Name: AgentOps 2026: How to Securely Manage AI Agents
Uploaded: 2026-04-02T18:01:10.714Z
Duration: 45 min 8 s
Description: AgentOps 2026: How to Securely Manage AI Agents

Transcript for "AgentOps 2026: How to Securely Manage AI Agents": Hi, everyone, and welcome. My name is Natasha Berman. I am on the AI team here at Rubrik. Today, we wanna talk to you about agent operations in 2026, how we can securely manage AI agents. So I feel like we're waking up to a brand new AI framework or the viral agent every every single morning. We've spent the last year in a massive hype cycle, but the data we're seeing here at Rubrik and the data that we are, about to share with you proves that this is just no longer a science project. The AgenTeq era is officially in production, but at the same time, building an agent is now the easy part, actually. The real challenge is how we manage, govern, and occasionally undo what the agents do when they move at machine speed. To help us cut through the noise, I'm thrilled to be joined by two people who are in the trenches of AI governance every day. Kathy Lang, welcome. Hi. Glad to be here. Kathy is a research director at IDC. She focuses on AI data and automation. And we also have here Michael Ortega. Hello. Hi, Michael. Michael is the director of AI marketing here at Rubrik, and he spends his time talking to CISOs, trying to figure out how to give their teams an undo button for AI. Here is how we're going to spend the our time today. So we will start with the data, and Kathy will show us some research, and then we'll go into the panel discussion. So Kathy, please, the floor is yours. So the big story is that AgenTik AI is booming. What we're seeing is that overall AI spending is going to double from 2026 to 2027. But the interesting part here is that percentage of AgenTic AI. So AgenTic AI spending is going from 33% to 41%. That's a lot more spending on the AgenTic side. And not only that, we're projecting that by 2029, there's going to be over a billion agents worldwide, two seventeen billion actions per day, requiring 3.7 Tera tokens per day, and inference costs are going to surpass 68,000,000,000. So that's a big number. And this big increase in AI budget means larger investments, mean larger data, more AI projects, more systems, and ultimately more risk. Another study that we did also talked about that these companies have multiple agents going. Some of them have over 49 projects going all at once. So another study showed that the number of agents that we have here we've got over 50 of organizations are using agents in production. And another study said that 23% are reporting deploying or testing from 50 to 99 custom AI agents, and another 47% that are deploying or testing from 10 to 49 agents within their organization. That's a lot of agents already, and we're pretty much just at the beginning of AgenTeq AI. What we're hearing from these respondents is that AI isn't going away. It's transformational, including AgenTik AI. Businesses are saying that AI will reshape the way they operate, and AI will be embedded in these operational workflows. Things like cash to order, procure to pay, IT operations, campaign management, things like that. So it's here to stay, and we're gonna be seeing a lot of agents. Probably hundreds to hundreds of thousands of agents in an organization in a single enterprise. So what are they going to be deploying? Well, they're starting with pre built agents, agents that are part or embedded in enterprise applications or pre built agents that do something specific, some standalone product that does a specific type of application. As I mentioned, order to cash, procure to pay, accounts payable, things like that. But the interesting part of this is the the section that says custom agents using tools from application providers. So in the next twelve months, that is going to be the number one preference for large companies that are over 10,000 employees. We're going to see a lot of custom agents coming in the next twelve months. But we're hearing about agent sprawl. Agent sprawl is defined as undisciplined growth and establishment of agents throughout the organization with very little oversight or costs. So what are people doing to manage that set of agents? Well, they're trying to invest in centralized agent cost and performance management tools. So agents are new, lifecycle management agents are new. And so they're trying to centralize and keep control over that authority. Now, we're not necessarily hearing that much about agent sprawl at this time, but we are seeing with the increased budget and things like that, that there's going to be more. They just keep building and building, and every provider is allowing organizations to build these agents. And that's not the hard part as Natasha said in the beginning. That's the easy part. The building of the agents is easy. The governing and controlling of the agents is the hard part. So what's happening? We're not using Gen AI in this conversation. We're talking about autonomous agents. We're not just asking a question and getting a response from ChatGPT. These agents are going to be accessing our systems of record in the organization. They're going to be taking actions. And so there's a lot of risk associated with that. And the biggest risk that organizations are worried about is security vulnerabilities, that these agents can take actions on systems. They can go into their systems. They can change