Priya Sawant leads ASAPP’s engineering team, delivering enterprise AI at scale.

getty
Imagine a CTO walks into a weekly ops review and finds three different teams have deployed AI agents. One was purchased through IT and rolled out across engineering to automate pull request reviews, but no one has defined standards or operating practices. Another is running as a product pilot, funded by engineering but still waiting on IT to establish access controls. A third has been operating under a corporate card with little visibility.
When spending on that third agent suddenly spikes, the immediate question isn’t how to reduce costs. It’s: Who actually owns this? That scenario is becoming increasingly common as AI adoption outpaces governance. And at the center of it is a basic question many organizations still haven’t answered: What exactly are these things?
If they're tools, IT owns them. If they're software, procurement signs a contract. If they're employees, you've added someone HR can't hire, manage or fire. The cost of forcing the wrong fit is showing up in security gaps, in agents creating liability and in finance teams treating workforce-scale spend the same as cloud costs.
AI agents should be secured like software, managed like employees and budgeted like human capital expenditure (CapEx). This means three owners, one coherent operating model and a CTO who brings them together.
This framework is for AI agents that augment your workforce. Customer-facing, revenue-producing agents are a different conversation—those are COGS, with their own operating model.
Secure them like software.
Many companies are still under-investing here. AI agents are increasingly taking actions. Prompt injection, credential leakage and model supply chain risk are all being exploited right now. The good news is that the software security playbook applies well. Secure the technical footprint with the rigor you would give any privileged system:
• Least-Privilege Access: Similar to service accounts, an agent answering customer questions has no business reaching financial records.
• Vendor Security Review: If you'd run SOC 2 diligence on any other piece of enterprise software, run it here too.
• Patch And Release Discipline: Models update. Prompts change. Integrations break. Treat each change like a software release: tested, rollback-ready and monitored for drift.
• Logging: Every action an agent takes should be logged—not for compliance theater, but because you cannot secure what you cannot observe.
Manage them like employees.
This is where the software framing breaks, and where I believe most companies are overcorrecting. Software is deterministic. AI agents are not. They interpret ambiguous instructions, make judgment calls and produce different outputs depending on framing. If you treat them as set-it-and-forget-it automation, you'll get agents drifting, escalating the wrong things and making decisions nobody authorized. Agents are capabilities you develop.
That means applying the same management disciplines you would use to help any new team member succeed and stay accountable:
• Documented Scope Of Authority: What can this agent decide alone? What must it escalate? What's out of scope entirely? Build escalation triggers: specific topics, uncertainty thresholds and high-stakes transactions that always go to a human.
• Onboarding Investment: Treat it with as much care as you would a new hire.
• A DRI For Every Agent: Assign clear ownership. A team should manage the agent, and one person should be responsible for monitoring performance and intervening when issues emerge.
• Performance Review: Are outputs meeting quality standards? Are escalations happening when they should? Run it as a management review with a cadence.
Budget them like human CapEx.
Most companies run AI agent costs through IT budgets or debate them as headcount decisions. Hiding workforce-scale spend in IT line items avoids the conversation; treating it as labor distorts it.
I've found that a more useful frame is human CapEx: investment in productive capacity. Not an accounting treatment, but a management discipline.
The hyperscalers are not just buying faster chips; they are investing billions in liquid cooling, power delivery and supporting infrastructure because compute only creates value when the environment can sustain it.
Your knowledge workers are no different. If an engineer spends 40% of the day chasing approvals, moving data between systems or completing repetitive tasks, then high-value talent is operating below capacity. AI agents act as the supporting infrastructure that removes friction and expands productive output.
From an accounting perspective, this may still sit in OpEx. But from a governance perspective, it should be treated like a capacity investment—something you improve, integrate and optimize over time for compounding returns. Human CapEx keeps the spend visible as an investment in output, not as a tax on every new hire.
Viewed this way, the budgeting model changes in a few important ways:
• Capacity becomes the investment unit. Spend scales with output ambition, not headcount.
• Success is measured by business outcomes. Stop measuring success by "tokens consumed." These are adoption metrics, not value metrics. If an agent costs $5,000 a month in compute but reduces project cycle times by 40%, the budget is justified by outcome, not utilization.
• Growth and margin trade-offs become explicit. If human CapEx increases individual capacity by 30%, leadership must choose: Do we maintain headcount and scale revenue capacity, or do we downsize to protect margins? The framing won't let you bury the question.
The right metrics are the ones your team already owns—resolution time, conversion, cycle time, throughput and error rate. The question isn't, "How much of it are we using?" It's, "Is it moving the numbers we've been measuring all along?"
An Operating Model For The AI-Augmented Workforce
Security belongs to IT and the CISO, framed as software. Operations and quality belong to function leaders, framed as an employee. Budgeting belongs to finance, framed as human CapEx. The CTO is the one who makes those three frames hold together. Without this, each owner optimizes locally—CISO locks things down, function leaders deploy without guardrails, and finance buries the spend—and you end up back in that weekly review with three agents nobody can claim.
When organizations align on all three, that same weekly ops review can look very different a quarter later. Ownership is clear. The CISO reports on access controls and incident activity. Function leaders review outcomes and performance. Finance ties spending to business metrics that the organization already tracks.
The agents have not changed, but the governance model has. Secure them like software. Manage them like employees. Budget them like human CapEx. Measure them by outcomes, not consumption.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

2 hours ago
4













English (US)