Getty Images/iStockphoto
AI agents in enterprise software: Questions to ask vendors
Before deploying AI agents in the enterprise, it is essential to ask vendors critical questions about governance, security, compliance, accountability and operational risk.
Research firm IDC forecasts that by 2029, the number of actively deployed AI agents worldwide will surpass 1 billion – roughly 40 times more than in 2025. At the same time, major software vendors are repositioning AI from productivity tools to autonomous operational systems. Microsoft CEO Satya Nadella describes this shift as an evolution from "synchronous assistants to async co-workers that can execute long-running tasks," while Salesforce promotes its agentic platform as "digital labor" and ServiceNow emphasizes "end‑to‑end business impact" through its agentic workflows.
These agents are increasingly embedded across ERP, HR, CRM, collaboration, unified communications (UC) and end-user computing (EUC) platforms. Unlike conventional software, AI agents make contextual decisions, take autonomous actions and orchestrate work across multiple enterprise systems.
This shift creates significant challenges for enterprise buying teams. Traditional RFP and software-evaluation processes -- designed for conventional software with predefined workflows and clear operational boundaries -- fail to adequately address the governance, accountability and risk implications of autonomous AI systems. Standard feature comparisons and technical specifications do not adequately address how agents handle exceptions, operate across multiple systems, support accountability or maintain audit trails.
Inadequate evaluation can have serious consequences. Agents could make unauthorized customer commitments, execute financial transactions, expose sensitive information or introduce bias into hiring decisions. When agents operate across multiple platforms, a single misconfigured agent can trigger a chain reaction of failures across enterprise systems.
Successful AI agent procurement requires organizations to look beyond technical capabilities. While demonstrations and feature comparisons are important, governance, security, accountability, operational boundaries and long-term operating costs deserve as much attention.
This article presents a framework for evaluating AI agents during software procurement, renewals and major platform expansions. While the principles apply broadly across enterprise software, buyers should tailor their evaluations to the risks associated with each enterprise platform and the workflows those agents perform.
Questions to ask vendors before deploying AI agents
Organizations should evaluate AI agents across the following critical areas before deployment:
- Agent permissions, authority and decision boundaries.
- Data access, contextual retrieval and tenant isolation.
- Human oversight and escalation requirements.
- AI transparency and explainability.
- AI auditability and traceability.
- Enterprise systems and data security.
- Integration and orchestration across enterprise systems.
- System failure mitigation and remediation.
- Regulatory readiness and compliance.
- Vendor performance claims and benchmarks.
- Long-term roadmap and interoperability.
- Pricing, licensing and consumption-based costs.
Agent permissions, authority and decision boundaries
Before deployment, organizations must understand which decisions agents can make independently and which require human approval. Because those boundaries vary by software category, evaluation should begin with these questions:
- ERP: What financial transactions can agents approve or execute without human review, and what policies govern those actions?
- HR: Which hiring-related decisions require human approval, and which can agents perform autonomously?
- CRM: What customer-facing actions can agents take independently?
Beyond category-specific considerations, organizations should also ask these questions:
- What permissions and authority do agents require, and can they be constrained through role-based access control (RBAC), policy guardrails, workflow approvals or data boundaries?
- Can we set strict privilege ceilings to minimize potential damage if an agent is inadvertently or maliciously granted unauthorized permission?
Strong vendor responses should demonstrate granular permission controls, least-privilege enforcement, configurable approval workflows and safeguards against privilege escalation across integrated systems.
Data access, contextual retrieval and tenant isolation
Multi-tenant architectures -- where multiple organizations share the same infrastructure -- require strong isolation controls to prevent data leakage and performance degradation across customer environments. Organizations using cloud-based SaaS platforms should ask vendors the following questions about data access boundaries:
- HR: Can agents retrieve only the employee records they are authorized to access?
- Collaboration: Can agents access confidential conversations in private channels, direct messages or meeting content, and how is that access enforced?
