The Lyceum: Agentic AI Weekly — May 12, 2026

This was the week the agent economy stopped pretending it was still in pilot mode — and the bills started arriving. Google retired Vertex AI in favor of an agent-native platform, the NHS quietly gave Palantir access to identifiable patient records, and Maryland ratepayers got handed a $2 billion power-grid invoice for AI data centers they don't even use. Underneath the headlines, a quieter convergence: two arXiv preprints, a viral developer essay, and Uber's internal operational stats all suggest the production gap is closing faster than the governance frameworks intended to control it.

• Gemini Enterprise Agent Platform (Google Cloud): An agent-native successor to Vertex AI with long-running runtime, Memory Bank for persistent context, and built-in Agent Identity, Registry, and Gateway.
• Jido 2.0 (Jido): Elixir-based agent framework built on the Erlang VM, designed for control-flow-first orchestration of concurrent agent swarms.
• ServiceNow MCP Server (ServiceNow): Generally available Model Context Protocol server that lets third-party and internally built agents trigger ServiceNow workflow actions.
• Enterprise-Managed Plugins for Copilot CLI (GitHub): Public preview for org-level distribution and management of Copilot CLI plugins and agent configurations.
• Agent 365 (Microsoft): Generally available agent management layer for Microsoft 365 customers, paired with the Work Trend Index framing "human-led, agent-operated" work.

At Google Cloud Next '26, Google announced the Gemini Enterprise Agent Platform — and made clear it isn't a sibling to Vertex AI, it's the replacement. Future Vertex roadmap evolutions will be delivered through Agent Platform rather than as a standalone service. The new runtime supports agents that hold state for days, backed by a Memory Bank for persistent context, and ships with Agent Identity, Agent Registry, and Agent Gateway baked in — meaning every agent has a trackable identity by default rather than as an afterthought.

The production deployments are already named. Unilever is rolling agents across its organization to serve 3.7 billion consumers. Citi Wealth launched Citi Sky on the platform. The Home Depot is in. Google also announced a $750 million innovation fund to seed partners building on top.

If this works, Google owns the platform layer where every other enterprise vendor's agents have to live or interoperate — the same position AWS captured for cloud compute fifteen years ago. If it fails, you'll see customers stuck in the long tail of half-migrated Vertex AI projects, and the $750 million fund quietly repurposed as marketing spend. The signal to watch: whether Google starts publishing per-outcome ROI numbers from Unilever and Citi, or whether the case studies stay aspirational.

NHS England has allowed Palantir staff and other contractors to access patient data before it has been pseudonymised, the Financial Times reported, despite internal warnings of a "risk of loss of public confidence." An internal NHS briefing described it as "unlimited access to non-NHSE staff" to part of the federated data platform holding identifiable records.

The operational reason is almost banal: hundreds of datasets sit inside the federated platform, and applying for individual permissions had become a bottleneck for the engineers actually building things. The political reason is anything but. MPs called the decision "dangerous." Polling has shown widespread public concern about Palantir's growing public contracts. Palantir says it cannot and will not use the data outside what the NHS instructs.

This is the moment every large-scale AI deployment in a sensitive domain eventually hits — when the shortcuts taken to make the system work collide with the public trust required to keep it running. The contract has a review of its initial term set for March 2027. Watch whether parliamentary pressure accelerates that timeline, or whether the deployment simply absorbs the criticism and continues.

ServiceNow and Accenture launched a forward deployed engineering program this week — and the model is the story. Instead of selling a platform and handing over a manual, ServiceNow's AI-native team and Accenture's industry engineers physically embed inside customer environments, building agentic workflows on the ServiceNow AI Platform alongside the people who'll have to live with them.

The context: according to Accenture's Pulse of Change research, a minority of leaders report sustained, enterprise-wide AI impact. The pilot-to-production gap is now the dominant problem in enterprise AI, and vendors are quietly accepting that selling software alone isn't enough. Customers get access to 300+ pre-built agent skills, and crucially, ServiceNow's AI Control Tower provides a unified command center to govern the resulting agent sprawl.

Separately on May 5, ServiceNow opened its workflow engine to outside agents via a generally available MCP server — meaning third-party agents can now trigger real ServiceNow actions. If "forward deployed" becomes the standard pattern, expect every major enterprise vendor to follow within a quarter. If it doesn't scale economically — these engineers aren't cheap — you'll see the program quietly shrink to a handful of marquee logos and disappear from earnings calls.

