Three weeks ago, a financial director at my company showed me the morning routine he had been doing for many days. Basically, he transferred data from our ERP to the cloud reporting platform. Every day, he spends an average of fifteen minutes copying, pasting and checking the format. That adds up to a lot of time wasted on a menial task…not to mention the risk of manual operations, which I think we are all familiar with.
When I showed him an example, very quickly, of how a navigation agent could execute the same sequence in two minutes, his expression went from amazement to concern: “What if it makes a mistake that I don’t detect until the end of the quarter?”
AI agents promise to eliminate the friction between intention and digital execution. But in doing so, they introduce a new entity into our infrastructure: autonomous, opaque and capable of acting with our credentials. The question is not whether we will adopt this technology (IDC projects that by 2028, more than 1.3 billion agents will automate business flows that are currently performed by humans), but whether we are prepared to govern it before the market forces us to do so under pressure.
ROI lies in resilience, not efficiency
I hear the prevailing discourse that AI agents should focus solely on saving time and reducing operating costs. I believe this narrative misses the true strategic value.
Sustainable ROI does not lie in doing what we already do faster. It lies in protecting revenue by mitigating systemic risk. According to New Relic’s 2025 Observability Forecast, the average cost of a high-impact IT outage is $2 million per hour. Organizations with full-stack observability in place cut that cost in half. A continuous monitoring agent detects problems that humans would never see until it’s too late, because it operates on a temporal and dimensional scale inaccessible to human cognition.
This distinction separates incremental automation (which improves margins) from systemic resilience (which protects revenue). CIOs who deploy agents seeking the first goal will find modest, short-term ROI. Those who build for the second will find lasting competitive advantage.
The contradiction that must now be resolved
Not all use cases justify web browsing. The correct architectural choice depends on the target system. Web browsing is appropriate for systems that only offer a web interface, third-party SaaS without infrastructure control, decisions based on visual layout and manual cross-application workflows. Direct integration is superior for internal systems with documented APIs, structured backend data movement, latency-critical scenarios and infrastructure observability (logs/metrics/traces).
An observability agent validating microservices does not need a browser; it needs direct access to telemetry. An agent automating data entry in a legacy ERP that only offers a web interface does not need it. This architectural clarity must be established before any purchasing decision or project initiative.
Terminology confusion that paralyzes decisions
The current market for “AI agents” suffers from marketing practices that systematically confuse terminology. In June 2025, Gartner projected that more than 40% of agentive AI projects will be canceled before the end of 2027. The causes: scalable costs without clear ROI, underestimated integration complexity and inadequate risk controls.
The root cause goes back further: the vast majority of what is sold as an “agent” is not. According to Gartner’s analysis at the end of 2024, of thousands of vendors claiming agentive capabilities, approximately 130 meet the technical criteria for genuine agents when evaluated against specific benchmarks for autonomy, adaptability and traceability. The rest practice “agent washing”: rebranding chatbots, RPA tools or automation flows without real autonomous planning capabilities.
Criteria to validate agentic AI in minutes
A genuine AI agent has five non-negotiable characteristics:
- Autonomous planning: it builds its own sequence of actions to achieve a goal. It does not follow a predefined decision tree.
- Tactical adaptability: it adjusts in real time to interruptions (pop-ups, captchas, interface changes) without stopping or requiring manual restart.
- Access to environment tools: it operates a virtual browser, terminal or command line like a human.
- Persistent memory: it maintains context across multiple sessions, learning from previous interactions.
- Auditable traceability: it provides a detailed step-by-step record of its reasoning and actions taken.
If a vendor cannot demonstrate these five capabilities working together during a demo of, say, 15 minutes with non-predefined tasks, it does not offer true agentive AI.
Why the browser solves the integration problem
Agentic browsers are attracting strategic investment from all the big tech companies, such as Google with Project Mariner (public demo December 2024), Microsoft with Copilot Vision, and Anthropic with Computer Use, because they solve the fundamental problem of business integration, not to mention Perplexity Comet.
Integrating AI with enterprise systems using APIs or custom connectors is complex, costly and fragile, even with MCP. The agentic browser circumvents this with a simple principle: if a human can access a system via a web interface and log in, so can the agent. It requires no public API, special vendor permissions or custom code.
This approach offers three critical advantages for organizations with heterogeneous infrastructure:
- Direct access to authenticated content: emails, internal documents and pages that require a logged-in session.
- Multidimensional context without configuration: open tabs, browsing history, partially completed forms.
- Dramatic reduction in “technical plumbing”: eliminates months of integration work to orchestrate multiple legacy systems.