Organizations should also ask vendors these questions about tenant isolation across customers:
- How do you ensure that customers sharing the same AI infrastructure cannot access or compromise each other's data, models or tools?
- What safeguards prevent one tenant from degrading the performance or availability of other tenants?
- Does the platform enforce metadata- and permission-based filtering so agents can only search within authorized document repositories, knowledge bases and namespaces?
Human oversight and escalation requirements
Determining appropriate levels of human oversight is essential for balancing automation benefits with accountability requirements. Organizations should evaluate oversight requirements across software categories by asking the following questions:
- ERP: What transaction values require human approval before execution?
- HR: Which hiring, termination or employee-management actions require human review and approval before execution?
- CRM: Which customer-facing actions, such as discounts, credits, contract changes or service commitments, require human review and approval before execution?
Across all software categories, organizations should also ask:
- How much human oversight should we maintain when agents perform complex tasks?
- When is direct human intervention warranted?
- How does the system handle and escalate exceptions, and how are escalation thresholds defined and configured?
- Can these thresholds be modified to prevent risky, irreversible actions in high-stakes scenarios?
- What mechanisms ensure humans remain accountable, especially for business-critical decisions?
Ask vendors to provide configurable approval and escalation controls that align with the organization’s risk tolerance and regulatory requirements.
AI transparency and explainability
Understanding agent decision-making processes is critical for trust, accountability and regulatory compliance. Organizations should evaluate vendors' AI explainability capabilities by asking these questions:
- What level of decision transparency does the platform provide: high-level summaries, intermediate decision steps or complete data lineage showing which inputs influenced each decision?
- Can explanations be generated in real-time for immediate review, or only retroactively during audits?
- How does the platform explain decisions when agents use multiple data sources or interact with multiple systems simultaneously?
- Can explanations be customized for different audiences -- end users, compliance officers or technical teams?
Vendors should demonstrate explainability using realistic scenarios rather than generic examples. Vague references to "interpretable AI" without concrete implementation details may suggest limited explainability capabilities.
AI auditability and traceability
Comprehensive logging and documentation capabilities are essential for governance, compliance and continuous improvement. Key questions include the following:
- How does the platform track agent activities, configuration changes and behavior changes across the AI lifecycle?
- What mechanisms prevent behavioral drift and hallucinatory outcomes?
- Does the platform automatically document agent recommendations and actions to support troubleshooting and executive oversight?
- What logging capabilities support internal and external auditing, debugging, risk management and compliance reporting?
Strong vendor responses should demonstrate that audit logs are complete, immutable, tamper-evident and retained in accordance with applicable regulatory requirements.
Enterprise systems and data security
AI agents with broad system access and autonomous decision-making capabilities create new security and privacy risks. Organizations must ask the following questions:
- How does the platform prevent unauthorized actions, prompt injection, credential theft and other attacks against AI agents?
- What controls protect enterprise data from unauthorized disclosure, misuse or accidental leakage?
- How are agent identities, credentials and API keys protected?
- How does the platform manage data retention, deletion and secure disposal?
Vendors should support their security claims with architecture diagrams, third-party security audits and examples of how the platform prevented unauthorized agent actions during testing or production use.
Integration and orchestration across enterprise systems
Agents that interact with multiple enterprise systems simultaneously can create both operational opportunities and risks. Buyers should ask vendors these questions:
- Can we pre-define a set of allowed external tools to prevent agents from using unauthorized or shadow tools and running unauthorized actions?
- How are integrations secured?
- Can agents coordinate actions across multiple systems while maintaining policy, security and approval controls?
- What controls prevent cascading failures, privilege escalation or data leaks when agents operate across multiple systems?
System failure mitigation and remediation
Even well-designed AI systems will occasionally produce unexpected or undesirable outcomes. Organizations should evaluate category-specific failure scenarios by asking these questions:
- ERP: How quickly can ERP agents be disabled if they begin executing unauthorized transactions?
- HR: What remediation processes exist if screening agents produce discriminatory recommendations or outcomes?
