Agentic AI is arriving through the platforms you already pay for. Can your controls keep up?
For Microsoft 365-heavy organisations, the issue is practical: what can AI access, what can it do, where can sensitive data leave the environment, who approves higher-risk actions, and how will usage and cost be monitored?
This insight covers where AI is already arriving, the control gaps most mid-market environments have today, the Australian baseline that applies, and what AI readiness looks like as engineering work rather than a workshop.
Three checks before AI scales
Agentic AI readiness is not a strategy document. It starts with three practical checks: what changed, what must be engineered, and where visibility is missing.
What changed when AI moved from assistive to agentic?
Assistive AI produces content; the user reads it and decides what to do. Agentic AI produces actions: it plans steps, calls tools, retrieves data and executes across systems before anyone has read what just happened.
Why is this an engineering question, not a governance one?
Governance frames the rules. Engineering operates them. Once AI can retrieve data, trigger workflows or act through a user's permissions, the work becomes identity, permissions, classification, DLP, audit trails, monitoring, cost control and approval points.
Where should an Australian mid-market organisation start?
Map where AI is already entering the environment, especially through Microsoft 365 Copilot, embedded SaaS agents and unapproved shadow AI. Then identify what those agents can access, where sensitive data can leave, and which actions need human approval.
Assistive AI produces content. Agentic AI produces actions.
- Produces content
- User reviews first
- Primary risk accuracy, privacy, attribution
- Control focus data use
- Executes steps
- Actions may happen before review
- Primary risk authority, access, reversibility
- Control focus permissions, approval, audit, rollback
The risk changes when output becomes action.
The agents in your environment are not the ones you decided to deploy.
Most boardroom AI conversations are still framed around "should we deploy AI?" For most organisations, that framing is already behind reality. AI capability is arriving through platforms the organisation already pays for.
The scale is moving quickly. Industry forecasts put task-specific AI agents in around 40 percent of enterprise applications by 2026, up from less than 5 percent in 2025. The business may not get to choose whether AI appears. It does get to choose whether that AI is visible, controlled and useful.
Nine gaps that show up in almost every mid-market environment.
An AI readiness review is not a strategy exercise. It is a control gap assessment. The gaps are operational, identifiable in days, and most environments have at least six of the nine.
Over-permissioned users
Copilot inherits whatever the user can see, so the blast radius of an agent acting through that account is the user's accumulated permissions.
No agent approval model
No defined rules for which actions an agent can take autonomously, which require human approval, and which require human execution.
No clear owner
AI sits between IT, security, legal, risk, finance and the business, and falls through the gaps between them.
Unmanaged sensitive data
Sensitive documents, records and credentials sit outside controlled locations.
Weak or absent classification
Without sensitivity labels, DLP cannot apply. The agent treats all data the same.
No DLP for prompts and responses
Nothing stops a user pasting confidential data into a personal AI account, and there is no monitoring of what leaves through approved tools either.
No AI register
No central record of which AI tools, agents or features are running, who owns each, and what each can access.
No monitoring
No central visibility into who is using AI, which agents are running, what data they touch, or what actions they execute.
No AI cost governance
Consumption-based spend grows without owner, budget envelope or review cadence.
The six practices that frame what good looks like in Australia.
In October 2025, the Department of Industry, Science and Resources published the Guidance for AI Adoption: Foundations, condensing earlier voluntary guardrails into six essential practices for responsible AI governance and adoption.
The point is not to slow AI down. It is to make adoption credible enough to scale.
The deliverable is a control set, not a strategy document.
A consistent finding across reputable research is that AI programmes struggle less because models are unavailable and more because organisations are not operationally ready. The failure modes, escalating cost, unclear value and inadequate risk controls, are governance and engineering problems, not model problems.
The organisation does not need every control to be perfect before it starts. It does need to know which use cases are low-risk enough to pilot, which need stronger data and permissions first, and which should wait.
Agentic AI is not a feature you can switch on. It is a control surface that has to be operated.
Inlight IT's view is simple: agentic AI should not be treated as a software feature that can be switched on because a vendor made it available. Once AI can retrieve data, trigger workflows, update records or act through a user's permissions, the control surface has changed, and the response has to be engineering, not a policy document.
The AI that puts you at risk is not the AI you bought. It is the AI arriving through the platforms you already pay for.
Treat AI as a control surface
Start with identity and permissions
Control data movement
Operate approval, monitoring and cost
Where this is delivered.
AI readiness is not a separate discipline bolted onto the environment. It is delivered through the same control foundation that good Microsoft 365 and security operations already rely on: identity hardening, Conditional Access and granular access control on one side, and monitoring, alerting and incident response on the other. A VLI Conveyors Microsoft 365 deployment built that identity and access foundation in practice.
Identify approved use cases, data requirements and controls before adoption scales.
Structure the workflow before AI is added to it.
Questions organisations ask about agentic AI readiness
What is agentic AI?
Agentic AI is AI that takes action rather than only producing content. An agent plans a multi-step workflow, calls tools, retrieves data from systems, executes actions on the user's behalf and reports back, often before a person has reviewed the result.
How is agentic AI different from Copilot or ChatGPT?
Assistive tools like a chat prompt or a copilot draft produce output the user reviews before anything happens. Agentic capability executes steps across systems, so the risk moves from accuracy and privacy to authority, access and reversibility. Copilot and similar platforms are progressively adding agentic features, which is why the distinction matters inside tools organisations already run.
Why does Microsoft 365 permission hygiene matter for AI?
Copilot acts on the user's permissions and accesses whatever data the user can already see. If users are over-permissioned, the blast radius of an agent acting through their account is the user's accumulated access. Right-sizing permissions is the single most direct AI readiness control in Microsoft 365 environments.
What is shadow AI?
Shadow AI is the use of unapproved AI tools for work, typically personal ChatGPT, Claude or Gemini accounts. Sensitive data leaves the organisation's control boundary every time a prompt is submitted from a personal account, and it usually happens because there is no approved alternative.
What controls should be in place before AI adoption scales?
A practical control set covers identity and permissions, data classification and DLP, audit trails and monitoring, human approval points, approved AI pathways, cost governance and outcome metrics. Not every control needs to be perfect before starting, but the organisation needs to know which use cases are low-risk enough to pilot and which need stronger data and permissions first.
Where should a mid-market organisation start?
Map where AI is already entering the environment, especially Microsoft 365 Copilot, embedded agents in SaaS platforms and shadow AI. Identify what those agents can access, where sensitive data can leave the control boundary, and which actions require human approval before anything is executed.
Turn AI interest into practical use cases your teams can use.
Identify practical AI use cases, data requirements and controls before adoption scales.
Explore AI Applications