AI Agent Tooling Is Getting Easier to Connect to Enterprise Systems — Should Boards Be Worried?

THE SIGNAL

AI Is Starting To Act Inside Enterprise Systems.

Until recently, connecting AI to a CRM, a finance platform, or a data store required significant integration work and access reviews. That friction provided natural governance layer by keeping central (IT) teams in the loop.

In late 2024, the Model Context Protocol (MCP) was released. Within a year, every major AI provider including Anthropic, OpenAI, Google and Microsoft adopted it. There is now a common “plug” for AI to talk to enterprise systems, and it is operational. ChatGPT alone has shipped MCP connectors for Jira, Slack, Google Drive, SharePoint, Stripe, and others — with write actions, not just read. No IT ticket required.

With connection this easy, employees are no longer waiting for internal tools — especially when the capability is lacking. They may even connect to enterprise systems with the public AI accounts. And when they do, the AI acts with the employee’s identity — inheriting every access right that the identity carries, including the ones that were over-granted, never revoked, or temporarily elevated and forgotten. This becomes the action surface with which AI acts.

WHY THIS MATTERS

The Capability Gap Is Driving The Bypass. The Identity Gap Is Common To Both Sides.

It would be tempting to read this as a public-tools problem — the fix being to move everyone onto sanctioned platforms like ChatGPT Enterprise or Co-pilot. This closes just part of the problem, not all of it.

Sanctioned tools address tenant risk - Data stays within your perimeter, Audit and compliance boundaries are clearer. But they do not resolve identity risk - AI still acts using the employee’s credentials, the AI sees what the employee sees, the audit trail names the human, not the AI.

Industry direction is beginning to respond. Identity platforms are moving toward treating AI agents as distinct identities - with named owners, scoped access, and independent revocation. But that is not yet the current state.

EXECUTIVE IMPLICATION

What This Stresses Or Breaks

1. Ownership of outcomes is unclear. When AI takes an action, it is no longer obvious whether it belongs to the data team, the technology function, or the business.
2. Decision rights are being set informally. Business teams are deciding where AI can act through configuration choices made in the tools they already use. The authority has already moved. The accountability has not.
3. Governance lags behaviour. The policy was written for a world where connection was a project. The world has moved on. The policy has yet to catch up.
4. Your internal AI estate carries two problems. The first is capability, your sanctioned tools lag behind public platforms. The second is identity, even the tools you do control act with your employees’ credentials, not their own.
5. The identity model you have was not built for this. Okta, Microsoft, Google, and NIST are all moving toward AI agents as first-class identities, with named human owners and short-lived credentials. That is the destination but it is not yet the complete.

RECOMMENDED ACTION

• Map where AI is already acting - and from where.
• Audit the Enterprise AI vs Public AI capability gap honestly.
• Name one executive owner for AI-to-system connections.
• Separate action risk from model risk and data risk.
• Start separating the human from the agent in your identity model.

BOARD TALKING POINTS

• AI is beginning to act inside our systems, not just inform our decisions.
• Whether the AI runs through our tools or around them, the governance question is the same - who is authorised to act, and how do we know.
• Blocking will not close the gap. Capability will. But capability without an identity moves the risk.
• We are moving toward treating AI agents as identities in their own right, separate from the employees who direct them.

CLOSING REFLECTION

This is not a future shift. It is already underway — quietly. Some action runs through your sanctioned tools. A growing share runs through tools you have no line of sight into, because those tools are more capable. And even the ones you do control are acting with your employees’ identities, not their own.

The direction out of this is starting to become clear — agents with their own identities, their own owners, their own scoped access. Getting there is the work of the next generation agents

About This Brief

Executive Data & AI Brief is a weekly, decision-grade publication for senior leaders navigating Data & AI risks, operating-model change and value creation.

Written by Emmanuel Asimadi, a fractional Data & AI Leader and former enterprise Head of Data & AI. I support leadership teams modernise and deliver Data & AI ROI fast - through focused AI Readiness & Operating Model Assessment or Fractional CDAO support. If this is a live need, feel free to get in touch.