vintage wind up robot toys lined up in an orderly row
Feature

Cisco, ServiceNow and Microsoft Want to Manage Your AI Agents. They Only Do Part of the Job

4 MINUTE READ|Digital WorkplaceDigital Workplace|Jul 14, 2026
David Barry avatar
By
SAVED
Cisco, ServiceNow and Microsoft are racing to manage enterprise AI agents. All three are building useful infrastructure — but none can answer who's accountable.

Enterprise software is filling up with autonomous agents that book meetings, update CRM records, approve invoices and route support tickets, often with no human checking the work in real-time.

Cisco, ServiceNow and Microsoft each want to be the company that manages them. People deploying these systems say none of the three has pulled it off.

At RSA Conference 2026, Cisco cited its own survey of major enterprise customers: 85% reported experimenting with AI agents, but just 5% had moved agentic technology into production. The figure is self-reported and vendor-commissioned, but worth flagging given how central it is to Cisco's pitch. Cisco's answer is registered identities mapped to accountable human owners, with permissions that expire.

ServiceNow is chasing the same territory from workflow orchestration. The company has deepened its integration with Microsoft Agent 365, extending its governance tooling across Azure-backed Microsoft Foundry and Copilot Studio. Microsoft is folding agent management into the productivity software enterprises already run.

All three are selling roughly the same promise: that they can be the layer enterprises trust to keep agents in line.

Nobody Has Solved AI Agent Management

A market is forming around agent management platforms, but most organizations are still stitching the pieces together themselves, according to Karthik Karunanithi, an IBM solution architect who evaluates governance tools for enterprise clients.

"The honest answer is that everyone is building this layer, but nobody has solved it yet," Karunanithi said. Failures that matter rarely show up in a vendor demo, he added. "They show up when an agent fails halfway through a multi-step action, after it's already done two or three things and the system has no clean way to recover or roll back."

What the current pitches skip past isn't orchestration, which vendors are showcasing, Karunanithi said. "The hardest problem isn't orchestration. It's identity," he said. When an agent acts on someone's behalf, whose permissions apply and how does anyone stop it from doing more than the person who triggered it could? No platform on the market, in his view, has cracked that.

Agent Ownership Remains Unresolved

Cisco's registration-based model implies a clean answer to who's in charge once an agent is set up. But it’s not that simple, said Tony Grout, M-Files chief product and technology officer.

What matters most is business context, not identity infrastructure, Grout said. "Meaningful agent governance addresses the bigger challenge of understanding the business context behind every agent's decision," he said. No platform's registration system solves that, because governance has to be shared across security, legal and business leaders. "Without this trusted context, agents ultimately make decisions based on an incomplete view of the business," he added.

Sumo Logic AI security researcher David Girvin split ownership more concretely, mapping it onto how regulated industries already handle human access control. "The CISO should own the framework and controls, the business unit owns the agent and is accountable for its actions, while compliance sets the reporting requirements," he said.

That's three owners for three pieces, none of which is the vendor. It's a different model from Grout's shared-context approach, and neither leaves much room for Cisco, ServiceNow or Microsoft to be the one accountable party.

Both Grout and Girvin favor central policy with enforcement pushed to the edge, rather than one hub every agent action passes through. Girvin compared it to network security, where organizations are less likely to route all traffic through one firewall.

No One Owns Liability

Whatever gets built, none of it changes who's on the hook when an agent makes a costly mistake. That liability sits with the enterprise, not the vendor, according to Girvin.

"If you use the AI, you are responsible for what it does, even if you don't see all the parts of the decision or the action," Girvin said.

Model providers disclaim liability for production use, and insurers still exclude agent errors in policies drafted before autonomous action existed. Whether regulators eventually impose a formal duty of care, as they did for data handling, remains open. Most practitioners assume they will, and are building documentation now rather than waiting for a serious incident to force it, Girvin said

Audit tooling has the same blind spot, he said: it captures API calls and system logs well enough, but rarely the reasoning behind an action or the chain of who approved it. Behavioral drift makes that worse, because most platforms assume agents behave consistently until a formal redeployment.

"You can approve Agent v1.0 and have Agent v1.3 running in production behaving differently, with no governance checkpoint in between," Girvin said.

Visibility Isn't Accountability

In fact, Cisco, ServiceNow and Microsoft are solving the wrong problem, according to Ana Magana, a change management strategist.

"Cisco can register an agent like an employee. ServiceNow can orchestrate the workflow," Magana said. "Neither can tell you who inside the organization is actually responsible when the agent makes a costly decision."

Agents don't create accountability gaps, but expose ones that already exist, Magana said. “When an agent routes the wrong ticket or approves the wrong invoice, the post-mortem tends to show that no human had cleanly owned that decision before the agent took it over either, and none of the three vendors' tooling changes that."

"Governance without accountability is just surveillance with better dashboards," Magana said.

Learning OpportunitiesView All

Cisco, ServiceNow and Microsoft are each building useful infrastructure. But what needs managing isn't a product feature, and none of the three ships it.

So the real question isn't which platform to buy. It's who inside the enterprise will answer for the agent when it fails, and whether anyone will know that before it happens.

Editor's Note: We're all trying to wrap our heads around what AI agent management looks like. More thoughts on the topic:

Main image: adobe stock

About the Author

David is a European-based journalist of 35 years who has spent the last 15 following the development of workplace technologies, from the early days of document management, enterprise content management and content services. Now, with the development of new remote and hybrid work models, he covers the evolution of technologies that enable collaboration, communications and work and has recently spent a great deal of time exploring the far reaches of AI, generative AI and General AI.

Featured Research