In one month, the enterprise software industry bought its way toward agents that act rather than advise. The controls to govern them are running behind.

The word tying together this month's biggest enterprise software news isn't "intelligence" or "insight." It's execution.

In a single stretch of June, Asana agreed to buy the AI workflow platform StackAI, Coupa moved on the document-processing firm Rossum, Salesforce signed to acquire the content platform Contentful, and the procurement company Vertice bought Vendr. Four deals, four different software categories, one shared motive: buying the pieces an AI agent needs to do a job, not just describe it. ERP Today, which pulled the pattern together on 19 June, put it plainly – the race now is over who owns the layer where AI decisions turn into actions.

That layer is worth naming. Call it the execution layer. The shift it represents is bigger than any single acquisition, and most governance functions are not ready for it.

From Insight to Action

For two years, enterprise AI mostly talked. It summarised meetings, drafted emails, and answered questions about a dashboard. Useful, and safe, because a person read the output and decided what to do with it. The agents arriving now don't stop at the suggestion.

Nominal's marketing chief, Stephanie Montelius, drew the line at Sage Future this month in four words: chatbots explain, agents execute. The examples are already shipping. Priority Software's latest ERP release embeds agents that create journal entries, post receipts, process invoices, raise purchase orders, and run inventory checks directly inside the system, each with user approval and an audit trail. Inside Workday, agents in early access can approve timesheets in bulk, start performance reviews, and submit payroll inputs. Vertice is running an autonomous contract negotiation agent it calls Ana.

These are not drafts waiting for a human to press send. They are writes to the systems of record that run your business. When an agent posts a journal entry or negotiates a supplier deal, the cost of a mistake changes shape. A clumsy email draft wastes a minute. A wrong entry in your ledger can take weeks to unwind, and a bad clause in a signed contract can cost a great deal more.

Why Everyone Is Buying the Same Thing

Set the four deals side by side and the logic lines up. Rossum brings a transaction-trained model that has learned from tens of millions of documents. Contentful brings structured, approved content that more than 4,800 brands already rely on. Vendr brings a procurement dataset that ERP Today puts at more than $75 billion in indirect spend, over two million pricing data points, and more than 250,000 negotiated contracts, all feeding Vertice's 60-plus agents. StackAI brings the workflow plumbing that connects agents across ERP, CRM, and the systems around them.

None of that can be improvised by a general-purpose model. An agent negotiating your supplier contracts is only as good as the contract data it learned from. Vendors are paying billions because domain-specific data, document context, and workflow history are precisely the inputs a frontier model arrives without. The practical takeaway for anyone weighing up an agent platform is one question: what proprietary data does this vendor actually control? That is where reliable execution comes from, and where one platform pulls away from another.

The Governance Gap Nobody Is Pricing In

Here is the part that should give technology leaders pause. ERP Today's phrase for the current moment is that the AI execution stack is fragmenting before it is governed. Every platform buying these capabilities is building its own control layer, on its own terms.

Picture where that leads. An agent acting in your finance system under one vendor's rules. Another acting in procurement under a second. A third approving payroll inside your HR platform. A fourth closing out work orders in field service, and a fifth assembling customer-facing content. Five execution points, five separate approval models, and nowhere central to decide what any of them is allowed to do. That is how a business ends up with autonomous actions running across finance, procurement, and operations, and no single answer to who approved what.

The vendors selling execution understand this, which is why the credible ones lead with control rather than autonomy. Nominal's pitch to finance teams is built on determinism, auditability, and human review designed into the workflow rather than bolted on afterwards. Priority wraps its agents in user approval and auditable controls. "Agents execute" is a governance statement before it is a productivity one. The design question is not whether an agent can perform the task. It's whether the approval chain, the audit trail, and the exception handling exist before the agent touches live data. Most pilots work that out afterwards, which is the wrong order.