databases. They can rewrite things. They have all kinds of credentials that they could be accessing all kinds of different things within our system. And they're worried about that. And they're also worried about privacy breaches. And they're worried about unpredictable behavior with these agents. And that's it. I think that should give us a little bit of a conversation piece to start with, with those data points. Thank you so much, Kathy. Yeah, definitely a lot of questions arising here. So it sounds like the massive AI hype cycle is happening right now. Your data shows it's actually real. So you said over 50% of orgs have already pushed agents into production. So I guess, Kathy, let's start with you. What exactly shifted over the last twelve months that took agents from science projects to production applications? Well, I think that people are getting their feet wet, right? They're seeing that agents can help with automating processes and kind of change the way they do business. Like I said, see them as strategic. But there's a lot of pent up demand for helping to improve efficiency in organizations. We hear a lot about taking out humans. That's not what the agents are really supposed to be doing. They're supposed to be changing the way humans interact with technology. So there's a lot of people buying, as I said, pre built agents, but this demand for custom agents and being able to customize them, access their systems specifically or specialized agents. So that's really, I think, the difference here is that they're realizing that agents are going to change the way their businesses operate. Totally. Yeah, and to your point, it's really interesting. New developments, they happen all the time. And in fact, so we're seeing tools like Open Clog or Viral, they rack up hundreds of thousands of downloads overnight. I guess, Michael, maybe you can help us cut through this noise here. What makes agents like and and tools like OpenClose so special? Is this just a fleeting trend or a fundamental paradigm shift in how we build with AI? Absolutely. I think there is a big paradigm shift taking place right now. And you mentioned OpenClaw. I mean, OpenClaw is really interesting, and I do think OpenClaw is special. I don't think it is just a viral moment for no reason. I like to think of Open Clause sort of what we had thought Siri might have been. It's an always on agent framework that's easy to install on your computer, your devices. It connects to all your applications. It's persistent and essentially working in the background. And that allows it to do new game changing types of use cases for us. Imagine like an OpenClient agent sitting on your computer, monitoring your calendar, and notices you have a flight in three hours, checks the Google Maps for traffic patterns, realizes that traffic is building up, shoots you a Slack message and orders you an Uber. I mean, that is like really powerful and speaks to why I see people downloading tools like OpenCLI. And that's really, I think the agentic world we've sort of been waiting for. And it's pretty exciting. Now, you know, kind of to build on your second point of the question, like, is this a paradigm shift? Yes, OpenCLaw is cool, but I think there's actually two things that have happened in the last year and happening right now, they're making agentic AI get adopted, as Kathy pointed out, at a very high rate. So one, I would say, just the foundation models have become incredibly powerful. The accuracy on these models keeps getting better. We see hallucination rates going down. They can do more use cases out of the box. Reasoning capabilities are kind of standard that that isn't, you know, a cutting edge feature now. Now these models think before they respond. And also, as Kathy mentioned, like agentic capabilities is pretty standard with these models. Right? They almost come out of the box with them. So it's no longer just, you know, a model that's in a chatbot. Right? Giving you a respondent actually can take action. And let me kind of give you like a real world example of how things I've seen changed in the last year. If we think about just like AI coding tools, you know, a year ago, these were pretty much just being used to sort of like complete code for our, you know, developers, or they'd write code snippets. But now where we are today with tools like Cloud Code and Cowork, you can actually have, you know, this coding tool take on large parts of the developer workflow with with AgenTix sort of capabilities. They can manage deployments, update git. So they're not just, you know, writing the code, they can update repository, they can do code reviews, a refiner product roadmap, and even Slack that roadmaps your team. You can even give Claude like a, you know, a design spec for an application. It can go build you a fully functional prototype and even test it for you. So I think the fundamental shift we're seeing is one of these models are very powerful. And then to what you mentioned about OpenClaw and what Kathy said, building is no longer the hard part. And that's the second piece of it. Our tools have got more powerful. And then the building capabilities is much easier now. You have things like Copilot studio that allows a non developer to go build the Gentec flows. There's dozens, dozens of open source and developer tool frameworks to build custom agents like Kathy mentioned. So OpenClaw is one of them, but you have the link chains of the world. And then of