Turn Artificial Intelligence into Proprietary Intelligence

How to Win with AI

Decision 4: Technology Architecture

Decision 4: Technology Architecture

Own enterprise orchestration.

By Sarah Elk, Chuck Whitten, Hernan Saenz, Gene Rapoport, Nicolas Bloch,
Pascal Gautheron, and Anne Hoecker

Own the key parts of the stack where your competitive advantage is encoded and your risks are controlled.
  • Own the part of the agentic layer where your company’s most important know-how gets encoded. This knowledge may include your operational skills—the steps your business follows and in what order—and the tools that carry out those actions.
  • Having agents operating is not enough. You must also own access and agent governance, because that is where you control risk. As agents act autonomously on live systems, the most recommended place to approve, deny, audit, or contain what they do is the boundary where they reach into your data and tools, not inside the agent’s reasoning, which is more brittle and bound to regular changes. Own that boundary, and you can answer your Chief Information Security Officer (CISO) and your board about who authorized an agent to touch what.
  • Adopt and enforce discipline about how agentic systems are built and managed. Agentic systems become sprawling and unmanageable faster than almost any software you have run before, and an estate you cannot inventory, audit, or reason about is one you cannot change or improve. Mandate standards from the top to keep it manageable (everything registered, versioned, and tested; business logic captured).
  • Agentic AI is probabilistic rather than deterministic, stateful, and continuous. So, its behavior drifts as models and data change, and it is prone to cascading failure in multi-agent chains, where a single error propagates through every downstream agent. Maintaining agent health means continually testing whether it continues to produce the right answers. Agents also must be continually tested for vulnerability to attack.
  • What you build today may be obsolete within months. Build it anyway. The code is disposable by design, and the assets the build produces (the semantic layer, the registries, the engineering muscle, the experience curve) survive every rewrite, making the next iteration faster. The tech is what you ship today; the proprietary intelligence is what you keep.
  • SaaS portfolios must be actively reassessed. AI is cannibalizing vendor value propositions faster than most contract cycles. As AI-assisted development accelerates agent proliferation across your organization, this reassessment cannot be a one-time exercise. It must become a continuous operational discipline.

Where your competitive advantage lives

The most important technology decision you will make in your AI transformation is not which model to use. Models are changing so rapidly that any specific choice will be obsolete within months. Most of the stack you can buy. But a few layers are where your competitive advantage is encoded and where your risks are controlled, and those risks you have to own yourself. We call this enterprise orchestration: The layers where your company manages its agents, tools, and skills as first-class enterprise assets, governs what those agents are allowed to do, and turns its proprietary data into reusable agent-ready assets, rather than ceding to a scattered collection of vendor-supplied tools you cannot change, connect, or hold accountable.

Owning your enterprise orchestration means you do two things extremely well:

  1. First-class asset management: codifying, registering, versioning, and testing your skills, tools, and agents so they can be inventoried and improved rather than buried in prompts no one can extract. This process makes the estate manageable as it scales, and it is where much of your encoded know-how physically lives.
  2. Behavior governance: controlling what skills, tools, data, and systems each agent is allowed to access. As agents act autonomously on live systems, this boundary is the recommended place to approve, deny, audit, or contain what they do, and owning it lets you answer your CISO and your board about who authorized an agent to touch what. Your proprietary data matters, but your encoded workflows are a genuine part of your AI estate that compounds into a durable moat.

If you cede that layer to a single vendor, you are handing them architectural control of your AI estate. Your agents will be limited to what that vendor’s platform allows. Your ability to switch models, add new capabilities, or integrate with new data sources will depend on their roadmap, not yours. Owning the enterprise orchestration layer is the technology equivalent of owning your supply chain; it is the strategic control point that determines how much flexibility and advantage you can extract from everything else.

Asset management, governance, and security aspects of good enterprise orchestration are ongoing throughout the software and agent life cycle process inside a company. It is not something that is built once and left; it is living and breathing as builds progress and capabilities improve.

