.

1871
01:06:13,160 --> 01:06:14,520
Decision agents are different.

1872
01:06:14,520 --> 01:06:15,720
They decide what should happen,

1873
01:06:15,720 --> 01:06:17,080
not just how to do it.

1874
01:06:17,080 --> 01:06:18,360
They classify urgency.

1875
01:06:18,360 --> 01:06:19,800
They choose who gets notified.

1876
01:06:19,800 --> 01:06:21,160
They decide when to escalate.

1877
01:06:21,160 --> 01:06:23,000
They choose between competing workflows.

1878
01:06:23,000 --> 01:06:24,760
They are a policy surface.

1879
01:06:24,760 --> 01:06:26,840
And that means you can't casually mix them.

1880
01:06:26,840 --> 01:06:28,760
If the same agent both decides and acts,

1881
01:06:28,760 --> 01:06:31,400
it will eventually act on a decision you can't defend.

1882
01:06:31,400 --> 01:06:32,600
Not because it's evil,

1883
01:06:32,600 --> 01:06:34,680
because it's operating on incomplete context,

1884
01:06:34,680 --> 01:06:37,160
changing context, and shifting tool availability.

1885
01:06:37,160 --> 01:06:39,480
Over time, it becomes a probabilistic policy engine

1886
01:06:39,480 --> 01:06:40,920
with production permissions.

1887
01:06:40,920 --> 01:06:42,440
So agent first architecture

1888
01:06:42,440 --> 01:06:44,680
forbids a common anti-pattern.

1889
01:06:44,680 --> 01:06:46,920
One smart agent that does the whole thing.

1890
01:06:46,920 --> 01:06:49,480
Instead, it forces explicit handoffs.

1891
01:06:49,480 --> 01:06:51,480
A decision agent can propose an action plan

1892
01:06:51,480 --> 01:06:53,320
with confidence scores and rationale.

1893
01:06:53,320 --> 01:06:55,320
A task agent can execute steps only

1894
01:06:55,320 --> 01:06:58,360
when given a signed, deterministic instruction set.

1895
01:06:58,360 --> 01:07:00,120
A separate policy boundary can enforce

1896
01:07:00,120 --> 01:07:01,720
whether the plan is allowed at all.

1897
01:07:01,720 --> 01:07:03,480
That separation sounds bureaucratic

1898
01:07:03,480 --> 01:07:05,720
until you've lived through a side-effect incident

1899
01:07:05,720 --> 01:07:07,720
where nobody can answer the only question

1900
01:07:07,720 --> 01:07:08,760
that matters.

1901
01:07:08,760 --> 01:07:10,440
Who authorised this?

1902
01:07:10,440 --> 01:07:12,840
The second design move is treating human in the loop

1903
01:07:12,840 --> 01:07:14,680
as a boundary condition, not a checkbox.

1904
01:07:14,680 --> 01:07:15,880
Human in the loop is not,

1905
01:07:15,880 --> 01:07:17,400
someone can stop it if they notice.

1906
01:07:17,400 --> 01:07:18,680
It is an architectural gate

1907
01:07:18,680 --> 01:07:20,120
where the system must pause,

1908
01:07:20,120 --> 01:07:21,560
present the decision context,

1909
01:07:21,560 --> 01:07:23,960
and require an explicit authorization to proceed.

1910
01:07:23,960 --> 01:07:26,120
That gate should trigger on risk, not on vibes,

1911
01:07:26,120 --> 01:07:28,120
sensitive data access, external sharing,

1912
01:07:28,120 --> 01:07:29,800
financial transactions, permission changes,

1913
01:07:29,800 --> 01:07:31,320
customer facing communications,

1914
01:07:31,320 --> 01:07:33,640
or any action that can't be undone cheaply.

1915
01:07:33,640 --> 01:07:34,680
And when a human approves,

1916
01:07:34,680 --> 01:07:37,400
that approvals becomes part of the execution record.

1917
01:07:37,400 --> 01:07:39,320
Not a team's message, not a meeting note,

1918
01:07:39,320 --> 01:07:42,280
a first class artifact tied to the agent identity

1919
01:07:42,280 --> 01:07:43,320
and the tool call.

1920
01:07:43,320 --> 01:07:45,080
The third design move is legibility

1921
01:07:45,080 --> 01:07:46,600
as a non-negotiable requirement.

1922
01:07:46,600 --> 01:07:48,120
Most leaders treat explainability

1923
01:07:48,120 --> 01:07:49,640
like a compliance slogan.

1924
01:07:49,640 --> 01:07:52,680
Agent first architecture treats it as a scaling constraint.

1925
01:07:52,680 --> 01:07:54,840
If the organization cannot reconstruct

1926
01:07:54,840 --> 01:07:56,360
the decision path quickly,

1927
01:07:56,360 --> 01:07:58,520
inputs, selected context,

1928
01:07:58,520 --> 01:08:01,000
selected tools, prompt a version,

1929
01:08:01,000 --> 01:08:03,880
identity used, and resulting side effects.

1930
01:08:03,880 --> 01:08:05,240
Then the organization is not allowed

1931
01:08:05,240 --> 01:08:07,800
to scale that agent beyond a small blast radius.