course, also as Kathy mentioned, you have tools that now have embedded agentic building capabilities. So we're in this world now where the models are really powerful and we also have tools that make it incredibly easy to build agents. And so I think we are, this is a fundamental shift and it isn't just hype. Interesting. Well, I also can see this tool's giving a massive heartburn and heart attacks to security teams. We recently saw a report in the news of hundreds of exposed credentials tied to OpenQAW. So I guess let's open this to both of you guys. What exactly are the new risks that we're unleashing here? This is not just about somebody predicting the next who's going to churn. Or it's not just about someone talking to ChatGPT and getting an answer. These agents are actually touching operational capabilities in the business. They're touching things. They have credentials. They can change operational systems. They will be able to go into pretty much any system that they're allowed permissions to go into. They can go into your ERP systems and your operational record systems, and they can go change my salary. I hope they do. But they can touch all kinds of things. So there's a lot of risks. And those risks are kind of the thing that's impeding even greater adoption. A lot of these companies are stalled because of the risks. And so they're kind of tiptoeing lightly and implementing agents that are less risky. They have to look at all the different opportunities across the business for agents, and they have to prioritize them and kind of bring them in and figure out which ones are the ones to go after, because not every problem needs an agent. I think it's a great point. We talk about this a lot. You know, building was yesterday's problem. Today's problem is risk and it's the biggest blocker. And I think why agents sort of building on what you're saying, Kathy, why agents are inherently risky? It's a it's a paradigm shift, really. So, obviously, we've we talked about OpenClaw. You mentioned it, Natasha. You've probably seen these headlines. If you haven't, honestly, you can Google OpenClaw vulnerabilities and there's more than you can count, but these risks are real. And I think to understand like why agents are risky, we gotta talk a little bit about the fundamentals of what an AI agent is and just ground ourselves. And if you ask 10 people, they'll probably give you 10 different definition of an agent. I like to think of it very simply. Okay? An agent brings together two core capabilities. Your LLM, the brain, plus tools and applications, the hands. So now you have this creative model, right? That can think, make decisions, but also can take action with applications. And when you give access to an application, you know, to an agent, you will hear a lot about tools and tool calls. Well, it's important to remember that every application has lots of tools that an agent can take advantage of. So if you think about like the G Suite, right? And Gmail and calendar and all that, within that one tool could be read an email. Another is add a contact, remove a contact, send an email. It could be, you know, create a counter appointment. So there's lots of sort of tools that these agents have with their hands to go touch. Now, when we think about agents, I think it's important to anchor ourselves on. This is again, a paradigm shift. This is different than traditional software and different than humans. And we think about why agents are risking why they're different. It's really understand a couple things. One, agents are superhuman. They move incredibly fast. You know, it takes me sometimes, you know, five minutes in the morning to figure out what I'm gonna cook my kids for breakfast. By the time I've made that decision, an agent's already figured out what to cook, how to cook it, perfect temperature of the oven, expected time it's gonna be done. But my point in telling you this is that agents make decisions, thousands of decisions in minutes. We said, you know, humans can only do a few decisions in a minute. Right? And the other thing to remember is that agents by nature are going to be unpredictable. LLMs are non deterministic. Right? They're designed that way. We want our LMs to be creative. It helps them solve problems in creative ways. But what that also means is, sometimes you're gonna get a response or an action from agent that you didn't expect, right? You can prompt it one day, prompt to the next day, the response might be slightly different. And so we're at this paradigm where we have these AI agents that are both incredibly fast, but also unpredictable. The other thing that we fundamentally need to remember about agents is that they're super smart, but they're also kind of dumb. And what I mean by that is that they're not actually really stupid, but their agents are very task and goal oriented, and they're really good at accomplishing that task. But they have tunnel vision. They lack the common sense to like a human employee would have. And the way that can manifest, I have two examples here. One is this famous famous story from Air Canada, where an AI agent customer support bot really didn't wanna lose a customer. So invented a refund policy. A human would not have done that. They know better, but the agent was being creative and trying to solve a problem. But that problem resulted in financial risks for that organization. This other one on this other here is CodeBox, is an example of an agent that