Circular lifecycle diagram showing AI primitive management across five stages: Build, Register (agent primitive), Evaluation (including shadow evaluation), Deploy, Monitor, Discover Patterns, and Improve (optimize or redesign process). The cycle feeds into Institutional Learning at the bottom. Center text reads: 3x, 5x, 10x value unlock.
Circular lifecycle diagram showing AI primitive management across five stages: Build, Register (agent primitive), Evaluation (including shadow evaluation), Deploy, Monitor, Discover Patterns, and Improve (optimize or redesign process). The cycle feeds into Institutional Learning at the bottom. Center text reads: 3x, 5x, 10x value unlock.

Ramp, the comprehensive financial operations platform for businesses, shows what proprietary intelligence looks like on the ground. After reaching 99% adoption of AI tools across the company, the team realized most employees had plateaued—not because the models were inadequate, but because there was no shared infrastructure to connect tools, propagate workflows, or carry context across sessions. The team built Glass, an internal AI productivity layer where one person’s breakthrough rapidly becomes the company’s baseline, and the system accumulates persistent memory across the organization. As the company’s leaders put it, internal productivity is a moat, and an organization does not hand its moat to a vendor.

At this point, a reasonable CEO will ask why anyone should build infrastructure that will be obsolete within months. The specific orchestration code, the agent designs, the integration patterns, and even today’s architectural conventions are all moving targets. The objection is fair—and it is the wrong reason to wait. The artifacts of an AI build are partly disposable by design, but the assets the build produces are not. Going through an actual orchestration effort is how a company builds out its semantic layer, hardens its registries and governed gateways, develops the engineering muscle to operate probabilistic software at scale, accumulates change-management capability, and earns the experience curve that no shortcut replaces. None of those efforts is the code itself. All survive every rewrite, and each one makes the next iteration faster. The companies that wait for the technology to stabilize before they invest are not protecting themselves from obsolescence; they are allowing the durable assets of an early build to accrue to their competitors.

What sets agentic AI apart

Agentic AI is a fundamentally different class of software, and the differences carry serious operational consequences. Traditional enterprise software is deterministic: same input, same output, every time. Agents are probabilistic, stateful, and continuous: Behavior can drift as data and underlying models evolve. The most critical distinction is that traditional software fails safely; agents don’t. In multi-agent systems, an orchestration-level error propagates through every downstream agent before anyone detects a problem. Cascade risk is among the most underappreciated challenges in enterprise AI.

Enterprises must also distinguish functional correctness from adversarial resilience. Golden test suites and shadow-mode testing confirm output quality on anticipated inputs. Still, they don’t reveal how an agent behaves under active manipulation by techniques such as injected prompts, tool abuse, data exfiltration, or privilege escalation across agent handoffs. Both assessments are required before any agent with meaningful system access reaches production, and threat model results should inform the trust policy that the runtime enforces.

Governance must operate at the boundary—every tool call, data source, external connection, and agent delegation—because the LLM’s internal reasoning is inaccessible.

Three mechanisms make this work:

  • A registry: Unregistered agents and tools don’t run
  • A governed gateway: Every tool call is policy-evaluated, fully logged, and fails closed.
  • Promotion gates: Agents don’t reach production without passing structured quality checks. No committee reviews every agent, but the gate passes or blocks automatically.

The economic argument for a shared platform is as important as the technical one. Without shared infrastructure, every agent team duplicates the same foundational work, data preparation, system integrations, governance mechanics, evaluation pipelines, and deployment automation. The third team spends the same months as the first team, solving problems the first team already solved, producing results that the fourth team cannot reuse. With a governed platform, data models built for one domain are reusable across adjacent domains. Tool integrations built for one use case are available to every subsequent use case in that domain. Skills are the encoded procedural expertise that tells an agent how your organization actually operates, and they improve with every calibration run and benefit every agent that uses them. The organization accumulates operational knowledge as a compounding asset rather than as a series of disposable projects.

What is required to do enterprise orchestration well?

