The World Doesn't Need More Tools for Building Agents. It Needs the Infrastructure to Ship Them

Published by Souvik Sen in Product Launch
Table of contents
The Five Forces Making Enterprise Readiness Urgent
The Cloud Security Parallel: We've Seen This Movie Before
What "Enterprise Ready" Actually Means for AI Agents
The Competitive Landscape Is Fragmented — and That's the Problem
What We're Building at Ema
There has never been a better time to build an AI agent. Open-source frameworks, foundation model APIs, drag-and-drop tooling, and natural-language-to-workflow builders mean a working prototype can be running in an afternoon. Customer support bots, HR assistants, IT help desks, document processors, sales intelligence tools — every enterprise has a growing portfolio of agent experiments.
But look closer and you'll see a pattern: most of those agents never make it to production.
They work in demos. They impress in POCs. And then they hit the wall — the three-to-six-month gauntlet of security reviews, compliance approvals, access control configuration, audit trail requirements, cost attribution, human oversight design, and IT governance that stands between a working prototype and an enterprise-grade deployment. Building the agent took a week. Everything else takes months. And most projects don't survive it.
This is the dirty secret of the agentic AI era: building agents is easy; shipping them to production with enterprise rigor is brutally hard. The industry is awash in agent-building tools and frameworks. What's missing is the infrastructure to actually run agents in production — governed, compliant, observable, secure, and cost-controlled — at enterprise scale.
The gap between "built" and "shipped" is where most agentic AI projects go to die. And it's a gap that widens, not narrows, as organizations scale from one agent to fifty to two hundred. Each new agent multiplies the governance burden, the security surface, the compliance scope, and the operational complexity.
This is the story of what it actually means to ship AI agents to production with enterprise readiness — why it's so hard, and what the industry needs to do about it.
The Five Forces Making Enterprise Readiness Urgent
The pressure to govern AI agents isn't theoretical. It's being driven by five converging forces that every enterprise is feeling right now.
Compliance is no longer optional. The EU AI Act took effect in August 2025. NIST's AI Risk Management Framework has become a de facto enterprise requirement. ISO 42001 established the first international standard specifically for AI Management Systems. SOX, HIPAA, and GDPR audit requirements now extend to AI-assisted decisions. Every agent that touches customer data, makes financial decisions, or influences hiring needs an auditable trail of its reasoning, documented access controls, and evidence of bias and safety testing. Without governance tooling, compliance is manual, expensive, and error-prone.
Shadow agents are proliferating. Just as "shadow IT" emerged when employees adopted cloud SaaS tools without IT approval, "shadow agents" are appearing across enterprises. Business users build agents using ChatGPT, Copilot Studio, or open-source frameworks — without security review, data classification, or access controls. Industry analysts estimate that by 2027, unauthorized agents in a typical enterprise will outnumber authorized ones three to one. CISOs can't govern what they can't see.
AI costs are invisible. Agent costs are growing 30–50% quarter-over-quarter at many enterprises, driven by token consumption, API calls, compute for inference, and tool usage fees. Unlike traditional software with per-seat licensing, agent costs are variable and nearly impossible to attribute. Which department is spending the most? Which agents are cost-effective and which are burning tokens with low business value? Without agent-level cost attribution, enterprises are flying blind on one of their fastest-growing cost centers.
Nobody can explain why an agent did what it did. Current frameworks provide execution logs — what happened — but not decision lineage — why it happened. This gap is critical for customer-facing agents, autonomous financial decisions, legal and HR processes where every decision must be defensible, and incident response where root cause analysis requires understanding agent reasoning, not just its outputs.
The multi-vendor reality makes single-vendor governance impossible. A typical enterprise in 2026 runs Microsoft Copilot agents for productivity, custom agents on LangChain or CrewAI for specific workflows, Salesforce Einstein for CRM, ServiceNow agents for IT, and internal teams building directly on OpenAI or Anthropic APIs. No single vendor's governance layer covers all of them. Microsoft's Agent 365 only governs Microsoft ecosystem agents. Google's Vertex AI only covers GCP. AWS Bedrock only covers AWS. The enterprise needs a vendor-neutral governance layer — and it doesn't exist yet in most organizations.
The Cloud Security Parallel: We've Seen This Movie Before
If this pattern sounds familiar, it should. The shift from on-premise to cloud created the exact same governance vacuum — and the exact same market opportunity.