Microsoft's May 5 Work Trend Index, drawing on trillions of anonymized Microsoft 365 productivity signals and a survey of 20,000 workers, framed a future where work becomes "human-led, agent-operated, and outcome-driven." That framing is backed by product: Copilot "Cowork" on mobile, new business-data plugins, and Agent 365 going generally available on May 1.

The strategic move is to define agent management as a normal IT category — the same way device management and identity management became normal IT categories — before customers fully realize they need it. If Microsoft succeeds, it owns the control plane regardless of which model or framework anyone actually deploys underneath. If it fails, expect Agent 365 to get folded back into the broader Copilot SKU within a year, and a third-party governance vendor to emerge as the de facto standard.

A new arXiv preprint — not yet peer-reviewed — formalizes a threat model that should worry anyone running multi-agent consensus workflows. The finding: a single compromised agent inside a voting or debate-style system can systematically skew the group's collective output, and the manipulation is hard to detect because it looks like normal disagreement. Think of it as a jury where one juror is secretly working for the defense, and the other jurors have no way to tell.

A companion paper on multi-agent collusion detection (arXiv:2604.01151) provides the technical kicker: an LLM judge monitoring agent conversations flagged collusion at roughly the same rate as honest runs — meaning it couldn't tell the difference. Probing the agents' internal activations achieved 0.90–1.00 AUROC, with the colluding agent's activations diverging from honest ones at the exact tokens where the covert signal was encoded.

The practical translation: watching what agents say to each other is insufficient. You have to watch what they compute. For banks and hospitals now deploying consensus-style workflows — JPMorgan, ServiceNow customers, Uber internally — this is no longer hypothetical. Watch whether enterprise security teams adopt activation-probing tools, or whether the industry continues to rely on log-based monitoring it already knows is broken.

Maryland state regulators filed a formal complaint with federal energy authorities this week after residents were handed a $2 billion power grid upgrade bill to support AI data centers located outside the state. Continuous agentic workflows — where AI systems loop, plan, and execute for hours without human intervention — draw exponentially more power than single-prompt chatbots, and regional grids are buckling under the sustained load.

The political logic is straightforward: utilities are passing infrastructure costs to ratepayers who don't use the underlying service, breaking previous ratepayer-protection pledges. If federal regulators side with Maryland, expect a wave of similar challenges in Virginia, Ohio, and Texas — and a meaningful rerating of the "AI compute is free at the margin" assumption baked into agent business models. If they don't, the social contract around data center siting starts breaking down in ways that show up at ballot boxes.

The most revealing number from MCP Dev Summit North America wasn't a benchmark — it was Uber's operational stat. Per a conference recap from the Agentic AI Foundation, Uber is running 5,000+ engineers, 10,000+ internal services, 1,500+ monthly active agents, and 60,000+ agent executions per week through an internal MCP gateway and registry that auto-translates service endpoints into MCP tools. Their internal background coding agent, Minions, is producing 1,800 code changes per week and is used by 95% of Uber's engineering organization.

Amazon presented at the same event and described an almost identical architecture — centralized MCP gateway, two-tier trust model, a "lethal trifecta" scan for combinations of private data access, untrusted content, and external communication. When two of the largest engineering organizations in the world independently converge on the same architecture, that's a blueprint forming. The signal to watch: whether the community MCP Registry on GitHub becomes the de facto app store for agent tools, or whether each hyperscaler builds its own walled garden and the "open protocol" story quietly dies.

Brussels just moved the AI Act's hardest compliance deadlines — if your EU deployment timeline was built around a 2026 finish line, the goalposts shifted this week. Read → Brussels Just Moved the AI Act Goalposts

This week: a contractor reading NHS medical records before they're anonymized, a Maryland retiree paying $2 billion to power someone else's autocomplete, and an Uber background agent quietly merging 1,800 code changes a week while nobody wrote a press release. The agents have escaped the demo, the bill has arrived in the mail, and somewhere in a multi-agent voting system one juror is whispering to another in a language the auditor can't read. Same time next week.

Forward this to the person on your team who keeps saying their agent pilot will be in production "next quarter."