1932
01:08:07,800 --> 01:08:09,800
It is not legibility is not a nice to have.

1933
01:08:09,800 --> 01:08:11,640
It is the only antidote to MTT,

1934
01:08:11,640 --> 01:08:13,560
and this is where the post-sass paradox

1935
01:08:13,560 --> 01:08:14,760
finally gets a counterforce.

1936
01:08:14,760 --> 01:08:16,680
Entropy grows when decision pathways

1937
01:08:16,680 --> 01:08:18,200
multiply faster than explanation.

1938
01:08:18,200 --> 01:08:19,800
So you design for explanation first.

1939
01:08:19,800 --> 01:08:22,040
You don't ask, can we build this agent?

1940
01:08:22,040 --> 01:08:24,760
You ask, can we explain this agent under pressure

1941
01:08:24,760 --> 01:08:26,840
during an incident to security to audit

1942
01:08:26,840 --> 01:08:28,920
and to the business owner who just got burned?

1943
01:08:28,920 --> 01:08:30,840
If the answer is no, then it's not an agent.

1944
01:08:30,840 --> 01:08:32,600
It's a liability with a chat interface.

1945
01:08:32,600 --> 01:08:35,160
The final design move is to formalize boundaries

1946
01:08:35,160 --> 01:08:36,360
as contracts.

1947
01:08:36,360 --> 01:08:37,400
Tool contracts.

1948
01:08:37,400 --> 01:08:40,360
What is callable with what parameters with what scopes?

1949
01:08:40,360 --> 01:08:42,280
Data contracts, what sources are allowed,

1950
01:08:42,280 --> 01:08:43,480
what labels are required,

1951
01:08:43,480 --> 01:08:45,320
what grounding rules apply.

1952
01:08:45,320 --> 01:08:46,680
Behavior contracts.

1953
01:08:46,680 --> 01:08:48,840
What the agent is allowed to decide

1954
01:08:48,840 --> 01:08:50,120
and what it must escalate.

1955
01:08:50,120 --> 01:08:52,680
Life cycle contracts.

1956
01:08:52,680 --> 01:08:54,200
Who owns versions?

1957
01:08:54,200 --> 01:08:55,400
Who owns deprecation?

1958
01:08:55,400 --> 01:08:56,840
Who owns the kill switch?

1959
01:08:56,840 --> 01:08:59,400
This is how agent first architecture turns

1960
01:08:59,400 --> 01:09:01,480
AI strategy back into architecture.

1961
01:09:01,480 --> 01:09:03,000
Not by slowing down intelligence,

1962
01:09:03,000 --> 01:09:05,400
by forcing intelligence to operate inside boundaries

1963
01:09:05,400 --> 01:09:07,880
that remain deterministic, enforceable,

1964
01:09:07,880 --> 01:09:09,000
and legible at scale.

1965
01:09:09,000 --> 01:09:10,360
And once those boundaries exist,

1966
01:09:10,360 --> 01:09:11,720
then you can talk about the thing,

1967
01:09:11,720 --> 01:09:13,080
most organizations skip.

1968
01:09:13,080 --> 01:09:14,680
The control plane that enforces them.

1969
01:09:15,480 --> 01:09:17,240
The agent control plane.

1970
01:09:17,240 --> 01:09:19,080
Identity, telemetry,

1971
01:09:19,080 --> 01:09:21,160
life cycle, and kill switches.

1972
01:09:21,160 --> 01:09:23,320
At this point, most leaders hear control plane

1973
01:09:23,320 --> 01:09:25,400
and their brain jumps to an admin portal.

1974
01:09:25,400 --> 01:09:26,360
That's not what this is.

1975
01:09:26,360 --> 01:09:27,880
A control plane is not a UI.

1976
01:09:27,880 --> 01:09:29,880
It's an enforcement layer for assumptions.

1977
01:09:29,880 --> 01:09:33,240
Identity, authorization, observability, and life cycle.

1978
01:09:33,240 --> 01:09:35,000
The system either has that layer

1979
01:09:35,000 --> 01:09:37,160
or it slowly devolves into conditional chaos

1980
01:09:37,160 --> 01:09:38,600
with nicer branding.

1981
01:09:38,600 --> 01:09:39,720
In deterministic sass,

1982
01:09:39,720 --> 01:09:42,120
the control plane lived in the service itself.

1983
01:09:42,120 --> 01:09:43,960
Exchange online had admin boundaries,

1984
01:09:43,960 --> 01:09:45,320
SharePoint had admin boundaries.

1985
01:09:45,320 --> 01:09:47,800
The workload owned its own behavior surface

1986
01:09:47,800 --> 01:09:49,320
and your job was to configure it.

1987
01:09:49,320 --> 01:09:51,720
In post-sass behavior sits above workloads.

1988
01:09:51,720 --> 01:09:53,160
It sits in orchestration.

1989
01:09:53,160 --> 01:09:55,320
Agent selecting tools, selecting context,

1990
01:09:55,320 --> 01:09:57,640
delegating tasks, and executing side effects.

