The Agentic Enterprise -- June 24, 2026
The Agentic Enterprise AK · Wed, Jun 24, 2026 · 8 min
Wednesday, June 24, 2026
The agent you can finally audit.
ServiceNow and NVIDIA's Project Arc puts deny-by-default governance inside an autonomous desktop agent. The feature enterprises wanted was never autonomy.
For two years the objection to autonomous agents has been three words: I cannot audit. Project Arc starts with zero permissions, logs every action it takes, and grounds itself in the company's own system of record. The autonomy is almost beside the point. And the moment the audit problem gets solved, the market around it moves, from Sierra and Cognition to Mistral and Hippocratic AI.
The Lead
For two years the enterprise objection to autonomous agents has been the same three words: I cannot audit.

An agent that acts on its own across your systems is a compliance problem wearing a productivity costume, and most CISOs treated it accordingly. The interesting development is not that the agents got more capable. It is that someone finally shipped one you can put on a leash.

Project Arc, the autonomous desktop agent ServiceNow and NVIDIA built, is the clearest example. It starts with zero permissions, runs every action inside a sandbox that logs what it touched, and grounds its decisions in the company's own system of record. The autonomy is almost beside the point. What changed is that the governance is now part of the product, not a policy document you write afterward and hope someone follows. And the moment the audit problem gets solved, the rest of the market moves: a wave of vertical and open-model startups, from Sierra and Cognition to Mistral and Hippocratic AI, is racing to fill the layer above and below the governed agent. The agent era stopped being about what the model can do and started being about what you can prove it did.
The Big Story Product
The real unlock for enterprise agents is not autonomy. It is the audit log.
P roject Arc, the long-running autonomous desktop agent ServiceNow and NVIDIA introduced at ServiceNow Knowledge 2026 with Jensen Huang and Bill McDermott sharing the keynote stage, is built around a feature that sounds mundane and is actually the whole story: you can see everything it does. The agent lives on an employee's desktop and completes multi-step work on its own, but every action runs inside NVIDIA OpenShell, a sandboxed runtime that operates deny-by-default. The agent starts with zero permissions and receives access only to what enterprise policy explicitly allows. Every outbound connection is intercepted by a policy engine that allows it, routes it, or blocks it.

Sitting above that is ServiceNow's AI Control Tower, which sets the policies, monitors behavior, and logs the files read, the commands executed, and the APIs called. Powered by ServiceNow Action Fabric and grounded in the company's configuration management database, the agent knows how work actually gets done inside that specific enterprise, not just how work gets done in general.

Read past the demo and the strategic claim is precise. For two years the blocker to production agents was never capability; it was that no CISO could approve a system whose actions could not be reconstructed after the fact. Project Arc treats that as the product, not the disclaimer. Auditable autonomy is the thing being sold, and autonomy is almost the commodity part.

An agent that acts on its own is a liability. An agent that acts on its own and logs every step is a hire. The difference is the audit trail, and the audit trail is now the product.

This also reveals where the lock-in moves. The agent's power comes from being grounded in the system of record, which means the vendor that owns your operational data owns the most capable agent in your building. The model underneath is increasingly swappable. The governed runtime and the system-of-record grounding are not. Project Arc is in early preview; the AI Control Tower integration with NVIDIA's Enterprise AI Factory validated design is generally available.

The Spearhead Take
Evaluate governed agents on the quality of their audit trail before you evaluate them on capability, because the audit trail is what your risk committee will actually ask about. But notice the trade: the deny-by-default runtime that makes the agent safe also deepens your dependence on whoever owns the system of record it is grounded in. Get the governance, and negotiate the exit at the same time.
The Obvious & The Overlooked
What everyone saw, and what they did not.
The Obvious
Agents are going to production with governance attached.
Project Arc, AI Control Tower, and sandboxed runtimes signal that autonomy now ships with an audit trail. NVIDIA
Vertical agents are where the money is going.
Legal, healthcare, and compliance specialists like Harvey, Hippocratic AI, and Vanta are out-raising horizontal players. Tech Funding News
Open, efficient models are closing the gap.
Mistral and Cohere now ship models that run on a laptop or a single GPU, not a data center. VentureBeat
The Overlooked
Governance is the product now, not autonomy.
The deny-by-default runtime, where an agent starts with zero permissions, is the feature CISOs were waiting for. NVIDIA
The agent moat is your system of record, not the model.
Project Arc's power comes from grounding in the CMDB. Whoever owns your operational data owns your best agent. ServiceNow
Small models quietly change the deployment math.
Cohere's North runs on one GPU; Mistral runs on laptops. On-prem agents sidestep token bills and data-residency rules at once. TechCrunch
The startups specialize where the megacaps cannot.
Vertical agents show 3 to 5x higher retention than horizontal tools, because compliance and domain accuracy are not generic. Tech Funding News
Moving Pieces
Five developments worth a CIO's attention.
Deals
Sierra raises $950M, and the agent specialists pull away from the pack

