Jason Vs The Noise Field notes, insights and projects

Insight / signal

Your AI agent will find the mess you forgot existed

Published25/05/2026
FormatInsight

Everyone wants an AI agent now.

AIagentsoperationsJasonVsTheNoise

Everyone wants an AI agent now.

Fair enough. Agents are finally becoming useful enough to deserve the attention. Not just chat windows with a nicer badge. Actual software that can plan, browse, run code, manage files, call tools, and keep going while you get on with something else.

That is the exciting bit.

The less comfortable bit is what happens when you let one inside a real business.

Because the agent will not walk into a clean, well-labelled, perfectly governed operating system. It will walk into the thing most companies actually have: old folders, weird permissions, duplicate documents, forgotten SharePoint sites, Slack archaeology, half-finished automations, client files in the wrong place, and data nobody has owned since the person who created it left in 2021.

The agent does not create all of that mess.

It finds it.

That point came through sharply in a TechCrunch piece from the weekend. Francis de Souza, COO of Google Cloud, warned that the AI attack surface now includes models, training data pipelines, agents, and prompts. He also made a very practical point: agents moving through a company’s systems can surface forgotten internal data repositories. Old SharePoint servers. Stale access controls. Places that did not feel urgent because nobody knew where they were.

Then an agent turns up with search, tools, and patience.

Lovely.

This is where the AI conversation needs to mature a bit. For the last couple of years, most business owners have been trained to ask shallow questions:

  • Which model is best?
  • Can it write our content?
  • Can it replace some admin?
  • Can it build a landing page?
  • Can it do sales outreach?

Those are not bad questions. They are just not enough anymore.

Once agents can take action, the better questions are duller and much more important:

  • What can this agent see?
  • What can it change?
  • What can it send externally?
  • Which tools can it call?
  • Which data sources are trusted?
  • Where are the logs?
  • Who approves risky actions?
  • How do we roll back a mistake?
  • Can we explain what happened if a client, regulator, employee, or board member asks?

That is the shift.

AI adoption is moving from prompt writing to operating design.

You can see it in the product news. Google used I/O to push deeper into what it calls the agentic Gemini era. One of the more interesting announcements was Managed Agents in the Gemini API. Google says a single API call to the Antigravity agent can provision a remote Linux environment, reason and plan, call tools, execute code, manage files in an isolated sandbox, and browse the web to fetch live data.

That is not a chatbot. That is a junior operator with a toolkit.

OpenAI is pushing in the same direction with Codex. Its Gartner enterprise coding agents announcement was not framed around cute autocomplete tricks. The useful part was the control layer: approval gates, RBAC, customisable policies, OS-level sandboxing, auditable workspace governance. Codex can understand large codebases, use tools, make changes, run tests, and prepare work for human review. OpenAI says Codex is used by more than 4 million people each week and name-checks enterprises including Cisco, Datadog, Dell Technologies, and NVIDIA.

The marketing language is polished, obviously. It would be. But the signal underneath is clear enough: serious agent adoption is being sold on speed with control.

Not just speed.

Control.

That is the bit business owners should pay attention to.

Most AI implementations I see people talking about are still stuck at the novelty layer. Can we make more posts? Can we summarise meetings? Can we make a bot answer customer questions? Can we automate the proposal draft?

Fine. Do those things. They are useful.

But if you are putting agents into the actual operating flow of a company, you need a map before you need a miracle.

A proper agent rollout should start with a fairly boring audit:

  • The systems the agent can access.
  • The data classes inside those systems.
  • The actions it can take without approval.
  • The actions that need human approval.
  • The places where old permissions are probably wrong.
  • The logs you need to keep.
  • The failure modes you can live with.
  • The failure modes you absolutely cannot.

This is not just an IT problem either.

Marketing teams should care because they are often where the mess is most visible. Campaign folders. Client assets. Draft offers. Customer lists. Analytics access. CRM notes. Ad accounts. Sales call transcripts. Social content. Brand docs. Old spreadsheets with scary names like “FINAL_FINAL_v7_USE_THIS_ONE”.

Give an agent access to that without a proper operating model and it may produce something useful. It may also blend the wrong source, expose the wrong context, reuse the wrong claim, email the wrong segment, or quietly optimise towards a metric nobody believes in.

That is not science fiction. That is Tuesday in a messy business with better software.

There is a commercial opportunity here for agencies and AI consultants, but it is not the one the loudest people are selling.

The weak offer is: “We will add AI to your marketing.”

The better offer is: “We will make your commercial operating system agent-ready.”

That means sorting the workflow, not just adding a wrapper. It means building the permissions, approvals, source hierarchy, logging, and measurement around the AI. It means deciding what the agent is allowed to do on its own and where a human with taste, judgement, or legal responsibility stays in the loop.

It also means telling clients something they may not want to hear: your AI problem might be a filing problem, a permissions problem, a data-quality problem, or a decision-rights problem.

Not glamorous. Useful.

This is where I think the post-agency model gets interesting. The old agency sold output: pages, posts, campaigns, reports, creative, decks. The next agency builds operating layers. It helps a business sense what is happening, decide what matters, create the right assets, publish them, follow up, measure the result, and learn from it without everything falling back into someone’s inbox.

Agents fit that model beautifully, but only if they are managed like part of the operating system.

Otherwise you get a very clever intern with access to the cupboards, the client files, the credit card, and no memory of why the business works the way it does.

No thanks.

If you are looking at AI agents this quarter, do not start with the demo.

Start with the map.

What can the agent see? What can it touch? What does it believe is true? What happens when it is wrong? Who checks the output? Who owns the system? Where is the audit trail?

The companies that answer those questions properly will get more than content volume. They will get faster commercial operations with less panic attached.

The companies that skip them will still get speed.

Just not always in the direction they hoped.