What happened
In the second week of July, a cluster of companies shipped near-identical products with one job: control the AI agents already running inside businesses.
Vectogate launched a governance platform on July 9 that sits between AI agents and a company's systems — logging every action, enforcing least-privilege access, and giving one dashboard over every agent. The same day, EPC Group launched a seven-layer "governed AI" practice built on Microsoft's own tools. Days earlier, Quiq shipped Verified Intelligence (July 8) and Peraton launched an enterprise agent platform (July 7).
Four vendors, one week, one message: the autonomous agents businesses have been sold need a second system just to keep them in bounds.
These aren't fringe startups selling fear. The buyers are banks, hospitals, and government agencies — places where an AI agent moving real money or touching regulated data has become a board-level risk.
The detail almost everyone will miss
Read the launches side by side and the pattern is impossible to unsee: every one of them sells the brakes as a separate product from the car.
The agents went to market first — able to make decisions, reach into systems, spend money on their own. The controls to contain them are arriving now, as add-ons you buy and bolt on after the fact.
The kill switch, the audit trail, the boundary that says what an agent is allowed to touch — none of it shipped inside the agent. It's being sold back to you as a second subscription.
EPC Group, which has run Microsoft deployments for nearly three decades, is blunt about the stakes. Build the governance layer before your first serious AI incident, its founder says, and you'll be "fielding congratulations"; wait, and you'll be "fielding subpoenas."
That is the whole market in one sentence: the agents already work — it's the containment that's for sale.
Why this matters if you run a business
You are smaller than a bank, which is exactly why this lands on you harder, not softer.
You won't buy a seven-layer enterprise governance suite, and you don't need to. But you will deploy an agent — to answer customers, chase invoices, sort an inbox — and the moment you do, you've handed software the ability to act on its own inside your business.
An agent you can't see, can't stop, and can't explain isn't a productivity gain — it's an unlogged decision-maker with your name on the outcome.
The vendors racing to sell control to the enterprise are telling you what the enterprise already learned the expensive way: the model was never the hard part. The boundaries are.
The good news is that the controls that matter don't require the enterprise price tag. Every one of the seven layers EPC is productizing is, underneath, a decision someone made about what an agent may do. Those decisions you can make yourself.
What to do about it
Before you point any agent at real work, set four boundaries — the same ones large companies pay six figures to formalize:
- Decide what it can touch. List the exact systems, data, and accounts the agent may reach — and nothing else. Start from "no access" and add each one on purpose.
- Decide what needs a human. Draw a clear line between what the agent may do on its own and what it must stop and ask about — a dollar limit, a customer-facing message, anything you can't easily undo.
- Keep a record. Log what the agent did, what it used, and why — so "the AI handled it" can always be checked, not just trusted.
- Name an owner and a stop. One person accountable for the agent, and one obvious way to switch it off in seconds.
Do this before the agent goes live and it costs you an afternoon; do it after something goes wrong and it costs a great deal more.
The market has decided that controlling AI agents is a business worth billions. For your business, it's a habit worth building in from day one — before the agent is the thing running unsupervised.