← Back to News

Field Notes: AI — November 2025

By Del

The month in one paragraph

November 2025 was the enterprise-pilot reality check. Agentic coding was no longer judged only by whether it could solve impressive tasks. It was judged by whether a platform, security, or legal team could allow it inside real work. Claude, Codex, Copilot, Cursor, and open agents all had to answer the same questions: what can the agent see, what can it change, how is the run logged, who approves risky actions, and how do you prove what happened later?

Actual field update

  • Governance became adoption-critical: admin controls, seat policies, audit trails, and permission boundaries moved from "nice to have" to rollout blockers.
  • Enterprise pilots hardened: teams started measuring usage, failure classes, review overhead, and policy-pass rates.
  • Tool access became risk: connector surfaces and agent tools created new possibilities for data access, write actions, and cross-system side effects.
  • Agent selection became operational: organizations began caring less about model demos and more about manageability.

Robustness check

Strong claim: enterprise adoption depends on governance surfaces.

Strong claim: MCP-style connector growth increases the need for consent, scoped auth, and audit.

Weak claim to avoid: "MCP makes integrations safe." The MCP spec standardizes access patterns, but explicitly puts consent, authorization, access controls, and data protections on implementors.

Agentic design pattern change

The new pattern was:

task request
→ policy check
→ scoped context/tool grant
→ agent run
→ review artifact
→ audit record

The agent became something the organization had to govern, not just something the developer personally used.

Fallout

  • Platform teams became owners of agent reliability.
  • Security teams moved earlier in the launch path.
  • Tool registries started needing provenance and trust tiers.
  • Logs and transcripts became procurement artifacts.

What builders should copy

  • Implement trust tiers for tools: read-only, reversible write, irreversible write, external side effect.
  • Require approval interrupts for destructive or external actions.
  • Store consent and approval as events in the run ledger.
  • Separate tool discovery from tool authorization.

Resource sources

Operator math (TeX)

Rpilot=Npolicy-pass-workflowsNtotal-workflowsR_{\text{pilot}} = \frac{N_{\text{policy-pass-workflows}}} {N_{\text{total-workflows}}}

Comments (0)

No comments yet. Be the first!

You must be signed in to comment. Contribute to comment.