Your agents are leaving the building

This month, we're chatting with Will Grannis and his team at the Office of the CTO about what happens when AI agents start working across organizational boundaries with your partners, suppliers, and customers.

Execs are thinking: I've started to wrangle internal AI projects, but the big opportunity is how we use AI with our broader partners and supply chains across commerce, finance, legal, and customer experience. What do we need to get right as we extend AI and agentic workflows beyond our organization's boundaries?

Ashwin Ram

AI agents are moving from single-purpose internal tools, to multi-agent systems within an enterprise, and now to multi-agent systems that span multiple enterprises. These agents aren't isolated anymore — they're active participants in a broader digital economy.

Enterprise agents already collaborate with agents owned by partners, suppliers, and other external organizations through a federated architecture, supported by standardized protocols like MCP and A2A for agent communication and UCP and AP2 for commerce transactions. Over time, we'll see further evolution toward intent-based communication built on these protocols, where agents can work with partner agents without requiring custom integration for every new relationship.

That kind of autonomy demands a new approach to trust. When agents act across enterprise boundaries, organizations need shared policies for identity verification and data sharing. Expect to see "zero trust" models with verifiable agent identity, alongside dynamic data contracts that govern what information can be shared or retained during any given interaction.

And evaluating these systems will require new methods. It's no longer enough to benchmark individual agent performance. We need to assess system-level behavior across the full multi-agent network — testing for quality, latency, cost, and business impact. Large-scale agent sandboxes and simulation environments, essentially "digital twins" of the multi-enterprise agent world, will become essential for that evaluation.

John Abel

The good news: none of this is entirely new. Businesses have outsourced capability for decades. The question now is what actions an AI agent can take on behalf of another company, and under what agreements. Six considerations stand out:

Agent contracts. Treat agents like any other contracted service when it comes to SLAs, SLOs, risk, data privacy, and regulation. The lessons from decades of outsourcing still apply.

Material risk. As agents take on more business functions, organizations need to define the risk level they're willing to operate at. Be clear about what an agent will and won't do, informed by risk modeling.

Ontology alignment. Data schemas, standards, and connected protocols need to be agreed on across organizations. When your agents and your partner's agents define the same terms differently, things break fast.

Federated evaluation. When one agent's decisions affect agents upstream and downstream, evaluation gets complicated. Add a human in the loop and you need clear definitions, joint testing, and aligned regression testing across organizations.

Identity and cryptographic verification. Think of it as a digital passport with clear lineage across trust boundaries — stamped each time data enters or leaves an agent.

Commercial model. Someone has to pay for all this. Organizations need clarity on the cost and commercial terms of each agent relationship.

Ben McCormack

When agentic workflows extend beyond your organization, three things matter most: trust, interoperability, and human control.

Protocols and interoperability come first. New standards are emerging for agent-to-agent communication (A2A), commerce transactions, payment authorization, and UI generation — giving agents from different organizations a common language. This standardization is what makes cross-boundary agent collaboration possible without building bespoke integrations for every partner.

Security and governance require rethinking. Traditional security models weren't designed for probabilistic agent behavior crossing trust boundaries. A few design principles help: give agents clear limitations and hard-coded guardrails (an agent can edit files but never delete them, for example). Use policy engines — APIs that act as a rulebook for the agent — to enforce rules deterministically. For sensitive data, a "paranoid mode" that requires user confirmation before high-risk actions adds an important check. And be aware of new attack vectors like indirect prompt injection, where hidden instructions in an ordinary-looking file can hijack an agent. That risk multiplies when agents operate across organizations.

Graduated autonomy builds trust over time. Design agents to operate across distinct levels: an advisor mode that's read-only, an assistant mode that prepares tasks but requires human sign-off for final transactions, and an autonomous mode that executes within user-defined guardrails (such as "don't exceed a monthly spend of X"). At every level, transparency matters. A "Why this?" explanation for every recommendation — "Matches your size and budget," for instance — helps people trust the system. And none of this works without a unified customer view across channels and categories. That single profile is the fuel agents need for effective personalization across organizational boundaries.

Yingchao Huang

When agents work across organizations, the data and tools they consume need to be purpose-built for agent use — not just repurposed from what humans interact with.

Agent-ready artifacts are the starting point. Build dedicated APIs and data connectors designed for agent consumption. Go beyond basic wrappers and focus on data transformation: converting diverse partner data formats into structures agents can actually work with. This is classic extract, transform, and load work, applied to a new context.

Data governance needs to travel with the data. When an agent creates something new from a partner's source material, the original access controls, retention policies, and audit trails should carry over. Derived data needs to inherit the governance of its source, even across organizational lines.

Data consistency and provenance close the loop. Implement mechanisms that keep source data and its derived versions in sync — event-driven architectures can help push changes in real time. And track data lineage across your full partner network so you can trace any agent decision back to its origin.

Antonio Gulli

In 2026, AI agents working across partner organizations have moved from a competitive advantage to a basic operational expectation. We're seeing a significant shift: AI agents are becoming a required quality-check layer. In more and more organizations, work that hasn't been verified by AI is starting to be treated as a liability.

This shows up across industries. At Google, more than a quarter of all new code is now generated or reviewed by AI before a human touches it. Law firms deploy specialized agents to review large document sets against current regulations. Financial firms use agents for real-time trading decisions and risk management, adjusting portfolio exposure in milliseconds.

The long-term value of these agents, though, depends on continuous learning. They need to constantly take in new market signals, code patterns, and legal precedents to stay accurate. Without that feedback loop, agents operating across organizations become outdated fast, especially as regulations, markets, and partner systems keep shifting. The ability to learn and adapt in real time is the most important characteristic of any agent working beyond your own walls.

The combined picture

Five perspectives, one consistent message: extending agents across organizational boundaries is now an operational reality that demands new thinking about familiar business problems.

The throughline is clear. Protocols and shared standards make cross-boundary collaboration possible. Trust frameworks, from identity verification to graduated autonomy, make it safe. Strong data governance and purpose-built tooling make it work. And continuous learning makes it last.

What's encouraging is that the underlying principles aren't new. Contract management, risk modeling, data governance, commercial terms — organizations have been navigating these for decades. The difference now is that agents, not just people, are operating across those boundaries, and they're doing it at a speed and volume that demands more precision in how we define rules, verify identity, and evaluate outcomes. 

The organizations that get this right will be the ones that define how their agents — and third-party agents — operate in environments no single organization controls.