When enterprises moved to the cloud, they initially focused on making things work. Then, as cloud adoption scaled, they realized they had no centralized way to manage security posture, enforce policies, track costs, or maintain compliance across multiple cloud providers. That gap spawned a multi-billion-dollar ecosystem: Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWPP), observability platforms like Datadog and Splunk, FinOps tools, and infrastructure-as-code governance.
The agent world is following the same trajectory, with direct one-to-one parallels. Cloud service registries map to agent registries. IAM maps to agent access control. CSPM maps to agent posture management. CloudTrail maps to agent audit trails. API gateways map to agent gateways. Terraform maps to agent templates. Cost management maps to agent FinOps.
But agents also introduce three governance challenges with no cloud equivalent. Prompts are the "source code" of agents — they need version control, A/B testing, and governance of their own. Decision lineage goes beyond what cloud traces capture, because agents need to explain why they acted, not just what they did. And output governance — content filtering, hallucination detection, PII redaction — has no analog in traditional cloud security, where the concern was primarily about inputs, not outputs.
The cloud security market grew from a niche concern to over $40 billion within a decade. Agent governance is on the same curve, compressed by the speed at which AI is being adopted.
What "Enterprise Ready" Actually Means for AI Agents
So what does it take to run agents in production at enterprise scale? Based on what we've learned deploying AI across 16 global enterprises — including KPMG, Hitachi, Allstate, MetLife, Wipro, and ADP — enterprise readiness breaks down into six interlocking capability areas.
1. Agent Identity and Lifecycle Management
Every agent needs a structured identity — not just a name, but a full profile with a unique ID, version tracking, ownership, status lifecycle (from initialization through production to retirement), access levels, trigger types, and linkage to the workflows it participates in. This is the foundation for everything else: you can't govern what you can't identify.
At Ema, every agent is built on a structured identity model with 30+ fields, and four distinct agent types — each with purpose-built human-in-the-loop integration at critical decision points. Deprecation warnings, version tracking, and status lifecycle management mean agents don't just run — they have governed lifecycles from creation to retirement.
2. Access Control That Goes Beyond Basic Roles
Production agents need fine-grained access control at multiple levels: who can build agents, who can modify them, who can interact with them, and what data and tools each agent can access. A three-level role-based access control system — workspace-level administration, builder access, and guest access — with per-agent permission grants provides the foundation. But enterprises with complex organizational structures need custom role composition, department-scoped permissions, and eventually attribute-based access control driven by data sensitivity, risk scores, and contextual factors.
Ema's platform currently manages 105+ users across production deployments with granular per-agent access grants — more fine-grained than what most platform incumbents offer today.
3. Multi-Model Intelligence with Cost Control
Enterprise agents can't be locked to a single model. Different tasks within a single workflow have different requirements — some need maximum accuracy, some prioritize speed, some should minimize cost. A multi-model routing engine that automatically selects the optimal model for each sub-task, with configurable optimization priorities (balanced, fastest, cheapest, most accurate), turns model selection from a technical bottleneck into a FinOps control.
Ema's EmaFusion engine routes across 100+ LLMs, with PII obfuscation at the routing layer so sensitive data is redacted before reaching any model, regardless of which one is selected. When one step uses an open-source model instead of a premium API because accuracy isn't critical there, the cost savings are visible and attributable.
4. Observability and Decision Lineage
Agents in production need three layers of analytics. Platform-level metrics track workflow runs, agent runs, and tool calls with success, failure, and abandoned states. Per-agent metrics track visitors, outputs generated, feedback ratings, and daily trends. And action-level debug tracing provides graph views, color-coded execution states, I/O inspection at every node, and full LLM prompt/response visibility.
The missing piece for most platforms is decision lineage — the full causal chain from input through reasoning to action. Execution logs tell you what an agent did. Decision lineage tells you why. For regulated industries, this isn't a nice-to-have; it's an audit requirement.
5. Governance Built Into the Building Process
The fastest path to governed agents isn't bolting governance onto agents after they're built — it's building governance into the platform so every agent inherits it by default.
Pre-built templates are the key accelerator. Each template is a governed agent blueprint with access controls, guardrails, and audit trails already configured. Enterprises pick a template for HR, customer support, IT help desk, sales intelligence, or document processing, customize it to their data and policies, and deploy. This is how Hitachi went from zero to 50,000 employees served in under four weeks, and how David Lloyd Clubs automated 70% of HR queries and freed 1,000+ hours in their first three months.
