Launch · Field Note · July 2026

What is agent operability — and why your enterprise needs it.

auxfirst introduces agent operability: a practical way to assess whether a workflow can be safely worked by an AI agent, not just watched by one. Here's the model, a self-check you can run today, and where to go deeper.

The definition

Agent operability, defined

Agent operability is the capacity of a specific workflow to be performed by an AI agent with bounded autonomy, usable context, explicit decision rights, and reconstructable accountability.

Not the enterprise. Not the model. The workflow. A capable agent inside an inoperable workflow is still an inoperable system.

Why this matters now

Enterprise agent pilots keep failing in the same place — and it isn't the model.

The pattern is now recognizable everywhere: a team demonstrates that an agent can perform a meaningful task. The pilot is celebrated. Then production requirements expose missing data semantics, undocumented exceptions, and cross-system permissions no single employee holds. The team adds approvals everywhere to survive security review. The workflow becomes slower than the original. Users stop trusting it. The organization concludes agents aren't ready.

The agent was ready. The workflow wasn't operable.

IT leaders already know this. When Box CEO Aaron Levie hosted a dinner with enterprise technology leaders in July 2026, the hottest topics weren't model benchmarks — they were change management, upgrading processes to modern operating models, getting structured and unstructured data into shape agents can work with, and the unsolved problem of agents needing their own roles and privileges because "agents can't keep things secure on their own."

Everyone agrees on the problem. Almost nobody has a vocabulary for the solution. That's what agent operability provides.

The model

The three layers.

Every workflow's operability rests on three layers. The weakest one sets the ceiling.

The rule: operability = minimum(data shape, process design, trust & permissions). High scores in two layers don't compensate for a near-zero in the third.

Layer 1 — Data shape

Can the agent consume the context the workflow depends on? Not "do we have the data" — enterprises always have the data. The question is whether the agent can distinguish policy from commentary, current from superseded, global from market-specific, and whether the meaning currently lives in folder names, naming conventions, and one experienced analyst's head. Readable is not operable.

Layer 2 — Process design

What should the agent read, draft, decide, or execute — and where must a human stay in the loop? Most workflows exist in three versions: the documented process, the process leaders believe runs, and the process experienced employees actually run. Agents meet version three. Every action needs a deliberate placement on the autonomy spectrum, matched to its heat: how reversible it is, how far it spreads, who sees it, what it commits you to.

Layer 3 — Trust & permissions

As whom does the agent act, and who answers for the result? Cross-functional workflows need access no single employee has — which is usually intentional. "Run it under Dave's login" borrows a human identity and creates permanent accountability debt. Agents need their own identity, a named sponsor, a bounded permission envelope, and an authorship trail that makes their output answerable. This is the layer everyone skips, and the reason most pilots die in security review.

Try it now

Run this five-question check today.

Pick one workflow you're considering for an agent. Answer honestly:

The five-question checkone workflow · answer honestly
  1. Can you name the authoritative source for every consequential decision in the workflow — and would the agent know it's authoritative?
  2. Has anyone observed how the workflow actually runs, including exceptions — or only read the documentation?
  3. For each action the agent would take: is it read, draft, decide, or execute — and who decided that?
  4. What account would the agent use, and could security review approve it in its current form?
  5. If the agent's output turned out wrong next quarter, could you reconstruct what it did, what it used, and who approved it?
Two or more uncomfortable answers means your workflow isn't agent-operable yet — and no model upgrade will fix that. It also means you now know exactly where the work is.

Go deeper

The field guide — and the audit.

We've published The Agent-Operable Enterprise, a free field guide for enterprise AI and technology leaders. It covers the full three-layer model, the Action Heat Ladder for matching autonomy to consequence, the Agent Identity Card, the permissions problem nobody owns, what "headless" means for your vendor stack, and a complete 90-day path to your first agent-operable workflow — including the scored 42-item self-assessment.

We give away most of the methodology deliberately. The value isn't knowing the steps exist. It's running them with rigor and cross-functional accountability.

Free · read online or download

The Agent-Operable Enterprise

01 Data shape02 Process design03 Trust + permissions

The complete field guide: 9 chapters, the 90-day path, the glossary of delegation, and the 42-item self-assessment. No email wall.

Read it at agentoperability.com →
Fixed price · one workflow · three weeks

The Agent Operability Audit

For teams that want an evidence-backed answer for a real workflow: the operability map, the prioritized data fixes, the human–agent operating model, the Agent Identity Card, and a build / buy / orchestrate / wait recommendation with a scoped path.

Explore the audit →

We map the workflow as it actually runs and audit all three layers. Not a data cleanup project. Not an AI strategy deck. Not a pilot. The diagnostic that tells you whether the pilot will survive contact with your operating model — before you fund it.

The wrong conclusion, drawn from the right evidence.

Enterprises keep concluding that agents aren't ready, when the evidence actually says the workflow wasn't operable. Agent operability gives IT, security, legal, operations, and the business one vocabulary — and one shared object to inspect — before anyone funds two more quarters of pilot archaeology.

A capable agent inside an inoperable workflow is still an inoperable system.

The instrument & further reading

The agent operability stack
The Agent-Operable Enterprise — the free field guide (read online, PDF, DOCX) ↗ The Agent Operability Audit — one workflow, three weeks, fixed price
The auxfirst canon behind the model
The Action Heat Ladder — matching autonomy to consequence What Is an Agentic Experience Agency? — incl. Agent Identity Cards Can I Prove What the Agent Did? — the authorship layer Trust in AI Systems — the four-stage trust architecture Execution Got Cheap. Trust Didn't. — why control must be structural, not prompted

Method · The Levie dinner themes reference Aaron Levie's public notes from a July 2026 enterprise-leaders dinner (X). Agent operability, the three-layer model, and the audit methodology are auxfirst frameworks, published in full at agentoperability.com.


Emil Krzemiński is the founder of auxfirst, the agentic experience design agency — helping product, developer, and business teams design AI systems that remember, adapt, and earn the right to act. He is the author of The Agent-Operable Enterprise. Start with the Agent Operability Audit, the AUX Manifesto, or a conversation. For how machines read auxfirst, see the AI info page. Subscribe to the auxfirst Substack for what's next.