Skip to main content
Perspective:
Perspective
29 Jan 2026
12 minute read

Engineering the agentic enterprise

How software, AI, and cybersecurity are redefining enterprise agility and resilience

From traditional applications to SaaS+ to a future of agentic artificial intelligence (AI) architecture, explore the transformative shifts in enterprise software and how organizations could benefit.

Engineering the agentic enterprise
Download PDF (4MB) View PDF
A new era of enterprise software

Enterprise software is at an inflection point. Organizations are moving from traditional, standard packaged applications and configurable software-as-a-service (SaaS) to “SaaS+” models augmented by agent-enabled customization. The next horizon most certainly will be agentic architectures, where autonomous software agents can coordinate workflows, make decisions, and act with human guidance and oversight.

This evolution isn’t an “either/or” proposition between packaged and custom, or human-led and agent-led. It’s an “and” approach to help enterprises determine the right models for their needs. Executives must understand how to best integrate these models for an effective balance between innovation, security, and governance. 

The shift from packaged to SaaS+ to agentic only

Historically, organizations relied on packaged or custom, off-the-shelf (COTS) software with minimal customization to avoid unnecessary complexity. They also avoided customizing solutions due to the restrictive nature and cost of customization. But the rise of SaaS enabled faster deployment, regular updates, and configurable workflows while keeping complexity in check. Today, there’s a shift toward “SaaS+” which inserts agentic capabilities into standard platforms, thereby embedding intelligence, automation, and customization within core systems.

We believe the next stage and the future of software engineering is “agentic only.” This is the process of building systems with autonomous agents that can analyze, act, and collaborate across environments. AI agents can address the unique processes and needs of individual organizations, giving them flexibility over COTS solutions. For example, agents can autonomously interpret business goals, invoke tools and processes, and execute workflows across systems, often with more efficiency than traditional automation. Agents can also provide persona-based “digital twins” to execute business functions without a corresponding growth in headcount. 

Three enablers for packaged, SaaS+, and agentic AI operations

For organizations to operate effectively across a continuum of packaged, SaaS+, and agentic AI, three enablers are crucial: modern infrastructure, advanced observability, and robust cybersecurity.

Infrastructure

A cloud-native, edge, and automated infrastructure is the foundation for the agility that enables choice. Agentic applications require dynamic compute capacity, near real-time data access, and flexible scalability. Techniques such as containerization, orchestration, and infrastructure-as-code approaches allow organizations to efficiently deploy, scale, and integrate agents across hybrid environments. Where latency or local-processing capabilities matter, edge computing becomes essential. Without this agility, agentic systems could remain as proofs of concept rather than valuable, scalable realities.

Observability


Observability enables organizations to monitor how agents operate, make decisions, and impact broader systems. Observability is more than simple monitoring. It can provide insight into agent behavior, workflow efficiency, and operational anomalies. This enables teams to spot issues and remediate them before they become critical. Further, metrics on decision quality, tool use, and escalation patterns can enable continuous improvement and reveal areas that could benefit from human oversight. Finally, observability fosters trust in systems that are partially autonomous “black boxes,” which is a non-negotiable condition for scaling agentic operations to the enterprise.

Security


Because agentic architectures redefine the security environment, modern approaches such as zero trust, identity-aware networking, and application programming interface (API)-level protection are mandatory. Fundamentally, each autonomous agent represents a new identity within the enterprise environment that requires authentication, authorization, and auditing akin to that of a human user. Complexity is increased with autonomous agents working in a multi-agent system to achieve a business goal. Agents can spawn ephemeral agents and control, auditing, discovery, and life cycle management of child agents. Critical steps to protect these environments involve:

  • Zero trust. Each interaction, whether human or agent-initiated, must be verified. Techniques such as least-privilege access and micro-segmentation can reduce risk.

  • Agent and API governance. Just like humans, each agent must adhere to defined access parameters, credentials, and life cycle management policies such as registration, auditing, and retirement.

  • Data security and governance. Agents often require access to large, disparate volumes of enterprise data. It’s essential to practice effective data handling, lineage tracking, and encryption.

  • Life cycle control. Agents learn and iterate as they evolve. Their decisions and outputs must be completely traceable, explainable, and constantly subject to review.

These factors are fundamental to an enterprise’s ability to innovate securely. Infrastructure enables performance, observability fosters trust, and security maintains control. Taken together, they can determine whether agentic AI introduces more vulnerability or delivers 
sustainable value.

Engineering and cyber: Securing the future

The success of agentic AI depends immensely on the creation of a trusting, collaborative partnership between software engineering and cybersecurity. Both may need to shed their histories as independent, sometimes rival, disciplines to become partners that are jointly responsible for design, delivery, and safeguarding intelligent enterprise systems. Trust is the cornerstone of successful AI adoption.

