The biggest AI signal this week was not a model launch. It was Snowflake putting $6 billion behind AWS compute and AI over five years.
That sounds like cloud spend. It is really a bet on where production AI agents have to live: close to governed data, inside systems that already know who can see what, and tied to controls that show what happened after the fact.
I see the same pattern whenever agent projects move past the prototype stage. The hard part is not getting a model to answer a question. The hard part is letting software act on business data without turning every permission boundary into wet cardboard.
Snowflake’s May 27 agreement with AWS is a useful marker because Snowflake is not selling chat for chat’s sake. Cortex AI already lets teams run text-to-SQL, summarisation, sentiment analysis, and entity extraction inside Snowflake. Sensitive data does not need to be copied into a separate app just so a model can touch it. That matters.
Fetch is the clean example Snowflake used. Its sales teams use a Cortex AI semantic agent to query campaign data in natural language and get fast answers. The important bit is not the natural language interface. It is that the agent works against a controlled data layer instead of a spreadsheet export, a loose API key, and a prayer.
Workday and Google Cloud pointed in the same direction a day later. Sana Self-Service Agent from Workday is now available in Gemini Enterprise, aimed at HR and finance workflows. Workday says more than 11,500 organisations use its platform, including more than 65% of the Fortune 500.
That is not a playground. Payroll, leave, procurement, finance approvals, and employee data carry real risk. If an agent touches those workflows, it needs to inherit the same permissions, business rules, and approval paths a human user would face. Workday and Google are talking about A2A, A2UI, and MCP because agents need ways to hand off tasks without losing context or accountability.
The risk side is showing up too. SecureAuth launched its Agentic Authority Platform on May 29 and claimed 91% of AI agents are over-privileged, with 78% of deployments lacking an audit trail. Treat those numbers as vendor-backed, but the problem is real. Most early agent builds give the agent too much reach because it is faster than designing scope properly.
That shortcut gets expensive.
For mid-market businesses, the lesson is simple: do not start by asking for an agent. Pick one workflow where the data boundary is clear, the decision path is known, and the failure mode is tolerable. Customer support triage. Invoice matching. Sales reporting. Internal knowledge search over approved documents.
Then define the controls before the prompt. Which data can it read? Which systems can it write to? Which actions require human approval? What gets logged? Who is accountable when it acts?
The useful work over the next year will be building that control layer: identity, permissions, tool access, logging, review queues, and rollback paths. The companies that get value from agents will not be the ones with the boldest demo. They will be the ones that can prove what their agents did, why they did it, and who allowed it.
Leave a Reply