1991
01:09:57,640 --> 01:09:59,560
So the control plane has to move upstack too.

1992
01:09:59,560 --> 01:10:01,080
And it has to be boring on purpose.

1993
01:10:01,080 --> 01:10:03,000
The first requirement is agent identity,

1994
01:10:03,000 --> 01:10:04,520
not the maker who built it.

1995
01:10:04,520 --> 01:10:06,120
Not the user who clicked it.

1996
01:10:06,120 --> 01:10:07,640
The agent itself.

1997
01:10:07,640 --> 01:10:08,840
If an agent can act,

1998
01:10:08,840 --> 01:10:10,360
it needs a first class principle

1999
01:10:10,360 --> 01:10:12,920
with a stable identity that survives org charts,

2000
01:10:12,920 --> 01:10:15,400
team reorganizations, and the inevitable,

2001
01:10:15,400 --> 01:10:16,680
this started as a pilot.

2002
01:10:16,680 --> 01:10:19,800
That identity needs ownership metadata

2003
01:10:19,800 --> 01:10:22,440
who is accountable what business process it supports,

2004
01:10:22,440 --> 01:10:24,520
what environments it's allowed to run in

2005
01:10:24,520 --> 01:10:26,840
and what category of authority it holds.

2006
01:10:26,840 --> 01:10:28,760
Without that, you can't do least privilege.

2007
01:10:28,760 --> 01:10:30,040
You can only do optimism

2008
01:10:30,040 --> 01:10:32,120
because least privilege is not a philosophical stance.

2009
01:10:32,120 --> 01:10:33,480
It's an authorization graph.

2010
01:10:33,480 --> 01:10:35,160
If you can't point to an agent as an actor,

2011
01:10:35,160 --> 01:10:36,200
you can't draw the graph.

2012
01:10:36,200 --> 01:10:37,080
You can't review it.

2013
01:10:37,080 --> 01:10:38,360
You can't revoke it cleanly.

2014
01:10:38,360 --> 01:10:39,800
You can't even explain what happened

2015
01:10:39,800 --> 01:10:41,080
when it does something expensive.

2016
01:10:41,080 --> 01:10:43,320
The second requirement is tool authorization

2017
01:10:43,320 --> 01:10:45,320
as a contract, not a convenience.

2018
01:10:45,320 --> 01:10:48,600
Most organizations let tool reach ability emerge organically.

2019
01:10:48,600 --> 01:10:50,840
Connectors added, plugins enabled,

2020
01:10:50,840 --> 01:10:52,040
graph permissions granted,

2021
01:10:52,040 --> 01:10:54,360
and then everything gets called integration.

2022
01:10:54,360 --> 01:10:56,360
That's how you build an accidental super user.

2023
01:10:56,360 --> 01:10:58,920
The control plane needs a capability catalog.

2024
01:10:58,920 --> 01:11:00,760
These are the tools this agent can call.

2025
01:11:00,760 --> 01:11:02,280
These are the operations exposed.

2026
01:11:02,280 --> 01:11:03,160
These are the scopes.

2027
01:11:03,160 --> 01:11:05,400
These are the data classifications allowed.

2028
01:11:05,400 --> 01:11:07,800
And these are the conditions under which the call is permitted.

2029
01:11:07,800 --> 01:11:10,760
If you can't express that in a machine enforceable way,

2030
01:11:10,760 --> 01:11:13,000
then the agent is not integrated.

2031
01:11:13,000 --> 01:11:13,880
It's armed.

2032
01:11:13,880 --> 01:11:15,560
The third requirement is telemetry

2033
01:11:15,560 --> 01:11:17,720
that answers the questions people actually asked

2034
01:11:17,720 --> 01:11:19,640
during incidents, not did it run.

2035
01:11:19,640 --> 01:11:21,240
Who acted on what?

2036
01:11:21,240 --> 01:11:22,520
Using which identity?

2037
01:11:22,520 --> 01:11:23,880
With which authority?

2038
01:11:23,880 --> 01:11:25,400
Based on what retrieved context,

2039
01:11:25,400 --> 01:11:26,760
through which tool calls?

2040
01:11:26,760 --> 01:11:27,800
In what sequence?

2041
01:11:27,800 --> 01:11:29,000
With what fallbacks?

2042
01:11:29,000 --> 01:11:31,480
And what side effects landed in which systems of record?

2043
01:11:31,480 --> 01:11:32,280
That's the minimum.

2044
01:11:32,280 --> 01:11:34,520
Anything less is performative observability.

2045
01:11:34,520 --> 01:11:36,840
This is also where the industry keeps lying to itself

2046
01:11:36,840 --> 01:11:37,640
with dashboards.

2047
01:11:37,640 --> 01:11:38,840
Dashboards are summaries.

2048
01:11:38,840 --> 01:11:40,280
Incidents are specifics.

2049
01:11:40,280 --> 01:11:42,360
You need event-grade traces that can be stitched

2050
01:11:42,360 --> 01:11:43,720
into a narrative at human speed.

2051
01:11:43,720 --> 01:11:46,280
If the only thing you can produce is a chat transcript,

2052
01:11:46,280 --> 01:11:47,560
you don't have observability.