Sierra, the enterprise AI agent company founded by Bret Taylor and Clay Bavor, raised a $950 million Series D at a $15.8 billion valuation, while Cognition closed more than $1 billion for autonomous code production. The numbers matter less than what they signal about where capital now believes the value sits. These are not model labs. They are companies building the orchestration, the guardrails, and the domain depth that turn a capable model into a system an enterprise will actually run. Investors have stopped funding application wrappers and started funding the hard middle layer: multi-agent coordination, security, and the integration work that makes autonomy survivable in production. The model is assumed. The engineering around it is the business.

Product
Mistral and Cohere make the case for small, open, and on-prem

Mistral released Mistral 3, a family of open models that run from smartphones and drones to enterprise cloud, with a mixture-of-experts flagship and compact variants down to 3 billion parameters, all under Apache 2.0. Cohere, meanwhile, ships Command A on two GPUs and runs its North agent platform on a single one. For enterprises, this is the quiet counterweight to the frontier arms race. Not every workload needs a 2-million-token frontier model billed by the token. A model small enough to run inside your own firewall solves data residency, latency, and cost in one move, and the gap to frontier quality keeps narrowing. The interesting question for 2026 is not which lab has the best model. It is how much of your agent stack you can bring on-prem.

Deployment
The regulated verticals are where agents are actually working

The clearest production agent stories this year are not horizontal copilots; they are narrow systems in regulated domains. Hippocratic AI runs patient communication, scheduling, and post-discharge follow-up on HIPAA-compliant infrastructure with specialized medical knowledge. Vanta's agents automate evidence collection and continuous control monitoring across more than 30 compliance frameworks. Both work because the domain is bounded and the compliance is built in, which is exactly what general-purpose agents struggle with. The lesson for enterprise buyers is to stop evaluating agents as a single category. A horizontal assistant and a HIPAA-bound clinical agent are different products with different risk profiles, and the vertical ones are further along precisely because they gave up generality for accountability.

Sources: Wellows · Demand Sage
Workforce
Challenger makes AI the No. 1 stated reason for layoffs

Challenger, Gray & Christmas reported that US employers announced just over 97,000 job cuts in May, with more than 38,000 in tech, the sector's worst month since August 2024. The firm attributed 38,579 roles, about 40% of tech cuts, to AI, the most in any single month and the third straight month AI led all stated reasons. Year to date, AI has been cited in 87,714 cuts, already past the 54,836 for all of 2025. One caveat keeps this honest: Challenger tracks employer self-attribution, not verified causation, and "AI" is a convenient label for cuts a company wanted to make anyway. The trend is real. The precision is not.

Sources: CNBC · Yahoo Finance
Policy
The AI labs are now spending real money on the midterms

Groups tied to OpenAI and Anthropic have collectively spent more than $15 million on pro- and anti-regulation messaging ahead of the midterms, according to NPR reporting on June 22. Anthropic, founded by former OpenAI staff and long the louder voice for regulation, is backing super PACs that counter OpenAI-aligned groups. The detail enterprise leaders should note is that the two vendors you may be standardizing on have divergent, well-funded policy agendas, and those agendas will shape the compliance environment you operate in. Your model vendor is now also a political actor. The terms under which you will be allowed to deploy AI are partly being written by the same companies selling it to you.