we had in a test environment, where he had created a secure MCP server, for that agent to go access, to go do certain developer tasks. Now the agent couldn't find the MCP server. So instead of saying, Hey, I can't find it. I can't finish my task. It was very clever and figured out it could have, it had access to the command line. Now the command line has way less security protocols and governance around it. And so the agent was actually able to like start to do things that we may not want it to do. Now this was in a test environment, so there was no no big issue, but it just points to the fact that like agents, while they're really bright, they're trying to solve a task and they don't have that broader vision always of like what could be a negative action. And so without proper governance, we have to be careful because these aren't just hallucinations anymore. Right? They aren't just chatbots giving you a wrong fact. They're actually executing an action, like giving out a refund or changing a code base. And so, you know, what happens? Like, how does it translate to risk? And what happens when agents go rogue? Well, real meaningful things happen. We talked about OpenCloud earlier. I showed some of those stats, but there's been many stories like this where like an AI coding agent brought down some Amazon services. There's this famous story last year where an AI agent, to make its code base more efficient, erased a production database. You mentioned that, you know, that kind of mistake that can happen, Kathy, earlier, and it has happened. And so these risks are real because agents are moving fast and taking action. So I think we need to think about them differently in the type of risks that they introduce. Wow. Thanks, Michael. This is a really cool perspective. I kind of used to think of LLM's and agents as, you know, super smart, full stop. But it feels like we need to build something like common sense and critical thinking into them. But, yeah, thank you for the very cool segue into my next question about risks. So both of you guys talk to CSOs and the AI leaders daily. When you have a rapidly growing volume of agents deployed in production, what Kathy mentioned, you get agents sprawl, what is the number one nightmare keeping these executives up at night when it comes to these autonomous AI systems? So as I mentioned in the earlier section, it is that vulnerability of systems. The thing that's keeping them up at night is how to control all this. But even before controlling, there's things that they need to do with respect to figuring out where all the AI is in the organization. So there's a phase of discovery. And I think that is the thing that's keeping them awake at night too, is where are all these instances of AI? It's so easy to build these agents. And there's some sanctioned uses within an organization. There's some unsanctioned uses. So most of the organizations have some kind of principles and policies about use of AI within the organization. But they have to figure out where it is. And then they need to observe how it's being used and deciding whether to just observe or to shut it down or to educate people. And that should be part of the principles and policies about educating people in the organization what they are and aren't allowed to use. And then last but not least, taking the observability and turning that into controls so that we can figure out what should and shouldn't be happening and be able to shut things down if they need to be, or to reeducate people, or to decide who can and cannot build agents. Thanks, Kathy. I know, Michael, that you also speak a lot with CISOs and AI leaders. Maybe you have something to add here. Yeah, I definitely agree with Kathy. Visibility is issue number one, and the people management is critical. I was at an event actually last night with a panel of security and AI leaders, and I thought there was a really good quote someone mentioned, which is that for every human identity that we manage, there's now a 100, at least a 100 nonhuman identities. So the amount of like agents, right, are growing. And and I think the point here is that, you know, as security risk and AI leaders are just organizations in general. Right? We've gotten very good at managing and mastering, like how we manage people. Right? We have oversight for people with managers, real life managers. We have controls in place. We have access systems, monitoring tools. We spent decades, right, how to secure the human component, but we don't yet have that same rigor for agents and how agents operate. And I think it's really important to remember that this is our new autonomous workforce. And would you hire a thousand new employees and give them access to your most sensitive data, your CEO's files on day one? Probably not. Would you hire them without onboarding? Probably not. So we need to start thinking about how we treat agents differently. And when I think about, you know, the risks that organizations are facing, yeah, the rapid proliferation is freaking out. The leaders who are held responsible for making sure that agents behave. And I would say there's like the most consistent theme and sort of aligned with Kathy on this that we hear is, if I were to sum it up in a few words is, I'm flying blind. And it really what that comes down to is organizations, because they have agents being built sanctioned on sanctioned across many different tools. They lack a single pane of glass, to see like