Layered architecture diagram showing five planes of enterprise AI orchestration stacked vertically. At the top, the Control plane observes all activity, tracking fleet visibility, cost attribution, audit trails, and dashboards. Below it, Governance includes gateway, OPA policy engine, telemetry, registries, and promotion gates. Inside Governance sits the Execution plane — a framework-agnostic runtime with memory services supporting LangGraph, OpenAI SDK, Google ADK, CrewAI, and any future framework — alongside a Tool registry of governed versioned tools organized by domain, and a Skill registry with MCP-governed access. Below that, the Data plane makes enterprise data agent-ready and reusable across domains. The Infrastructure plane is cloud-agnostic across Azure and GCP. At the bottom, External connections include enterprise systems, LLM providers, MCP servers, data sources, and users.
Layered architecture diagram showing five planes of enterprise AI orchestration stacked vertically. At the top, the Control plane observes all activity, tracking fleet visibility, cost attribution, audit trails, and dashboards. Below it, Governance includes gateway, OPA policy engine, telemetry, registries, and promotion gates. Inside Governance sits the Execution plane — a framework-agnostic runtime with memory services supporting LangGraph, OpenAI SDK, Google ADK, CrewAI, and any future framework — alongside a Tool registry of governed versioned tools organized by domain, and a Skill registry with MCP-governed access. Below that, the Data plane makes enterprise data agent-ready and reusable across domains. The Infrastructure plane is cloud-agnostic across Azure and GCP. At the bottom, External connections include enterprise systems, LLM providers, MCP servers, data sources, and users.

← Decision 3: Proprietary Data  Decision 5: Operating Model →

  • AI TRANSFORMATION: ENTERPRISE GLOSSARY

    The Foundation

    Agentic AI—An AI system that can plan and execute multistep tasks autonomously toward a defined goal, taking action on systems and data with minimal human intervention. The defining shift from generative AI (chatbots that answer questions) to agentic AI is the move from "tell me something" to "do something."

    AI Agent—A specific software entity built around a language model that perceives its environment, reasons about goals, and acts using tools (APIs, databases, other agents). Think of an agent as a digital worker with a defined scope, set of tools, and authority level.

    Frontier Models—The most capable AI models at the cutting edge of development (Claude, GPT, Gemini, and similar). They are powerful but expensive and change rapidly enough that any specific model choice is obsolete within months. Most enterprises consume these via API rather than building them.

    Probabilistic (vs. Deterministic)—A defining characteristic of AI systems: the same input can produce different outputs depending on context, memory, and model state. Unlike traditional software, which gives the same answer every time, AI is variable. This variability has major implications for testing, governance, and risk management.

    Stateful (vs. Stateless)—Agents maintain memory, context, and reasoning state across interactions rather than treating each interaction as independent. State persistence enables long-running workflows but also creates the risk that agent behavior drifts over time as the underlying data and models change.

    Compounding—The defining property of AI advantage that did not exist in prior technology waves: Data improves agents, agents improve people, people redesign work, and the redesigned work generates better data. The flywheel turns on its own. The gap between AI leaders and followers gets structurally harder to close every quarter, which is why early movers pull away faster than in any previous technology wave.

     

    The Infrastructure

    Enterprise Orchestration—The layer where a company manages its agents, its encoded know-how (skills, tools, and data ontology), and their access to data and systems as a single, governed enterprise asset rather than a scattered collection of vendor-supplied tools. It spans the registries that record what exists, the boundary at which agents access data and systems, and the controls that keep the estate inspectable and changeable. Distinct from agent orchestration, it is the narrower task of coordinating which agent does what within a single workflow.

    Harness—The execution infrastructure wrapped around an AI model that turns a probabilistic language model into a reliable working agent. Includes tool integration, memory management, safety controls, and observability. In 2026, the harness became the competitive frontier: The model is the engine, but the harness is the vehicle. Agent = Model + Harness.

    Multi-Agent System—A configuration where multiple AI agents work together on a workflow, each handling a specific subtask and passing results downstream. It is common in complex agentic work (e.g., a research agent feeding a writing agent, which then feeds a fact-checking agent). Multi-agent systems are where cascade risk lives.

    Model Context Protocol (MCP)—An open standard that defines how AI agents connect to external tools, data sources, and other systems in a consistent, governable way. Now stewarded by the Linux Foundation under the Agentic AI Foundation umbrella. Think of MCP as the USB-C of agentic AI: a common interface that lets any agent plug into any tool without bespoke integration work for each combination.