2053
01:11:47,560 --> 01:11:49,320
You have theater.

2054
01:11:49,320 --> 01:11:51,320
The fourth requirement is lifecycle management

2055
01:11:51,320 --> 01:11:54,040
because entropy loves abandoned artifacts.

2056
01:11:54,040 --> 01:11:56,280
Agents are not set and forget.

2057
01:11:56,280 --> 01:11:57,480
Prompts drift.

2058
01:11:57,480 --> 01:11:58,440
Tools change.

2059
01:11:58,440 --> 01:11:59,720
Connectors rotate.

2060
01:11:59,720 --> 01:12:00,920
Models update.

2061
01:12:00,920 --> 01:12:02,600
Data sources get cleaned up.

2062
01:12:02,600 --> 01:12:03,480
People leave.

2063
01:12:03,480 --> 01:12:05,240
The agent keeps executing anyway

2064
01:12:05,240 --> 01:12:07,720
because the system does not care about your org structure.

2065
01:12:07,720 --> 01:12:10,760
So the control plane needs explicit version ownership

2066
01:12:10,760 --> 01:12:11,800
and decommissioning.

2067
01:12:11,800 --> 01:12:15,080
Every agent needs a named owner, a versioning scheme,

2068
01:12:15,080 --> 01:12:17,320
a change log, and a retirement path.

2069
01:12:17,320 --> 01:12:20,760
And owner can't mean the last person who touched it.

2070
01:12:20,760 --> 01:12:23,960
It has to mean accountable for behavior and side effects.

2071
01:12:23,960 --> 01:12:26,360
Otherwise, your agent estate becomes a museum

2072
01:12:26,360 --> 01:12:27,880
of half-owned automation.

2073
01:12:27,880 --> 01:12:29,560
And then finally, kill switches.

2074
01:12:29,560 --> 01:12:31,560
Not as a last resort security fantasy

2075
01:12:31,560 --> 01:12:33,080
as an architectural primitive.

2076
01:12:33,080 --> 01:12:34,760
If an agent can execute side effects,

2077
01:12:34,760 --> 01:12:37,320
you must be able to pause it, revoke its tool access

2078
01:12:37,320 --> 01:12:38,760
or force it into a safe mode

2079
01:12:38,760 --> 01:12:40,920
without redeploying half your environment.

2080
01:12:40,920 --> 01:12:42,200
And you need escalation paths

2081
01:12:42,200 --> 01:12:43,880
that are defined before the incident,

2082
01:12:43,880 --> 01:12:45,240
not negotiated during it.

2083
01:12:45,240 --> 01:12:47,480
Because the incident you're trying to prevent

2084
01:12:47,480 --> 01:12:48,520
is not an outage.

2085
01:12:48,520 --> 01:12:50,520
It's an agent doing the wrong thing quickly,

2086
01:12:50,520 --> 01:12:52,760
repeatedly across multiple systems

2087
01:12:52,760 --> 01:12:55,960
while everyone argues about whether it was expected behavior.

2088
01:12:55,960 --> 01:12:58,440
A real control plane makes that argument irrelevant.

2089
01:12:58,440 --> 01:13:00,120
It enforces intent at runtime.

2090
01:13:00,120 --> 01:13:01,400
And here's the uncomfortable truth.

2091
01:13:01,400 --> 01:13:03,720
Once you have identity, tool contracts,

2092
01:13:03,720 --> 01:13:05,640
telemetry, life cycle, and kill switches,

2093
01:13:05,640 --> 01:13:08,680
you've built the thing most AI strategies quietly avoid.

2094
01:13:08,680 --> 01:13:10,920
You've made agents operationally legible,

2095
01:13:10,920 --> 01:13:12,520
which means you can finally scale them

2096
01:13:12,520 --> 01:13:14,120
without scaling ambiguity.

2097
01:13:14,120 --> 01:13:15,720
Now, the next question becomes obvious.

2098
01:13:15,720 --> 01:13:18,280
If tools brawl is one of the fastest entropy surfaces,

2099
01:13:18,280 --> 01:13:22,040
what happens when MCP makes tool integration dramatically easier?

2100
01:13:22,040 --> 01:13:23,560
MCP's integration relief

2101
01:13:23,560 --> 01:13:25,720
and a new entropy surface if unmanaged.

2102
01:13:25,720 --> 01:13:27,720
MCP is going to sound like the part of this story

2103
01:13:27,720 --> 01:13:30,440
where the clouds part and the architecture gets easier.

2104
01:13:30,440 --> 01:13:32,280
Because mechanically, it does.

2105
01:13:33,160 --> 01:13:36,600
The integration problem in the agent era is brutal.

2106
01:13:36,600 --> 01:13:38,360
Every agent wants to call tools.

2107
01:13:38,360 --> 01:13:41,400
Every tool has an API, every API has an else model,

2108
01:13:41,400 --> 01:13:43,080
and every team wires it differently.

2109
01:13:43,080 --> 01:13:44,760
That creates the classic MXN mess.