what agency even exists, to know what enough tools or data they have access to. They can't see what actions they've taken. They certainly don't know what mistakes they've made. And then if a mistake has been made, they may not even know how to remediate it. So I think it starts with the visibility and then it quickly translates to knowing the system, the things that your agents are touching and have touched and being able to, you know, track audit and control that. I guess nobody wants to kind of show up on the front page of Wall Street Journal for an agent leaking customer data, as Michael you showed in your example. Kathy, your research shows that almost 48% of organizations are investing in centralized management tools. Is it because human oversight isn't working? Like, how should organizations approach managing this, autonomous workforce? Yeah, I don't think it's so much about humans aren't working. I think it's, they have to really transform how they're working. And while a human might have responsibility for their own set of work, an agent might be working across multiple departments or across multiple areas with these processes. And I think we have to have visibility into what's happening. We also have to make sure that we are looking at this new attack surface here. So we have to make sure that we're managing that. But we also have to figure out how humans change and transform in this area where there are coworkers. I always talk about my coworker, my AI coworker told me whatever. And people are like, you have an AI coworker? And I'm like, we all do. We all have AI coworkers. And we have to figure out how they work together. How does one agent work with another agent? And how do we work in that whole ecosystem with agents? And figuring out that we're the ones that the humans are the ones that will be responsible for their effectiveness. And they have to change the way they interact with these new coworkers? One, I do think we need centralized management tools. Tools for all is just the biggest problem as Agents for all, and as we mentioned, people are building across tools. How do you bring that together? I agree with Kathy. I don't think it's a human problem. I think it's an agent problem. Agents move fast, they're unpredictable, you know, so we have to think differently. I mean, you talk to an organization, it's likely that's building agents. They probably have an agentic governance committee with paper policies where people are tracking, you know, as developers build them, here's what the agent's gonna do, here's what's not gonna do. But that doesn't actually help you at runtime. We need to move from paper policies to real time enforcement. And one, you need the platforms to do that. But I'm also a firm believer that the only way to do this effectively is with actual AI. I mean, if we think about agents, right? The ruthlessly goal oriented and they're unpredictable. And so our old rules based systems for, you know, security and governance don't really work in this kind of dynamic environment. You really need to understand the intent of the agent, the intent of your guardrails and use intelligence to apply that effectively. I think the best way I can actually articulate this is talk a little bit about how Rubrik is trying to solve this, and then show you actually how we do some intelligent policy management to really, with a real like use case, to sort of extrapolate that point. So let me just share my screen again here. Okay. So first just what we recently launched at Rubrik is saying we call Rubrik Agent Cloud. We GA ed it recently. We built this at the end of last year. We actually built it partially to use ourselves to help us manage all these agent building tools internally. We were actually customer number one. But it's really simple. The way we think about it is you need this sort of control layer that sits between your agents and your applications and your models that can do sort of some of things we've talked about centrally, Monitor. So you need to be able to get visibility into the agents that exist across these platforms, catalog them, inventory them, you can do audits. Then you need this notion of control, creating the rules of the road, and we call that, in Rubric, we call that policies. And then, as I mentioned, because agents, they're acting in an unbounded space, Some infinite things they can, where they can act, infinite way they can act in different creative ways they can do things, simple rules based systems don't work. So you really need AI to enforce them. Then of course, if something goes wrong, remediation's important. But we also just launched at RSA recently, this thing we called Rubrik, or sorry, Sage, which is our semantic AI governance engine. And this is really how we think about applying AI to the workflow. And it'll what it it's all built around is this idea. You can build policies for your agents that are customized for your agents based on your custom use cases. We use AI to refine those policies. And then we use an LLM that's specifically tailored to do governance to then monitor the agents, you know, the actions it's trying to take, and can determine is this congruent with our policies or not? Should I allow or not allow this behavior? Okay. And I think the best way to articulate or show this is actually how we do this within our, in our platform and how we think about intelligent policy creation and enforcement. So this is Rubric Agent Cloud. This