The building process itself matters enormously. At Ema, agents can be created three ways — visual drag-and-drop workflow design, YAML code for engineers who want version control and CI/CD, or natural language descriptions that an AI Auto Builder converts into complete workflows. All three produce the same governed, production-ready output. The builder chooses their preferred interface; the platform ensures governance regardless.
6. Defense-in-Depth Security
Enterprise readiness means security at every layer, not as a feature checklist. Infrastructure security with DDoS protection, WAF, intrusion detection, and network micro-segmentation. Zero-trust communication with mTLS everywhere and cryptographic service identity. Encryption at rest (AES-256 with customer-managed keys) and in transit (TLS 1.3). AI-specific security including three-layer prompt safety (input validation, contextual awareness, response filtering), DLP integration, and automated PII detection and redaction before data reaches any LLM.
Compliance isn't an afterthought — it's continuous. Ema maintains 100% pass rates across SOC 2 Type II (80/80 controls), ISO 27001:2022 (123/123 controls), HIPAA (73/73 controls), and holds ISO 42001 certification — the first international standard specifically for AI Management Systems. This is why enterprises like Allstate, MetLife, and Prime Therapeutics trust the platform with their regulated workloads.
The Competitive Landscape Is Fragmented — and That's the Problem
Today, an enterprise that wants comprehensive agent governance needs to stitch together five to seven vendors — and even then, significant gaps remain.
Platform incumbents like Microsoft, Google, and AWS offer governance tightly coupled to their own ecosystems. Microsoft's Agent 365 is explicitly positioned as "the control plane for agents" — but it only governs agents in the Microsoft ecosystem, fragments enforcement across four or more admin consoles, and can't discover or govern agents from other platforms.
Agent security startups like Zenity and Prompt Security offer valuable capabilities in narrow domains — shadow agent detection, prompt injection defense, PII filtering — but they don't build agents, orchestrate workflows, or provide lifecycle governance.
Observability players like LangSmith and Datadog offer excellent tracing, but no governance, access control, or policy enforcement.
Agent frameworks like LangChain, CrewAI, and AutoGen are developer tools, not enterprise platforms. They offer minimal governance and require months of custom work to reach production readiness.
The result: no single vendor offers a complete, platform-agnostic agent control plane. The enterprise that solves this — combining agent building, multi-model routing, workflow orchestration, evaluation, governance, and compliance in a single platform — captures the category.
What We're Building at Ema
Most AI platforms are optimized for building. Ema started from a different premise: the hard problem isn't building agents — it's shipping them. Speed to production and enterprise readiness aren't trade-offs — they're the same thing. The fastest way to get agents into production is to build governance into the platform so deeply that it's invisible to the builder and automatic for the operator. When security, compliance, access control, and observability come pre-configured rather than bolted on after the fact, the three-to-six-month production gap collapses.
Today, Ema is the platform behind production deployments at 16 global enterprises, serving tens of thousands of users. Hitachi serves 50,000+ employees across three group companies with 70% efficiency gains and 90%+ accuracy. BigBlue resolved 70% of customer tickets automatically with 12x ROI in their first year. The platform tracks 8,900+ agent runs in production with tool-call-level analytics.
But we think the bigger opportunity is ahead. As enterprises scale from dozens to hundreds of agents across multiple frameworks and vendors, they'll need what we call the universal agent control plane — a single governance layer that works across every agent, every model, every framework. Not locked to one ecosystem. Not limited to one slice of the problem.
We're building toward that future in phases. Near-term: making Ema-native governance best-in-class with custom roles, connector policy engines, cost attribution, guardrails management, anomaly detection, and decision lineage visualization. Next: enabling governance of third-party agents through open SDKs for registration and observability, MCP-compatible tool governance, and extensible guardrails engines. Long-term: shadow agent detection, attribute-based access control, agent certification frameworks, multi-framework orchestration, and automated compliance evidence generation.
The thesis is simple: the world doesn't need more tools for building agents. It needs the infrastructure to ship them — securely, compliantly, and at scale. Every enterprise that runs AI agents in production will need a governance layer as comprehensive as what they have for cloud infrastructure. The platform that closes the gap between "built" and "shipped" — making enterprise readiness automatic rather than a months-long ordeal — wins.
That's what we're building.
To learn more about running AI agents in production with enterprise-grade governance, visit ema.co.