However, this architectural advantage introduces a new risk vector that must be managed with rigor comparable to that applied to employees with privileged access.
Risks that define the scope of responsible implementation
The autonomy of agents with access to authenticated content introduces operational risk that must be proactively managed. According to New Relic, the average annual exposure for high–impact disruptions can reach $76 million.
Operational risk matrix with specific controls
Methodology: Probabilities reflect early adoption operational experience 2024-2025. High: >30% of implementations experience the event in the first 6 months without controls. Medium: 10-30%. Low: <10%. Implementing controls significantly reduces these probabilities.
| Risk | Probability | Impact | Technical Control |
|---|---|---|---|
| Tactical error in execution | High (initial) | Operational | Controlled environments (Windows 365 for Agents) with human-in-the-loop for critical decisions |
| Accidental leak of PII | Average | Legal (GDPR) | Unique identity per agent (enter Agent ID) with granular access policies and complete logging |
| Wrong decision due to poor data | Average | Financial | Data observability, validation of pre-decision inputs, automatic flagging of anomalies |
| Unintended privilege escalation | Low | Security | Least privilege, periodic review of permissions, execution sandboxing |
The regulatory imperative that separates leaders from followers
August 2, 2025, marked a critical date for organizations operating in the European Union or processing European citizens’ data. On that date, specific obligations of the EU AI Act for general-purpose model providers (GPAIs) — related to copyright transparency and opt-out mechanisms—became enforceable under Article 53.
Agentic browsers that rely on scraping web sources for training or operation must have data pipelines that respect opt-outs and can demonstrate compliance. Organizations that build a legally clean data infrastructure will now have an insurmountable competitive advantage over those waiting for the first non-compliance notification. The fines are substantial: up to €15 million or 3% of global annual turnover, with fines of up to €35 million or 7% for prohibited practices¹⁰.
Beyond compliance: Organizations that establish agent governance standards now, before regulatory mandates, will be positioned to influence the evolution of industry standards, a significant strategic asset.
The cultural change that no technology can automate
I return to the CFO’s initial question: “What if it makes a mistake that I don’t detect?”
The correct answer is not “they won’t make mistakes” because they will. The correct answer is: “We design systems where agent errors are detectable before they cause irreparable damage, containable when they occur and recoverable through rollback.” We double-check with agents.
This requires a cultural change that no technology purchase can automate and that will determine which organizations capture sustainable value from this transformation.
- The evolution of the professional role: the value of professionals no longer lies primarily in the transactional execution of copying, pasting and verifying, but in the orchestration of AI-augmented systems, the supervision of patterns and exceptions, and strategic decisions that require business, political and human context that cannot be encoded in models. This transition is structurally similar to the impact of industrial automation: human value does not disappear; it shifts to higher levels of abstraction and judgment.
- The redefinition of supervision: Human supervision moves from the “inner loop” (manually supervising every action of the agent in real time) to the “outer loop” (supervising aggregate patterns, exceptions automatically flagged by observability systems and post-execution results). This change frees up cognitive capacity for higher-value work while maintaining accountability. But it requires new skills: interpreting agent behavior dashboards, calibrating confidence thresholds and designing effective escalation points.
- The change management challenge: Organizations that treat agent adoption as a technical project will fail. Those that treat it as organizational transformation, investing in role redefinition, development of new oversight competencies and recalibration of performance metrics will build lasting capacity.
The question for every leader is: Is your organization investing as much in cultural readiness as in technical infrastructure?
The leadership decision that will define the next decade
AI agents are not the future; they are the present for organizations that decide to act while others remain inactive. The question is not whether your organization will adopt agents. It is whether you will adopt them as a leader that sets governance standards or as a late follower that accepts standards set by competitors.
For a manager, the imperative is clear: disciplined experimentation now, with limited use cases and robust governance, builds the organizational capacity that will be indispensable when adoption is no longer optional.
Not because the technology is perfect — it isn’t, and it won’t be in the immediate future.
It is because the pace of improvement is measurable and sustained, and organizations that build operational capacity now through disciplined experimentation will be positioned to capture value as the technology matures. Those who wait for absolute certainty will face the double disadvantage of competing against organizations with years of accumulated learning advantage and adopting under competitive pressure without time to develop internal expertise.
The CFO in our opening story implemented the agent. But only after we designed together the controls that allow him to sleep soundly: automatic validation, alerts for deviations and one-click rollback. His question was not about resistance to change. It was a demand for technical professionalism.
That demand must be our standard.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
Read More from This Article: Agentic browsing: A real change with a big impact
Source: News