Sources: NPR
On the Radar
Quick hits, sharpened.
Deals Vertical AI keeps minting megarounds. EliseAI raised $250 million for property-management AI at roughly $100 million in ARR, and legal-AI firm Legora raised $550 million at a $5.55 billion valuation, underlining that workflow-specific agents are where late-stage capital concentrates. AI Funding Tracker
Infrastructure HPE and NVIDIA ship a CPU built for agents. At HPE Discover on June 16, the Vera CPU was positioned as the first processor designed for the tool calls and orchestration of the agent loop, with HPE Private Cloud AI features due in July. HPE
Governance Oracle names AI in a securities filing. Oracle's annual report stated AI adoption "has resulted, and may continue to result, in reductions to our workforce" after roughly 21,000 net cuts, a rare case of the AI-jobs claim entering a regulated document. CNBC
Policy The SEC is tightening scrutiny of AI disclosures. Regulators and the SEC's Investor Advisory Committee are pressing for clearer AI-disclosure guidelines, raising the enforcement stakes for both AI-washing and underdisclosure. Norton Rose Fulbright
Compute The EU funds a sovereign frontier-AI bet. The European Commission picked the Domyn-led EUROPA Consortium to win its Frontier AI Grand Challenge, backed by a dedicated 6,000-chip NVIDIA Blackwell cluster, to build frontier capability outside US and Chinese control. European Commission
The Number
3-5x
The retention advantage that specialized vertical AI agents show over horizontal, general-purpose tools.
The headline AI market is the frontier labs, but the durable revenue is forming in narrow domains, where an agent that understands one regulated workflow beats a clever generalist that understands none of them deeply. The global AI agent market, roughly $7.8 billion in 2025, is projected to reach $52.6 billion by 2030, and the companies compounding fastest inside it are the ones that traded generality for accountability. Depth retains. Breadth churns.
Counter-Signal
Governance
A clean audit log is not the same as a working program

Project Arc and its peers solve the question a CISO asks in the procurement meeting: can I see what the agent did. That is real progress, and it is not the question that kills most agent programs. The one that does arrives in month nine. Gartner projects more than 40% of agentic AI projects will be cancelled by 2027, only 21% of organizations report a mature governance model, and 19% of rollouts never reach payback. MIT Sloan found 47% of stalled programs had no automated evaluation running at month 12, and that programs without continuous evaluation lost 14 to 23 points of accuracy over 18 months.

An audit log tells you what the agent did. It does not tell you whether the agent is still good at its job, and that is the failure that compounds quietly. A governed agent can be fully compliant, perfectly logged, and slowly drifting toward wrong, and nothing in the audit trail will flag it until an outcome does. The deny-by-default runtime is necessary and overdue. It is also being marketed as if auditability were the finish line, when it is the starting gate. The discipline that separates the 60% that survive from the 40% that get cancelled is not the log. It is the evaluation harness that watches the agent's quality over time, and no vendor ships that as a checkbox. Convenience says trust the audit trail. Durability says instrument the outcomes.
From the Field
The most telling shift this year is not in what the agents can do. It is in what the vendors decided to put on the box.

A year ago the pitch was capability: longer context, higher benchmarks, more autonomy. This month the pitch is a sandbox that starts with zero permissions and logs every move. The industry spent two years selling you the engine and finally noticed you were asking for the brakes.

That should reorganize how you read the whole market. The frontier labs are still racing, and that race still matters, but the action worth your attention has spread out and moved down the stack. It is in the runtime that contains the agent, the system of record that grounds it, the small open models that let you run it inside your own walls, and the vertical specialists who gave up generality to earn the trust of one regulated domain. None of that is a model announcement, and most of it is not coming from the four companies you read about every day.

So when you plan the back half of 2026, plan for a wider field. Buy the governed runtime, but instrument the outcomes yourself. Take the vertical specialist seriously over the horizontal demo. Keep a small open model in your back pocket for the workloads that should never leave the building.

The agent you can audit is the price of entry now. The agent you can still trust in month eighteen is the thing you have to build the discipline to keep.
Let's get to production,
AK
Talk to Spearhead Forward this edition
This edition references Anthropic, whose Claude models include the one used to produce this newsletter; Anthropic and OpenAI are treated symmetrically here and held to the same scrutiny as any other vendor. Project Arc was unveiled at ServiceNow Knowledge 2026 and is in early preview; details are drawn from ServiceNow and NVIDIA announcements. Startup valuations and funding figures are as reported by funding trackers and may lag or lead official confirmation. Gartner and MIT Sloan figures are projections and study estimates; market-size and retention figures are analyst estimates; the Challenger layoff numbers reflect employer self-attribution, not verified causation. Produced for Spearhead with AI assistance and human editorial direction.
The Agentic Enterprise
Know more about AI than 95% of your peers. By 7 AM.
A daily AI intelligence briefing for enterprise leaders, published by Spearhead. We build AI systems that work. Strategy. Engineering. Production. Outcomes.
© 2026 Spearhead. All rights reserved.

Keep Reading