Agentic AI Weekly — May 02, 2026

This week, agents stopped being something companies plan for and started being something they govern. OpenAI shipped Workspace Agents that live in Slack and persist across teams. Salesforce sent agents into the back office, where enterprise AI deployments have been quietly dying for two years. Microsoft flipped the switch on Agent 365, a product whose only job is to watch the agents your company is already running. And five governments published joint security guidance — the first coordinated international rulebook for autonomous software. The question shifted from "should we use agents?" to "who's watching them, and on whose terms?"

• Workspace Agents (OpenAI): Cloud-running, team-shared agents in ChatGPT that connect to Slack, Salesforce, Google Drive, and Microsoft 365.
• Agentforce Operations (Salesforce): Generally available back-office automation for approvals, audits, onboarding, and compliance workflows.
• Agent 365 (Microsoft): Cross-vendor governance plane, generally available at $15 per user per month, with registry sync into AWS Bedrock and Google Cloud.
• Mistral Medium 3.5 + Vibe Remote Agents (Mistral): Open-weight model paired with a remote-agent framework supporting subagents, delegation, and approval modes.
• Cloud Computer (Manus): Persistent, always-on cloud machine for hosting bots, databases, and scheduled agents — aimed at non-developers.
• CX Enterprise Coworker (Adobe): Marketing-workflow agents architected on MCP and A2A, now in beta across Claude Enterprise, ChatGPT Enterprise, Gemini Enterprise, and watsonx Orchestrate.

Most AI tools are personal productivity tricks — one person, one chat window, one session that forgets everything when you close the tab. OpenAI just changed that model.

OpenAI introduced Workspace Agents in ChatGPT on April 22 — Codex-powered agents that run in the cloud, get shared across teams, and operate within organizational permissions. The key word is shared: a team builds an agent once, uses it together in ChatGPT or Slack, and improves it over time. OpenAI's own sales team has one already; per the company's announcement, a sales consultant built a Sales Opportunity agent end-to-end with no engineering help, replacing roughly five to six hours of weekly reporting work per rep.

The catch worth flagging: workspace agents are off by default for ChatGPT Enterprise and aren't available at all to Enterprise customers using Enterprise Key Management. The companies most likely to care about security posture can't actually use it yet. Pricing also matters — agents are free until May 6, 2026, after which credit-based pricing kicks in. OpenAI hasn't disclosed what a typical run will cost.

If this works, custom GPTs — the previous generation of OpenAI enterprise tooling — become legacy software, and Slack quietly becomes the most important agent runtime in the office. If it doesn't, we'll see it in the May 6 pricing reaction: enterprise customers who built workflows during the free window either expand or quietly walk away.

Every company has two faces: the customer-facing side that's been getting AI upgrades for two years, and the back office — approvals, audits, onboarding, compliance — still running on email chains and spreadsheets. Salesforce just declared war on the second one.

On April 29, Salesforce launched Agentforce Operations into general availability. The pitch is concrete: for a bank, agents handle end-to-end loan underwriting — extracting data from tax returns, chasing missing signatures, validating against compliance rules — so loan officers can focus on the customer. Salesforce claims the system has cut cycle times by 50–70% in pilot deployments for auditing and onboarding, and reduced manual data entry by 80% in vendor-reported pilots. These are vendor-disclosed figures, not independently verified.

What's architecturally interesting is the design philosophy. Unlike most agent products that route work probabilistically — letting the model decide what to do next — Agentforce Operations enforces a deterministic structure. The system decides; the agent executes. That's a quiet repudiation of the "let the LLM figure it out" approach that's caused many enterprise agent failures to date.

The back office is where enterprise AI deployments go to die. If Salesforce is right that fixing it is the unlock for everything else, expect competitors to copy this deterministic-routing approach within two quarters. The signal to watch: independent customer outcome data from banking and insurance — not Salesforce's own marketing decks.

Here's a question most companies can't answer right now: how many AI agents are running inside your organization? Not just the ones IT approved — all of them, including the ones employees installed themselves.

Microsoft Agent 365 went generally available on May 1. It's not an agent builder — it's a control plane. Per Microsoft's announcement, Agent 365 extends Entra, Purview, and Defender to cover AI agents alongside human users, giving administrators identity management, compliance monitoring, and threat detection. Standalone pricing is $15 per user per month.

The pointed move is cross-vendor reach. Microsoft announced public preview of Agent 365 registry sync with AWS Bedrock and Google Cloud, letting IT teams discover and inventory agents across all three clouds. Microsoft is positioning itself as the sheriff for agents it didn't build and doesn't host.

If enterprises accept that framing, Microsoft owns the most strategic layer of the agent stack — the one every regulator will eventually require. If AWS and Google customers reject it as Trojan-horse vendor lock-in (a legitimate concern, given that Winbuzzer's GA coverage notes the licensing stack effectively requires Intune and Azure subscriptions), you'll see competing governance products from the hyperscalers within six months. Watch the May 12 "Ask Microsoft Anything" — the questions IT admins ask will reveal which governance gaps are most acute.

Most AI models are built for conversations — back-and-forth exchanges where a human is in the loop. Mistral just shipped something designed for the opposite: agents that run unattended, on remote servers, without supervision.

Mistral released Medium 3.5 alongside Vibe Remote Agents this week. Medium 3.5 is open-weight — meaning companies can run it on their own infrastructure rather than calling Mistral's API. Vibe is the deployment framework, with subagent support, task delegation, approval modes, and stateful tool execution. Mistral reports a 77.6% score on SWE-Bench Verified in the vendor's April 2026 evaluation (vendor-reported).

For regulated industries — healthcare, finance, government — "runs entirely on our servers" beats "scores highest on the leaderboard" every time. Most enterprise security teams are deeply uncomfortable with agents that call home to a third-party API on every action. A capable open-weight model removes that objection in one move.

If Mistral pulls regulated-industry deployments away from API-only models, the economics of the entire frontier-model business shift. The signal: watch whether European banks and U.S. health systems start naming Mistral in published reference architectures over the next two quarters.

When the cybersecurity agencies of five countries publish coordinated guidance on the same topic in the same week, something has crossed a threshold from "emerging concern" to "we need rules now."

On May 1, agencies from the U.S., U.K., Canada, Australia, and New Zealand released joint guidance on deploying agentic AI in high-risk environments. The document — a rare piece of coordinated international policy — addresses prompt injection (where malicious content tricks an agent into harmful actions), over-permissioned agents, and the challenge of meaningful human oversight when an agent makes hundreds of decisions per hour.

The release comes amid the PocketOS incident two weeks ago — where a Cursor coding agent deleted a startup's entire production database — which gave regulators a concrete public example of what happens when agents have too much access and too little oversight.

If this guidance gets incorporated into enterprise procurement contracts and government tenders over the next six months, it becomes the de facto global baseline — and vendors without compliance documentation lose deals quietly. If it's ignored, expect a louder, more prescriptive follow-up after the next public agent failure. The observable signal: which AI vendor publishes the first formal compliance attestation against this framework.

This week: a sales rep replaced his weekly reports with a Slack-dwelling agent, a bank's loan paperwork started underwriting itself, and five governments coauthored a manual for the software they're already too late to contain. Somewhere in Beijing, a court just ruled that you can't fire a human to hire one of these things — which is either the most important labor precedent of the decade or a quaint artifact future agents will read about with mild curiosity.

Until next week — keep an eye on what's watching you.

Forward this to the person in your office who keeps installing browser extensions IT hasn't approved.