    Semantic Layer—A shared business vocabulary that defines, centrally and consistently, what your key business terms mean—revenue, customer, churn, margin, product—along with the rules and relationships between them. It sits between raw data and AI agents, so every agent reasons from the same definitions. Without it, every agent invents its own dialect of your business.

    AI Estate—The full inventory of AI agents, models, tools, integrations, and data pipelines operating across the enterprise. Managing the AI estate is the new infrastructure discipline, analogous to managing the IT estate or real estate portfolio. If you cannot inventory it, you cannot govern it.

    Shared Memory Layer—A persistent knowledge store that agents can read from and write to, allowing learning to compound across agents and over time. Without it, every new agent starts from scratch. With it, the tenth agent is faster and smarter on day one than the third agent was after six months.

     

    The Controls

    Registries (Agent/Tool/Skill)—Central records of every agent, tool, and skill operating in the enterprise, including purpose, owner, capabilities, and access permissions. If something is not registered, it does not run. The registry is the control surface that enables governance.

    Governed Gateway—The infrastructure layer through which every agent tool call routes, enabling policy enforcement, telemetry, and audit trails. Governance happens at this boundary, not inside the agent’s reasoning, which is technically inaccessible to inspection.

    Promotion Gates—Automated quality checks that determine whether an agent can move from development to production. Functions like quality control on a manufacturing line: the gate passes or blocks automatically, based on test results, threat assessments, and policy compliance.

    Evals (Evaluations)—The structured, continuous testing of AI agents and models to verify they produce accurate, safe, and useful outputs. Unlike traditional software testing, evals run continuously because AI behavior can drift as data shifts and underlying models update. Industry rule of thumb: Building the agent is roughly 20% of the work; evals are 60%; ongoing monitoring is the remaining 20% and never stops.

    Golden Test Suites—A defined set of test cases representing known scenarios that agents must pass before reaching production. Like a final exam, an agent has to retake it every time it or its underlying model changes.

    Shadow Mode—Running an agent in parallel with existing systems or human decision-makers without acting on its outputs. It is used to validate behavior before giving it real authority. Helps surface edge cases without putting business operations at risk.

     

    The Costs

    Tokens/Token Costs—The unit of compute that AI models consume to process and generate text. Every agent action consumes tokens, and at enterprise scale, aggregate token cost becomes a material line item that is invisible to traditional IT cost reporting. Token cost reporting is to AI operations what unit economics are to a manufacturing line.

    AI-Native Software Development—A development model where AI agents handle code generation, testing, and documentation while human engineers handle architecture and direction, achieving five to ten times the productivity of traditional development. The function most likely to transform first into an AI-led organization, and the clearest proof point of what an AI-transformed operating model looks like.

     

    The Risks

    Prompt Injection—An attack where malicious instructions are inserted into the input an AI agent processes, attempting to override the agent’s intended behavior. Analogous to social engineering against humans, but at machine scale and machine speed.

    Cascade Risk—The risk that an error or compromise in one agent propagates through downstream agents in a multi-agent chain, triggering a series of autonomous actions before anyone realizes something is wrong. One of the most underappreciated operational risks in enterprise agentic AI.

     

    The People and Governance

    Tinkerers—Employees outside traditional technology roles who naturally experiment with AI tools and discover use cases that no central team would have designed. A leader’s tinkerers are the organization’s sensing network for what’s actually working. Identifying and equipping them is a strategic move, not a culture program.

    Two Governance Motions (Run the Business/Change the Business)—The recognition that AI transformation requires a change-the-business governance motion (focused on learning, pivots, multiyear outcomes) running in parallel with existing run-the-business governance (focused on reliability, efficiency, milestone delivery). Running AI through existing governance alone is the single most common reason that transformations stall.

Vous souhaitez continuer cette conversation ?

Nous aidons des dirigeants du monde entier à matérialiser des impacts et des résultats pérennes et créateurs de valeur dans leurs organisations.