- CRM: How are unauthorized customer commitments detected, corrected and communicated?
They should also ask these general failure mitigation questions:
- How are adverse outcomes investigated, remediated and contained?
- Can we trace unexpected outcomes back to specific decision points to identify and address root causes?
- What shutdown or "kill switch" capabilities are available to immediately halt agents exhibiting unauthorized behavior or producing unreliable outputs?
- Can we disable individual agents without affecting other agents or broader system operations?
Regulatory readiness and compliance
AI regulations are evolving globally across jurisdictions, and platforms must support current compliance requirements and adapt as frameworks mature. Evaluation should address these questions:
- Does the platform support regulatory frameworks applicable to our industry?
- How do you address evolving regulations around AI governance, transparency, accountability and data privacy?
- Does the system generate audit-ready compliance reports without requiring manual auditing?
- Can the platform automate or suggest corrective workflows to address identified compliance gaps?
For regulated industries, compliance capabilities are non-negotiable. Organizations must ensure their AI platforms can demonstrate compliance with current regulations and adapt to future requirements.
Vendor performance claims and benchmarks
Vendor demos often showcase ideal scenarios, but production environments are far more complex. Organizations must evaluate performance claims rigorously by asking the following questions:
- Which business and operational KPIs measure agent performance? Are they tied to real business outcomes rather than simply completed tasks?
- Does performance degrade under high user loads, peak demand or varied use cases?
- How are behavioral drift and versioning managed to ensure predictable performance over time?
- What is the agent's task success rate across best-case, average and worst-case scenarios and what factors most influence it?
- What are the most common failure modes -- including hallucinations, false positives and false negatives -- and how frequently do they occur?
Organizations should request objective performance data from production environments, not just demonstrations. They should validate those claims through pilot programs with predefined success metrics.
Long-term roadmap and interoperability
Before deploying agents across the organization, ensure the platform can scale safely, support the organization's long-term needs and adapt to evolving regulations without creating vendor lock-in. Critical questions include the following:
- What is your roadmap for expanding agent capabilities over the next 12-24 months?
- How will your governance frameworks, security controls and compliance features keep pace with new agent capabilities?
- Does the platform support standard APIs and data export formats?
- Can agents be migrated to alternative platforms if business requirements change, or does the architecture create dependencies that make migration impractical?
- What happens to our data, workflows and agent configurations if we terminate the contract or migrate to another platform?
- How do you handle backward compatibility when introducing new agent capabilities or updating underlying models?
Pricing, licensing and consumption-based costs
Pricing models for AI agents vary significantly across vendors, and organizations must understand the economic implications before committing to large-scale deployments. Key pricing transparency and cost predictability questions include the following:
- Is agent usage priced by tasks performed, measurable results generated, flat subscription fees or other factors such as the number of integrated systems?
- What insights are available regarding agent activities and performance to provide accurate expense forecasting and ROI calculation?
- How do costs scale as agent usage increases across different deployment scenarios, such as seasonal peaks, new use cases or additional departments?
- Are there hidden costs for API calls, data storage, model updates or integration maintenance?
Questions to ask about contracts and liability include the following:
- What liability provisions are in place for AI-related failures?
- Who pays if agent failures cause financial losses, third-party damages or regulatory fines?
- What termination rights or other contractual remedies exist if agent failures create operational, financial or regulatory risks?
- Who owns the work that AI agents produce, and what rights do customers retain to use, modify or transfer them?
Organizations should obtain detailed usage analytics to forecast costs and measure ROI. Contracts should clearly define liability, termination rights and ownership of AI-generated outputs.
Rahul Awati is a PMP-certified project manager, technology enthusiast and writer with over a decade of experience in the IT industry. He's worked on several large IT infrastructure projects spanning across storage, compute and networks. In his writing, he's covered topics including enterprise networking, cybersecurity, artificial intelligence, robotic process automation and cloud. He holds a master's degree in computer applications.