Many enterprise functions are ripe for agentic augmentation, but it’s not a panacea. Operational, infrastructure, and customer-facing activities are most likely to be suitable for agentic AI.

Back-office processes, information technology (IT) operations, infrastructure management, software testing, and workflow-intense environments are strong candidates. Agents can generate and validate code, manage configurations, triage incidents, automate testing, or deploy approval chains, which can streamline operations while maintaining compliance.

Likewise, in customer-facing areas, agents can coordinate marketing campaigns, manage multichannel interactions, or personalize product recommendations. Within IT, they can support DevSecOps pipelines, automate deployment checks, and continuously monitor compliance.

The need for collaboration between engineering and cybersecurity is clear. Engineering and cybersecurity can work together to determine where agentic AI can offer the most return on investment (ROI). Engineering can identify tasks for potential automation, while cybersecurity can develop mechanisms to ensure that solutions maintain compliance and manage risk effectively. They can also prioritize ways in which efficiency and security can be jointly improved.

Modern engineering practices make agentic development possible at scale. Modular, API-first design; event-driven systems; and continuous integration/continuous delivery pipelines all support safe experimentation and quick delivery of applications. Further, teams can build reusable frameworks, implement model and logic version control, and detect incorrect configurations or anomalous behavior. Crucially, human software engineers remain central to orchestrating these complex systems by providing oversight, ensuring adaptability, and maintaining alignment with ethical standards at every stage. Advanced testing environments and sandboxes are also essential to verify that agents act within appropriate, explicit boundaries. The drive for engineering excellence can help ensure that autonomy enhances, rather than undercuts, reliability.

Cybersecurity practices are quickly having to adapt to a world where machines act on behalf of humans. As with humans, each agent needs a certifiable identity, defined privileges, and monitoring to ensure that tasks are completed correctly. Therefore, cyber teams should implement continuous authentication, effective credentialing, and threat detection processes customized to expected agent behavior. Cross-domain (intercompany) agent orchestration creates more complexity as agents need to be aware of agent impersonation. A trusted registry to discover and consume agents becomes a core part of the trust infrastructure.

Cyber should also develop escalation protocols for those times that agents encounter unclear decision options or potential security threats. Visibility into data flows between agents, APIs, and models is also critical to prevent security breaches or misuse. Finally, design techniques such as isolation, encryption, and immutable logging must extend into all stages of the agent life cycle—from creation to retirement. 

The collaboration between engineering and cyber should be intentional. They must work together to embed an ethos of governance, scalability, and security into the organization’s efforts to implement agentic AI. Engineering should involve cybersecurity from the earliest design phases so that appropriate risk considerations can inform decisions and choices from architecture through deployment.

Conversely, it’s essential that cyber teams understand engineering pipelines, observability methods and dashboards, and development schedules to ensure security without hindering progress. Joint playbooks, shared information, and collaborative incident response can help close the loop between development and security.

Fundamentally, the alignment of engineering and cyber to form a collaborative partnership can transform security from a development constraint to an accelerator. When engineering and cyber collaborate, organizations can deploy agentic solutions confidently because they understand that innovation and protection advance together. The result is a secure foundation for intelligent automation that can scale as needed to provide outcomes that meet business goals. 

Benefits of adopting across packaged, SaaS+, and agentic architectures

Readiness for the future

Find out more

Greater agility and speed to market

Find out more

Faster innovation

Find out more

Operational resilience

Find out more

Enhanced customer experience

Find out more

Cost efficiency and resource optimization

Find out more
Progress is process of managed, secure evolution

Agentic AI’s emergence heralds an evolution in how enterprises design, deploy, and manage software. Success in this new era will require thoughtful planning—deciding where to maintain packaged solutions, where to move to SaaS+, and where to implement fully agentic architectures—and whether and when to deploy all three.

By approaching agentic adoption as a process that’s grounded in engineering discipline, cybersecurity consistency, and strategic vision, leaders can turn potential into better performance and gain a competitive edge in the era of the intelligent enterprise. Learn how we can help in our full report

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Get in touch

Vikram Kunchala

Vikram Kunchala

Principal, Digital Trust & Privacy Leader | Deloitte & Touche LLP
Faruk Muratovic

Faruk Muratovic

Principal | US AI & Engineering Strategy & Services Leader at Deloitte
+1 415 783 2094

Recommended links

Cyber

Deloitte Cyber & Strategic Risk offers a unified approach to help you tackle obstacles, build new capabilities, and move forward fast. Leverage our breadth and depth to transform your organization, wherever you are on your journey.
Services

AI & Engineering

Transform the heart-of-the-business operations using tailored engineering solutions powered by AI and data. 
Services