The Delivery Race Tells You Where the Work Is

One more signal is worth reading. Google Cloud spent the month expanding not its models but its delivery muscle. It pushed Gemini Enterprise deeper into Workday and IBM, stood up a new practice with IBM staffed by thousands of certified consultants, and added NTT DATA with a target of 5,000 certified experts and as many as 500 co-built agents. IBM described the opportunity as worth billions.

The message underneath the announcements is hard to miss: a model partnership with no delivery capacity behind it isn't a business. Putting agents into live operations is a delivery and governance problem far more than a model problem. NTT DATA's own research makes the strain concrete. 99% of enterprises say AI is driving greater demand for cloud investment, while 88% say their current cloud spend is already putting AI and modernisation plans at risk. The appetite is there. The scaffolding to support it, in most organisations, is not.

Before an Agent Touches Live Data

If your organisation is anywhere near putting agents into operational systems, a few things belong in place first, not later:

• One control layer, not one per vendor. Decide centrally what agents may read, what they may write, and where a human has to sign off, then hold every platform to that standard rather than accepting five different ones.
• Approval chains and exception handling designed up front. Define what an agent does when it meets something it shouldn't act on, before it ever meets it.
• An audit trail for every action. If an agent posts to a system of record, you need to answer who, what, and why long after the event.
• Clear ownership of your domain data. The context that makes execution reliable is your asset. Know where it lives, and who controls it.

Q&A: Moving From Agents That Advise to Agents That Act

What's the real difference between the agents we already have and these "execution" agents?
The agents most teams run today read data and suggest something; a person then acts. Execution agents write to live systems themselves, posting invoices, approving payroll, or negotiating contracts. The risk moves from a weak draft to a real transaction in your system of record, which is a different category of mistake to manage.

Our vendors say their agents have human oversight and audit trails. Isn't that enough?
It's the right starting point, but each vendor governs only its own agents. If you're running execution agents across finance, procurement, HR, and service, you need one policy that spans all of them, not four that never speak to each other. The gap between those vendor controls is where accountability quietly disappears.

Why are software vendors spending billions on acquisitions rather than better models?
Because the model is no longer the hard part. Reliable execution needs domain-specific data, document context, and workflow history that a general-purpose model doesn't hold. The June deals are vendors buying those inputs outright. When you assess a platform, ask what proprietary data it controls, because that is what separates an agent that performs from one that guesses.

We're a mid-market business, not a large enterprise. Does this apply to us yet?
Yes. Priority's latest release puts execution agents inside the ERP for 75,000 customers across 70 countries. Embedded agents that act are now a mainstream product decision rather than an enterprise-only capability. Treating agentic execution as a future-roadmap item now puts you behind your peer group, not ahead of the risk.

Where do we start without slowing the business down?
Map the systems of record an agent could write to, and rank them by blast radius. Begin where the volume is high and the rules are clear, such as invoice processing or reconciliation, with approval and audit built in from day one. Prove the governance model on something contained before you let an agent act anywhere sensitive.

Working Through This With Vertex Agility

The move this article describes – from agents that advise to agents that execute inside live systems – sits squarely where two of our practices meet.

Our Software Consultancy team builds the parts that make execution safe: custom engineering, the APIs and integrations that connect agents to your systems of record, DevOps and CI/CD discipline, and security held to recognised standards such as OWASP. That is the layer where a single, coherent control plane gets built rather than left to each vendor to define for you.

Our AI Consultancy practice works alongside it on AI strategy, implementation, and the governance frameworks responsible adoption depends on: the approval chains, audit trails, and human-oversight models that decide whether an agent acting on live data is an asset or a liability. Keeping both disciplines under one roof means the engineering and the governance are designed together, which is the whole point of this article.

As a delivery partner to Microsoft, Google, Salesforce, and AWS – the same vendors building these execution layers into Dynamics, Gemini Enterprise, and Agentforce – we help technology leaders put agents into operations with the controls defined before, not after, they go live.

If you want an independent read on where your organisation stands across strategy, data, talent, use cases, and governance, our free AI Readiness Audit covers exactly that ground, with Governance & Risk as one of its five pillars. For a deeper conversation about putting agents into live operations safely, get in touch with us directly below.