is our dashboard. It shows us what agents we've discovered the agents that exist out there, started to catalog, which ones are risky, which ones are violating policies. But actually, what I wanna show you is that policy creation and enforcement workflow. So I think this is so critical to how we think about managing agents in a new way. So this is our policy hub where we create policies or the rules of the road, so that our agents don't go off track. And I'm gonna give you like a real sort of life use case. Let's imagine we're a financial institution, and we wanna build like a financial bot that can help our customers understand our financial products, understand market trends, understand how those products fit into, you know, the kind of decisions we're making, but we do not want our agent to go give financial advice. So I'm gonna say, do not give financial advice. And you can see, I'm just running this in plain English. Right? I'm not writing any code. And I think this is really important. If we were to try to use like a legacy sort of like approach of like a pattern matching for keywords or a Regex system to stop an agent from giving financial advice, because we want that to be in the realm of humans. Right? If you're trying to codify that and code it, you might code, you know, terms into your platform, guardrail say, hey, an agent's never say words like buy or sell, but there's many different ways that an agent can give financial advice. So you really need something a bit more intelligent. So I'm gonna type in the policy and the engine's gonna start to create the edges and shape of that policy. And so what the platform has done right away, it scores my initial policy. It tells me, is it weak or strong? And essentially, this is a measurement of ambiguity. So the more precise the policy, the more enforceable it is. If it's a strong policy, it's gonna be really enforceable. And what we've done in the platform is we use intelligence to one, give you a better definition for your policy and then recommendations. So we noticed this policy was moderate score, so it could be stronger. So it give you things like key definitions to help shape that policy more. So things like what is considered financial advice and what is general financial information? We've also provided some examples of what is, could be a violating a violation, right? And something that the policy would block or something that is safe. So example, should I invest in Tesla stock? The policy would, as an example, know that, hey, this kind of phrasing is not great. Now, this is a really great workflow to start to like, you know, iterate on your policy, build a strong policy, but really what matters is the ability to then enforce it. And so give me a sec here. I'm gonna pull up a prompt. And the only way, as I mentioned before, you can enforce this is with intelligence, right? You need a model under the hood. And so we have this, you know, proprietary custom governance model that can understand both the intent of the user or the agent and the intent of the policy. So let's test it out. If I were to take this do not give financial advice policy, and in this case, the AI agents said institutional investors are increasing their purchase of Rubrik shares. Is this a violation or not? So using that intelligence, we can tell that even though it says things like Rubrik shares, strong performance, this isn't actually advice. It's just telling what's going on in the market and deemed safe. Now, on the other side of the coin, what if I asked or what if the agent said to the user, you should consider getting Ruric shares for long term sustained growth potential. Let's try that one. Now, in this phrasing, didn't, you know, the agent didn't say, hey, you should go buy this. This is a strong buy. It's actually saying you should consider getting these shares. It's using its own kind of phrasing. Right? Now that's really important because this is where a Regex rule would not catch that, but using intelligence, you can start to catch these kind of violations. And it's really important when working with agents, because we mentioned before, right, they're unpredictable and they're creative and the way they respond changes. So you have to have that intelligence layer to actually govern them properly. Anyways, I'll stop sharing for now, but I just wanted to use that to help articulate the point. Well, it's super cool to see, Michael. Thank you for sharing. Okay. So we have the tech stack coming into focus. We have visibility. We have real time guardrails. We have remediation. I'd like to talk for a second about the humans in the room. So, Kathy, in the report, you stressed the need for people and processes changes in addition to technology. So what is, in your view, the biggest cultural and organizational hurdle that companies hit when trying to manage this new workforce? I think it's the way that we have to adapt, like I said, to these changes, to this digital coworkers that we have. We have to figure out what they should do, what they're good at, what they're not good at, and how we adapt as humans to incorporate that into our processes. We need to make sure that we're able to look at each part of the technology stack and make sure that each part of the technology stack from the data to the models to the applications to the agents to the interoperability, even the software supply chain. All of those need to be governed, and we need to make sure that we're