2110
01:13:44,760 --> 01:13:47,480
You end up with bespoke connectors, brittle adapters,

2111
01:13:47,480 --> 01:13:49,640
duplicated wrappers, and a constant tax

2112
01:13:49,640 --> 01:13:51,240
every time anything changes.

2113
01:13:51,240 --> 01:13:54,280
MCP's promise is to collapse that mess into something more linear.

2114
01:13:54,280 --> 01:13:57,240
One side speaks agent, the other side speaks tool.

2115
01:13:57,240 --> 01:13:59,320
The protocol becomes the contract discovery,

2116
01:13:59,320 --> 01:14:02,040
schemers, and a standard way to call capabilities.

2117
01:14:02,040 --> 01:14:04,600
So instead of building 10 different custom integrations

2118
01:14:04,600 --> 01:14:06,200
for 10 different co-pilots,

2119
01:14:06,200 --> 01:14:08,600
you build or adopt an MCP server once

2120
01:14:08,600 --> 01:14:10,520
and any MCP capable agent can use it.

2121
01:14:10,520 --> 01:14:11,320
That's real relief.

2122
01:14:11,320 --> 01:14:14,280
It reduces the integration surface area you have to handcraft.

2123
01:14:14,280 --> 01:14:16,680
It reduces the number of places where tool calling

2124
01:14:16,680 --> 01:14:18,280
gets implemented poorly.

2125
01:14:18,280 --> 01:14:20,280
And it makes tool reuse realistic,

2126
01:14:20,280 --> 01:14:22,280
which is the difference between an agent program

2127
01:14:22,280 --> 01:14:23,400
and a thousand snowflakes.

2128
01:14:23,400 --> 01:14:24,920
But here's what most people miss.

2129
01:14:24,920 --> 01:14:26,680
MCP doesn't remove complexity.

2130
01:14:26,680 --> 01:14:29,320
It relocates it into the one place

2131
01:14:29,320 --> 01:14:32,280
enterprises are already failing to control capabilities, brawl.

2132
01:14:32,280 --> 01:14:35,320
MCP turns tool exposure into something that can scale

2133
01:14:35,320 --> 01:14:37,080
as fast as copying a config file.

2134
01:14:37,080 --> 01:14:38,120
That's the upside.

2135
01:14:38,120 --> 01:14:39,560
It's also the failure mode,

2136
01:14:39,560 --> 01:14:41,880
because once integration becomes easy,

2137
01:14:41,880 --> 01:14:44,280
the default organizational behavior becomes

2138
01:14:44,280 --> 01:14:46,680
expose one more tool at one more server,

2139
01:14:46,680 --> 01:14:48,040
publish one more capability,

2140
01:14:48,040 --> 01:14:49,720
let one more agent use it.

2141
01:14:49,720 --> 01:14:51,560
We can always tighten it later when you want.

2142
01:14:51,560 --> 01:14:52,760
That distinction matters.

2143
01:14:52,760 --> 01:14:54,120
In architectural terms,

2144
01:14:54,120 --> 01:14:56,360
MCP is not an integration convenience.

2145
01:14:56,360 --> 01:14:57,800
It is a tool distribution system

2146
01:14:57,800 --> 01:15:00,520
and every distribution system becomes an entropy accelerator

2147
01:15:00,520 --> 01:15:03,400
unless you force contracts around what gets distributed,

2148
01:15:03,400 --> 01:15:04,680
who can publish it,

2149
01:15:04,680 --> 01:15:07,080
and what safe to consume actually means.

2150
01:15:07,080 --> 01:15:09,480
So MCP introduces a new entropy surface,

2151
01:15:09,480 --> 01:15:10,920
standardized tool sprawl.

2152
01:15:10,920 --> 01:15:13,080
Before MCP tool sprawl was slowed by friction.

2153
01:15:13,080 --> 01:15:14,680
Every integration required effort,

2154
01:15:14,680 --> 01:15:16,280
which acted like a crude control.

2155
01:15:16,280 --> 01:15:17,720
With MCP, the friction drops,

2156
01:15:17,720 --> 01:15:20,920
so the sprawl becomes limited only by imagination and urgency.

2157
01:15:20,920 --> 01:15:22,120
That's not a moral critique.

2158
01:15:22,120 --> 01:15:23,320
It's system behavior.

2159
01:15:23,320 --> 01:15:26,040
The first risk is server registration

2160
01:15:26,040 --> 01:15:28,040
becoming an accidental marketplace.

2161
01:15:28,040 --> 01:15:31,480
Teams stand up MCP servers for their own needs,

2162
01:15:31,480 --> 01:15:32,520
a Giro server,

2163
01:15:32,520 --> 01:15:33,960
a service now server,

2164
01:15:33,960 --> 01:15:35,320
a CRM server,

2165
01:15:35,320 --> 01:15:37,080
an internal data server.

2166
01:15:37,080 --> 01:15:39,400
Each one exposes a slightly different schema,

2167
01:15:39,400 --> 01:15:41,080
different naming, different guardrails,

2168
01:15:41,080 --> 01:15:43,560
and different assumptions about authentication.

