What is agent operability — and why your enterprise needs it.
auxfirst introduces agent operability: a practical way to assess whether a workflow can be safely worked by an AI agent, not just watched by one. Here's the model, a self-check you can run today, and where to go deeper.
The definition
Agent operability is the capacity of a specific workflow to be performed by an AI agent with bounded autonomy, usable context, explicit decision rights, and reconstructable accountability.
Not the enterprise. Not the model. The workflow. A capable agent inside an inoperable workflow is still an inoperable system.
Why this matters now
Enterprise agent pilots keep failing in the same place — and it isn't the model.
The pattern is now recognizable everywhere: a team demonstrates that an agent can perform a meaningful task. The pilot is celebrated. Then production requirements expose missing data semantics, undocumented exceptions, and cross-system permissions no single employee holds. The team adds approvals everywhere to survive security review. The workflow becomes slower than the original. Users stop trusting it. The organization concludes agents aren't ready.
- A team demonstrates the agent can perform a meaningful task.
- The pilot is celebrated.
- Production exposes missing data semantics, undocumented exceptions, and cross-system permissions no single employee holds.
- Approvals get added everywhere to survive security review.
- The workflow becomes slower than the original.
- Users stop trusting it.
- The organization concludes agents aren't ready. ← the wrong conclusion, drawn from the right evidence
The agent was ready. The workflow wasn't operable.
IT leaders already know this. When Box CEO Aaron Levie hosted a dinner with enterprise technology leaders in July 2026, the hottest topics weren't model benchmarks — they were change management, upgrading processes to modern operating models, getting structured and unstructured data into shape agents can work with, and the unsolved problem of agents needing their own roles and privileges because "agents can't keep things secure on their own."
Everyone agrees on the problem. Almost nobody has a vocabulary for the solution. That's what agent operability provides.
The model
The three layers.
Every workflow's operability rests on three layers. The weakest one sets the ceiling.
Data shape
Can the agent consume the context the workflow depends on?
Process design
What should it read, draft, decide, or execute — and where must a human stay in the loop?
Trust & permissions
As whom does the agent act, and who answers for the result?
The rule: operability = minimum(data shape, process design, trust & permissions). High scores in two layers don't compensate for a near-zero in the third.
Layer 1 — Data shape
Can the agent consume the context the workflow depends on? Not "do we have the data" — enterprises always have the data. The question is whether the agent can distinguish policy from commentary, current from superseded, global from market-specific, and whether the meaning currently lives in folder names, naming conventions, and one experienced analyst's head. Readable is not operable.
Layer 2 — Process design
What should the agent read, draft, decide, or execute — and where must a human stay in the loop? Most workflows exist in three versions: the documented process, the process leaders believe runs, and the process experienced employees actually run. Agents meet version three. Every action needs a deliberate placement on the autonomy spectrum, matched to its heat: how reversible it is, how far it spreads, who sees it, what it commits you to.
Layer 3 — Trust & permissions
As whom does the agent act, and who answers for the result? Cross-functional workflows need access no single employee has — which is usually intentional. "Run it under Dave's login" borrows a human identity and creates permanent accountability debt. Agents need their own identity, a named sponsor, a bounded permission envelope, and an authorship trail that makes their output answerable. This is the layer everyone skips, and the reason most pilots die in security review.
Try it now
Run this five-question check today.
Pick one workflow you're considering for an agent. Answer honestly:
- Can you name the authoritative source for every consequential decision in the workflow — and would the agent know it's authoritative?
- Has anyone observed how the workflow actually runs, including exceptions — or only read the documentation?
- For each action the agent would take: is it read, draft, decide, or execute — and who decided that?
- What account would the agent use, and could security review approve it in its current form?
- If the agent's output turned out wrong next quarter, could you reconstruct what it did, what it used, and who approved it?
Go deeper
The field guide — and the audit.
We've published The Agent-Operable Enterprise, a free field guide for enterprise AI and technology leaders. It covers the full three-layer model, the Action Heat Ladder for matching autonomy to consequence, the Agent Identity Card, the permissions problem nobody owns, what "headless" means for your vendor stack, and a complete 90-day path to your first agent-operable workflow — including the scored 42-item self-assessment.
We give away most of the methodology deliberately. The value isn't knowing the steps exist. It's running them with rigor and cross-functional accountability.
The Agent-Operable Enterprise
The complete field guide: 9 chapters, the 90-day path, the glossary of delegation, and the 42-item self-assessment. No email wall.
Read it at agentoperability.com →The Agent Operability Audit
For teams that want an evidence-backed answer for a real workflow: the operability map, the prioritized data fixes, the human–agent operating model, the Agent Identity Card, and a build / buy / orchestrate / wait recommendation with a scoped path.
Explore the audit →We map the workflow as it actually runs and audit all three layers. Not a data cleanup project. Not an AI strategy deck. Not a pilot. The diagnostic that tells you whether the pilot will survive contact with your operating model — before you fund it.
The wrong conclusion, drawn from the right evidence.
Enterprises keep concluding that agents aren't ready, when the evidence actually says the workflow wasn't operable. Agent operability gives IT, security, legal, operations, and the business one vocabulary — and one shared object to inspect — before anyone funds two more quarters of pilot archaeology.
A capable agent inside an inoperable workflow is still an inoperable system.
The instrument & further reading
Method · The Levie dinner themes reference Aaron Levie's public notes from a July 2026 enterprise-leaders dinner (X). Agent operability, the three-layer model, and the audit methodology are auxfirst frameworks, published in full at agentoperability.com.