The capital request that lands on your desk for an enterprise agent control plane needs a different diligence standard than the one that worked for the last decade of SaaS.
A category of vendor announcements is converging on the same offer. ServiceNow has expanded its AI Control Tower with dozens of new connectors, an access graph mapping permissions across humans, machines, and agents, runtime observability, cost tracking, and governed workflow execution exposed to external agents. Salesforce, Databricks, the hyperscalers, and Microsoft are moving in parallel, each shaping an agent control plane around the surface of what they already sell. Each proposal will be substantive. Each will be defended on the strength of its features, the breadth of its connectors, and a total-cost-of-ownership model your finance team can build a spreadsheet around. The spreadsheet will be the wrong instrument.
Deeper Than Any System-of-Record Decision
An agent control plane is not a system of record, a workflow tool, or an analytics platform. It becomes the place identity is resolved, policy is enforced, runtime is observed, and action is governed across every agent in the estate, including agents the platform did not build but now governs. That is a deeper commitment than any system-of-record decision the enterprise has ever made, because it touches every other system rather than centralizing one. The switching cost three years out is not data export and re-platforming. It is re-establishing every permission scope, every audit trail, every policy binding, and every workflow handoff across every agent that routes through that plane. Standard SaaS diligence does not price that exposure, because nothing in the SaaS era looked like it.
Eight Distinct Planes of Agent Management
The diligence question worth adding to every agent control plane proposal is not whether the platform covers the requirements list. It is which of the underlying planes of agent management the platform genuinely owns, which it touches lightly, and which it does not address at all. Agent management is roughly eight distinct concerns:
Identity and access — who the agent is, what it can see, what it can do
Runtime observability — what the agent actually did and what it cost to do it
Policy and guardrails — prompt injection defense, output filtering, jurisdictional rules
Lifecycle and versioning — how agents get built, evaluated, promoted, and retired
Cost and FinOps — token spend, model routing, budget enforcement, attribution to outcome
Action and workflow governance — which enterprise flows the agent is permitted to execute
Inter-agent coordination — how agents talk to other agents and what trust they extend
Data access and grounding — what the agent retrieves, from where, with what lineage
Different Problems With Different Failure Modes
These are different problems with different failure modes. A platform that covers four of them well does not cover the other four by implication, and the planes the platform does not cover do not stop existing. They continue to fail on their own schedule, and the inherited control plane will not detect the failure because it was never designed to. The capital request worth approving is the one whose sponsor can name which planes are being consolidated onto this platform, which are being kept portable, and where the seams between them are designed rather than assumed. A proposal that arrives without that articulation is not a procurement decision at all. It is a commitment to a future remediation program the finance organization has not yet seen the shape of.
The capital request worth approving is the one whose sponsor can name which planes are being consolidated onto this platform, which are being kept portable, and where the seams between them are designed rather than assumed. A proposal that arrives without that articulation is not a procurement decision at all. It is a commitment to a future remediation program the finance organization has not yet seen the shape of.