2169
01:15:43,560 --> 01:15:44,920
Then agents discover them,

2170
01:15:44,920 --> 01:15:47,400
and now the enterprise has created an internal app store

2171
01:15:47,400 --> 01:15:48,600
for capabilities.

2172
01:15:48,600 --> 01:15:51,400
Without the review rigor that app stores evolve to require.

2173
01:15:51,400 --> 01:15:53,880
The second risk is capability catalogs drifting away

2174
01:15:53,880 --> 01:15:56,040
from least privileged tools are never neutral.

2175
01:15:56,040 --> 01:15:58,360
A tool is authority packaged as an API.

2176
01:15:58,360 --> 01:15:59,880
If a tool can create a ticket,

2177
01:15:59,880 --> 01:16:02,680
send an email, update a record, or change access,

2178
01:16:02,680 --> 01:16:05,400
then exposing that tool through MCP isn't integration.

2179
01:16:05,400 --> 01:16:06,440
It's delegation.

2180
01:16:06,440 --> 01:16:07,400
So the question isn't,

2181
01:16:07,400 --> 01:16:09,240
can the agent call the tool?

2182
01:16:09,240 --> 01:16:10,920
It's under what identity?

2183
01:16:10,920 --> 01:16:11,960
With what scopes?

2184
01:16:11,960 --> 01:16:13,080
With what constraints?

2185
01:16:13,080 --> 01:16:14,840
And with what audit narrative?

2186
01:16:14,840 --> 01:16:16,920
If MCP makes it easy to call tools,

2187
01:16:16,920 --> 01:16:19,160
it also makes it easy to call the wrong tools

2188
01:16:19,160 --> 01:16:20,280
with the wrong authority,

2189
01:16:20,280 --> 01:16:22,040
especially when teams treat servers

2190
01:16:22,040 --> 01:16:25,000
as shared utilities instead of controlled boundaries.

2191
01:16:25,000 --> 01:16:26,840
The third risk is change management

2192
01:16:26,840 --> 01:16:28,440
collapsing into surprise.

2193
01:16:28,440 --> 01:16:30,520
MCP supports dynamic discovery.

2194
01:16:30,520 --> 01:16:31,560
That's the feature.

2195
01:16:31,560 --> 01:16:34,040
agents can learn what tools exist without hard coding.

2196
01:16:34,040 --> 01:16:36,920
But dynamic discovery, without change control,

2197
01:16:36,920 --> 01:16:39,560
is how you turn production behavior into a moving target.

2198
01:16:39,560 --> 01:16:41,320
A server adds a new capability.

2199
01:16:41,320 --> 01:16:43,480
A schema changes, a parameter meaning shifts,

2200
01:16:43,480 --> 01:16:44,840
and all the requirement changes.

2201
01:16:44,840 --> 01:16:46,680
The agent doesn't break in a neat way.

2202
01:16:46,680 --> 01:16:48,360
It adapts, it selects different actions.

2203
01:16:48,360 --> 01:16:49,480
It fails over.

2204
01:16:49,480 --> 01:16:51,320
It produces different side effects.

2205
01:16:51,320 --> 01:16:53,960
And your MTT spikes because the execution path

2206
01:16:53,960 --> 01:16:56,440
changed without a deployment event you can point to.

2207
01:16:56,440 --> 01:16:57,480
That's the paradox.

2208
01:16:57,480 --> 01:17:00,920
Again, interoperability increases the need for contracts, not less.

2209
01:17:00,920 --> 01:17:04,040
So if an organization adopts MCP as integration relief,

2210
01:17:04,040 --> 01:17:06,840
but doesn't treat MCP servers as first class production

2211
01:17:06,840 --> 01:17:10,200
surfaces, versioned, owned, restricted, observable,

2212
01:17:10,200 --> 01:17:12,280
then MCP becomes the fastest way

2213
01:17:12,280 --> 01:17:14,200
to industrialize conditional chaos.

2214
01:17:14,200 --> 01:17:16,600
This is why the agent control plane matters even more

2215
01:17:16,600 --> 01:17:17,880
once MCP shows up.

2216
01:17:17,880 --> 01:17:20,360
You need enforced server registration rules.

2217
01:17:20,360 --> 01:17:22,760
What qualifies as publishable, who approves,

2218
01:17:22,760 --> 01:17:24,520
and what metadata must exist?

2219
01:17:24,520 --> 01:17:26,360
You need capability classification.

2220
01:17:26,360 --> 01:17:30,040
Read only tools versus side effect tools versus privilege tools.

2221
01:17:30,040 --> 01:17:33,240
You need identity boundaries, which agents can call which servers,

2222
01:17:33,240 --> 01:17:35,880
and whether those calls are on behalf of a user

2223
01:17:35,880 --> 01:17:37,320
or under a service principle.

2224
01:17:37,320 --> 01:17:39,080
And you need change discipline.

2225
01:17:39,080 --> 01:17:42,280
Versioning, deprecation, and explicit compatibility promises

2226
01:17:42,280 --> 01:17:43,960
because otherwise every small improvement

2227
01:17:43,960 --> 01:17:45,880
is a behavioral drift event.

