When you attend a meeting this week, there’s no way you won’t encounter a new AI agent. They’re everywhere. Agents are booking meetings, analyzing supply chains, processing invoices, managing support, onboarding employees, even detecting fraud.
But here’s the disconnect: For all the sophistication and promise, when CIOs or architects are asked what those agents do and how many they have in use, the response is silence. For CIOs, that silence is both a visibility gap as well as a risk to trust, security, and scalability.
We’ve seen enterprises cycle through wave after wave of sprawl: servers, virtual machines, cloud, containers, containers-in-the-cloud, APIs – you name it. Now it’s agents. And we all know how history repeats itself.
The technologies evolve, but the enterprise challenge doesn’t. Every wave of sprawl hits the same wall; moving from prototype to production requires governance, security, and trust. And in the agentic era, those concerns are even more critical.
Challenges on the horizon
As an architect who’s worked with some of the largest companies across industries, the same challenges keep surfacing:
- Proliferation without visibility: Teams are creating agents at speed, with little organizational enablement. There’s no consistent inventory or registry of what exists, where they live, or what they’re authorized to do.
- Unclear autonomy boundaries: Leaders wrestle with the question of when an agent should act on its own versus require human approval.
- Limited traceability: When something goes wrong, it’s hard to prove what happened and why.
- Uncertain ROI: Demos impress, but sustained value is unproven.
One reason these challenges are surfacing so quickly is because the fastest-growing programming language is – by far – English. With natural-language coding and “vibe” platforms lowering the barrier, anyone can now “build” an agent.
Key considerations: How to prepare
From our work on Digital to Agentic Transformation and the follow-on Architectural Patterns for the Agentic Era, there are a handful of considerations that separate the organizations experimenting with agents from those preparing to scale them. For CIOs, these aren’t technical checklists; they’re strategic imperatives that determine whether agents become business accelerators or uncontrolled experiments.
- Visibility and control: CIOs need a clear line of sight into what agents exist, what they do, and how they evolve. Without visibility, governance is impossible.
- Risk management and trust: Set clear boundaries for autonomy, when agents act independently versus when humans intervene, with policies and controls to enforce them.
- Governance and assurance: ensure every action is observable, explainable, and compliant with enterprise standards.
- Measurable impact: Tie agent outcomes directly to business KPIs so CIOs can demonstrate ROI at the board level, not just showcase compelling demos.
Without these conditions for trust, agents stay stuck in pilot mode. With them, CIOs have a unique opportunity to move faster on agentic digital transformation than in any previous wave of technology.
A fabric for enterprise trust
Enterprises don’t need another disconnected tool. They need to recognize that agentic AI is an integration challenge at its core. To unlock new use cases and potential, agents must orchestrate across a diverse ecosystem of peers, LLMs, vector databases, MCP servers, APIs, and more.
We’ve solved orchestration challenges before in the API world (SOAP, REST, GraphQL, and events) with security, governance, and observability built in. Extending that foundation with agentic protocols and patterns creates what we call Agent Fabric – a tightly woven layer that registers, orchestrates, governs, and observes agents across the enterprise.
At MuleSoft, we’re building this vision into the MuleSoft Agent Fabric, extending our integration, governance, and observability strengths into the agentic era. It’s how agents become safe, transparent, and enterprise-ready.
This kind of “trust fabric” would do for agents what it does for APIs:
- Register agents and their approved capabilities
- Orchestrate and route intelligently across agents and systems
- Enforce autonomy tiers and compliance through governance and security
- Observe end-to-end interactions with audit-ready telemetry
APIs only became enterprise-ready once they were governed and observed. Agents will follow that same path, and MuleSoft Agent Fabric is the bridge.
At a recent MuleSoft Connect:AI event, I was asked where the most friction comes in for adopting agentic AI. Friction will persist until there is confidence and control for executives, speed and reuse for teams, and measurable ROI for the enterprise.
Friction will be overcome. Every enterprise will have agents. The question is whether these agents will sprawl unmanaged or operate within a fabric of trust that makes them safe to scale.
Scaling agents responsibly with a foundation of trust
Agents don’t become enterprise-ready because of one capability. It takes a fabric including registration, orchestration, governance and observation woven together. With that foundation in place, enterprises won’t just experiment with agents, they’ll trust them, and CIOs will finally have a framework to scale them responsibly.