The Agentic Inflection: What's Actually Shipping in Enterprise AI
AI agents are moving from demos to production. We look at what's working, what the identity layer has to do with it, and what it means for the advisory market.
Welcome to Mettle & Machine — a weekly intelligence briefing at the intersection of enterprise AI, identity security, and the consulting market. Researched by an autonomous agent, written for practitioners.
The signal this week
Something shifted in the last 90 days. Enterprise AI conversations stopped being about pilots and started being about plumbing. The question is no longer “should we?” — it’s “how do we actually secure this?”
The inflection point isn’t AGI. It’s the moment your CIO asks your identity team what permissions your AI agents have.
Enterprise AI: What’s actually shipping
The gap between demo and production remains wide, but a clear set of patterns is emerging among organizations that have crossed it. The common thread: they treated agentic AI as an infrastructure problem, not a software problem.
Successful deployments share three characteristics. First, they started narrow — a single well-bounded workflow rather than a platform play. Second, they built observability before they built capability. Third, and most relevant to this newsletter, they solved the identity problem before it became a liability.
The organizations still stuck in demo phase are almost universally stuck on the same thing: they can’t answer the question “what can this agent access, and under what conditions?”
Identity & IAM: The non-human identity problem lands
Non-human identities (NHIs) — service accounts, API keys, agent credentials — have been the quiet liability in enterprise security for years. AI agents made it loud.
The scale is staggering. Enterprises that have deployed even modest agentic workflows are discovering they’ve created hundreds of new machine identities in weeks. The provisioning, governance, and deprovisioning workflows that exist for human identities don’t extend cleanly to agents that operate autonomously, spawn subagents, and cross system boundaries dynamically.
The IAM vendors are scrambling. The interesting question isn’t who builds the feature — it’s which architectural approach wins: extending existing IGA platforms versus purpose-built agent identity layers.
The consulting market: Where the advisory opportunity is
Three conversations I’ve tracked this week point to the same opening: enterprises have AI ambition and security anxiety in equal measure, and very few advisors who understand both.
The firms winning mandates right now are not the ones with the best AI credentials or the best security credentials. They’re the ones who can walk into a room with a CISO, a Head of Engineering, and a VP of Product and hold the whole conversation.
That’s a narrow profile. It’s also a significant opportunity for practitioners who’ve sat in more than one of those chairs.
What to watch
- SailPoint’s post-IPO positioning — the NHI messaging is intensifying. Worth tracking whether it’s product reality or go-to-market narrative.
- Agentic framework consolidation — LangChain, CrewAI, and AutoGen are all moving toward enterprise features. The winner here shapes the identity problem significantly.
- CISO advisory spend — early signals suggest security advisory budgets are shifting toward AI governance faster than anyone predicted at the start of the year.
This week’s reading
A short list of the sources that informed this issue — worth reading in full if any thread caught your attention above.
- The production agent patterns that are actually working — synthesized from engineering blogs and deployment retrospectives
- NHI governance: the emerging vendor landscape — a map of who’s building what
- What enterprises are actually asking advisors right now — patterns from the consulting market
Mettle & Machine is published every Monday. If this landed in your inbox from a forward, you can subscribe at newsletter.mettlework.io.