2228
01:17:45,880 --> 01:17:48,440
MCP can absolutely reduce integration dead,

2229
01:17:48,440 --> 01:17:51,000
but it will also let you scale bad integration faster

2230
01:17:51,000 --> 01:17:52,120
than you ever could before.

2231
01:17:52,120 --> 01:17:53,640
The protocol isn't your safety net.

2232
01:17:53,640 --> 01:17:55,080
It's your multiplier.

2233
01:17:55,080 --> 01:17:57,480
And once you accept that, the next move is obvious.

2234
01:17:57,480 --> 01:17:59,240
Don't scale agents first.

2235
01:17:59,240 --> 01:18:00,840
Scale legibility first.

2236
01:18:00,840 --> 01:18:03,400
Which is why the only sane way forward is a controlled pilot

2237
01:18:03,400 --> 01:18:06,200
that proves you can explain behavior before you amplify it.

2238
01:18:06,200 --> 01:18:07,880
The 90-day agent first pilot,

2239
01:18:07,880 --> 01:18:09,800
prove legibility before scale.

2240
01:18:09,800 --> 01:18:11,400
The worst way to respond to all of this

2241
01:18:11,400 --> 01:18:13,000
is to announce an agent program

2242
01:18:13,000 --> 01:18:16,040
and then let every team build whatever they want faster

2243
01:18:16,040 --> 01:18:17,640
because the board is excited

2244
01:18:17,640 --> 01:18:19,480
that just turns entropy into a KPI.

2245
01:18:19,480 --> 01:18:21,960
The only sane move is a 90-day pilot

2246
01:18:21,960 --> 01:18:24,440
that proves one thing before you scale anything.

2247
01:18:24,440 --> 01:18:27,480
The organization can explain agent behavior under pressure.

2248
01:18:27,480 --> 01:18:28,280
Not in a demo.

2249
01:18:28,280 --> 01:18:31,160
In a messy week, with real inputs, with real side effects,

2250
01:18:31,160 --> 01:18:34,360
with real stakeholders who get angry when the system improvises,

2251
01:18:34,360 --> 01:18:37,240
so pick one cross-functional process with consequences,

2252
01:18:37,240 --> 01:18:40,360
not drafting content, not summarized meetings.

2253
01:18:40,360 --> 01:18:42,360
Pick something that touches a system of record

2254
01:18:42,360 --> 01:18:44,040
and triggers downstream work.

2255
01:18:44,040 --> 01:18:46,200
Onboarding, access requests,

2256
01:18:46,200 --> 01:18:48,680
supplier onboarding, service triage,

2257
01:18:48,680 --> 01:18:50,200
invoice exceptions.

2258
01:18:50,200 --> 01:18:53,000
Something where the organization already knows what wrong looks like.

2259
01:18:53,000 --> 01:18:55,240
Then design the agents like products, not helpers.

2260
01:18:55,240 --> 01:18:58,280
That means you name an owner who owns behavior, not just the repo.

2261
01:18:58,280 --> 01:19:00,840
You give it a backlog, versions, a deprecation plan,

2262
01:19:00,840 --> 01:19:02,440
and a defined blast radius.

2263
01:19:02,440 --> 01:19:04,680
You decide what production means for this agent,

2264
01:19:04,680 --> 01:19:06,040
you decide who can change it.

2265
01:19:06,040 --> 01:19:08,200
And you decide how change gets reviewed

2266
01:19:08,200 --> 01:19:10,200
because prompt edits are still logic edits

2267
01:19:10,200 --> 01:19:11,480
even when they look like English.

2268
01:19:11,480 --> 01:19:14,760
Now you establish the boundaries the pilot exists to validate.

2269
01:19:14,760 --> 01:19:16,760
The deterministic core comes first.

2270
01:19:16,760 --> 01:19:18,920
The workflow steps that must be correct,

2271
01:19:18,920 --> 01:19:20,600
auditable, and idempotent.

2272
01:19:20,600 --> 01:19:23,080
The things that create records, update fields,

2273
01:19:23,080 --> 01:19:25,640
send external messages or change access.

2274
01:19:25,640 --> 01:19:29,160
Then you wrap that deterministic core with probabilistic reasoning.

2275
01:19:29,160 --> 01:19:31,880
Classification, extraction from messy inputs,

2276
01:19:31,880 --> 01:19:35,560
drafting, summarization, prioritization, and recommendations.

2277
01:19:35,560 --> 01:19:37,000
Reasoning can propose actions.

2278
01:19:37,000 --> 01:19:39,160
It can't execute side effects directly.

2279
01:19:39,160 --> 01:19:41,000
It must call the deterministic layer

2280
01:19:41,000 --> 01:19:42,840
through explicit tool contracts

2281
01:19:42,840 --> 01:19:44,600
and you don't let the pilot cheat.

2282
01:19:44,600 --> 01:19:47,080
If the agent needs a tool, you register the tool.

2283
01:19:47,080 --> 01:19:49,800
If it needs data, you define which sources are allowed.

2284
01:19:49,800 --> 01:19:53,000
If it needs authority, you assign an identity and scope it.