taking care of that. And so the people have to look at all those parts of the stack and make sure that each one of them are governed. Because as soon as you let one part of the stack go, there's a vulnerability. And that's where you'll get the leakage and the bad effects of these applications. I know a lot of organizations are really just trying to manage the application layer, the agent application layer, but they have to think about everything beneath there. And we as people need to make sure that we are interacting differently with the agents and making sure that they're helping us and not harming us. Wow. Okay, Joel. That makes total sense. I think we have a couple of more minutes left or one more question at least. Let's fast forward to the 2026. What is the one thing that every leader on this call should go back to their office and audit tomorrow morning to ensure they are safely scaling agents and not scaling risk on top of it? They need to make sure that they know where the AI is in their organization. So that discovery part of it is really important. And they need to figure out that right away. If they don't already have a handle on that, they need to figure that out. But then they need to progress from there into, how do I observe? How do I get deep into how these agents are working and what they're touching and what their permissions are? And really get a handle on that and then make sure that they're trying to put the right governance around that. But I think the first stage is figure out where these things are going on, where is the AI. And I think they need to take a deep look at that and see how far and remember that the AI has to be tied tightly to their strategy. And so are agents the right thing to be working with? Is it rules based systems? Because it doesn't all have to be AI. Totally. I totally agree. I mean, agents aren't the solution for everything. Right? I agree with you also, like, you know, visibility is really table stakes, you know, if you're not making efforts now to understand, you know, the agents that are being built in your organization, and the systems are touching, and who's creating them, that is probably honestly, to some extent already too late, but it's not really too late. There's always time to do it, but you should be thinking about that right this moment. And I think people then really quickly need to evolve how they're thinking about these agentic systems I mentioned before. Paper policies are not enough. Having a governance committee is not enough. Yes, you have developers who will build these agents with the best intention. They'll put guardrails in at the model level. But as we talked about before, agents are highly unpredictable and they operate in this unbounded action space, where they can cleverly use different tools, do things in novel ways. And you really need to think about what are the types of use cases we're doing in the policies and when policies and guardrails we want, but how can you really enforce that? And again, I'm a firm believer that the differentiation is going to be using intelligence. When you have something that moves that fast and is accurate, if you kind of need that human intelligence, because you can't have a human review every single agent action. Need an I was working on a blog with an engineer here. He called it an adult in the room. You need that net governance capability, that intelligence, it's like an adult in the room. He had another great actually phrase I'll mention, which was, you know, think of agents like water against a dam. Okay. They're trying to solve that task, and they will find the cracks in that dam. So you need to have these intelligent systems that are watching for that. And then it's also good to have a remediation plan as well. And so at, you know, for example, like, you know, Rubric and in Agent Cloud, we have this notion of rewind, where if you have an agent that, you know, disrupt some data, we leverage our Rubric heritage here and can restore that data very quickly. And I think having those plans are just as important as well. How are you going to remediate from a database change that could be, you know, SEV-one critical? How do you have things in place that can quickly repair that, detect it in real time and quickly repair it is just as important as having those guardrails, because we do know that agents will go rogue at some point. The best laid plans, you know, they're great and you should have them, but always assume the worst, right? Or in the security world, they say, right? Assume breach. So assume rogue, I guess. And always know how to apply control Z. That's how I call Yes. Your Control Z your agent mistakes if you can. Yeah. The ones that you can. Well, yeah, thank you so much, Kathy and Michael. This is such a great reality check. Thank you for helping us navigate the realities of this new autonomous workforce. And to everybody watching, if you're feeling like you're flying blind with your own agent rollout, don't worry. You're obviously not alone. We've put together a few resources to help you bridge this governance gap. We'll be sending out the recording and these links to your inbox shortly as well as the link to the IDC report that Kathy walked us through today. It's super interesting. It's packed with stats. Highly recommend to download and read it. And thank you, everybody, for joining. Let's go build, operate, and scale AI with confidence. See you next time. Great. Thank you.