2285
01:19:53,000 --> 01:19:55,320
If it needs to escalate, you define a human gate

2286
01:19:55,320 --> 01:19:57,880
with a named approver and a clear stop condition.

2287
01:19:57,880 --> 01:20:01,160
This is also where you design for failure as a first class feature.

2288
01:20:01,160 --> 01:20:02,920
Agents will hit ambiguous inputs.

2289
01:20:02,920 --> 01:20:04,440
Downstream APIs will throttle.

2290
01:20:04,440 --> 01:20:05,800
A connector will fail.

2291
01:20:05,800 --> 01:20:07,720
A human will ignore an approver request.

2292
01:20:07,720 --> 01:20:09,720
A model update will change behavior slightly.

2293
01:20:09,720 --> 01:20:10,840
None of that is surprising.

2294
01:20:10,840 --> 01:20:13,640
What matters is whether the system fails legibly.

2295
01:20:13,640 --> 01:20:15,640
So your pilot needs two kill switches.

2296
01:20:15,640 --> 01:20:17,000
One to pause the agent

2297
01:20:17,000 --> 01:20:21,000
and one to force safe mode where it can only draft and recommend, not act.

2298
01:20:21,000 --> 01:20:23,080
And those switches can't be buried in a runbook.

2299
01:20:23,080 --> 01:20:24,840
They have to be operational muscle memory.

2300
01:20:24,840 --> 01:20:26,040
Now, measure it.

2301
01:20:26,040 --> 01:20:28,840
Not vanity metrics like prompts per user.

2302
01:20:28,840 --> 01:20:31,960
Measure the entropy signals this episode is built on before and after.

2303
01:20:31,960 --> 01:20:34,360
Mean time to explain is the headline metric.

2304
01:20:34,360 --> 01:20:36,760
How long it takes to answer why did it do that

2305
01:20:36,760 --> 01:20:38,920
with a coherent narrative and evidence?

2306
01:20:38,920 --> 01:20:41,960
If MTT drops, you're building a system you can scale.

2307
01:20:41,960 --> 01:20:45,000
If MTT stays high, you're building a mystery generator.

2308
01:20:45,000 --> 01:20:46,840
Track incident ambiguity.

2309
01:20:46,840 --> 01:20:50,520
How many incidents involve behavior drift instead of outages?

2310
01:20:50,520 --> 01:20:52,200
Track drift frequency?

2311
01:20:52,200 --> 01:20:54,680
How often prompts, tools or connectors change

2312
01:20:54,680 --> 01:20:57,800
without a corresponding change record tied to the agent product?

2313
01:20:57,800 --> 01:21:00,200
Track agent to human ratio inside the pilot,

2314
01:21:00,200 --> 01:21:03,000
not as a brag, as a budget conversation.

2315
01:21:03,000 --> 01:21:05,560
If one agent produces a thousand decisions a day,

2316
01:21:05,560 --> 01:21:07,880
then you just created a new operational workload

2317
01:21:07,880 --> 01:21:09,240
whether you planned it or not

2318
01:21:09,240 --> 01:21:11,240
and then do the part most pilots avoid.

2319
01:21:11,240 --> 01:21:12,360
Proof decommissioning.

2320
01:21:12,360 --> 01:21:15,400
At day 90, you either promote it with stronger boundaries

2321
01:21:15,400 --> 01:21:16,520
or you retire it.

2322
01:21:16,520 --> 01:21:18,440
That retirement must revoke identity,

2323
01:21:18,440 --> 01:21:20,280
disconnect tools, archive traces,

2324
01:21:20,280 --> 01:21:22,280
and remove it from discoverability.

2325
01:21:22,280 --> 01:21:24,360
If the organization can't cleanly kill an agent,

2326
01:21:24,360 --> 01:21:26,200
it can't claim it controls agents.

2327
01:21:26,200 --> 01:21:27,320
It just accumulates them.

2328
01:21:27,320 --> 01:21:29,720
The output of this pilot isn't a slide deck.

2329
01:21:29,720 --> 01:21:31,960
It's a repeatable pattern, a reference architecture,

2330
01:21:31,960 --> 01:21:33,240
a decision rights model,

2331
01:21:33,240 --> 01:21:35,800
and a telemetry story that compiles into explanation.

2332
01:21:35,800 --> 01:21:37,720
That's what scale actually requires.

2333
01:21:37,720 --> 01:21:38,600
Conclusion.

2334
01:21:38,600 --> 01:21:41,080
AI doesn't reduce complexity.

2335
01:21:41,080 --> 01:21:43,800
It converts visible systems into invisible behavior,

2336
01:21:43,800 --> 01:21:46,920
and invisible behavior is where architectural entropy multiplies.

2337
01:21:46,920 --> 01:21:48,680
If this matched what you're seeing,

2338
01:21:48,680 --> 01:21:52,760
leave a quick review with the worst mean time to explain story you've lived through

2339
01:21:52,760 --> 01:21:54,760
and connect with myocopieters on LinkedIn,

2340
01:21:54,760 --> 01:21:57,960
send examples to the next episode, "Disex Real Failures."