The next frontier in enterprise software isn’t just which companies survive the agent era. It’s who gets to govern it.
About eighteen months ago, a lively debate sparked regarding the future of enterprise software. Technology and Business leaders talked about the prospect of SaaS applications collapsing in the agent era.
Earlier This month, during Nvidia’s GTC 2026 conference, Jensen Huang declared that every SaaS company will become a GaaS company - his shorthand for a model in which software doesn’t just support work, but does the work itself, autonomously, through AI agents executing tasks without continuous human input. He compared OpenClaw, the open agent framework drawing so much attention right now, to Linux and HTML — moments when a single open standard gave the entire industry a shared foundation to build on. His argument seems somewhat tactical to me - every enterprise now needs an agentic systems strategy in the same way that every enterprise once needed a web strategy or a cloud strategy.
Whether or not that framing proves exactly right, it points to an interesting question. If agents are going to do more of the work, who governs how they do it?
That is the control-layer question I started to discuss in an earlier post. And right now, it may be the most contested strategic real estate in enterprise software.
When I’ve written about SaaS moats in this series — data and system-of-record moats, workflow and process complexity, interface and engagement, and the governance and compliance dimension — I’ve been thinking mostly about where value lives. The control-layer question asks something slightly different. It asks where authority lives.
An AI agent is not like a user logging into a system, navigating a screen, and making a decision step by step. An agent can query APIs directly, interpret natural-language intent, chain tasks across multiple systems, and execute with little or no human intervention at the level of each individual action. That changes the architecture of responsibility. What’s missing from most current deployments isn’t intelligence — it’s the coordination and governance layer that translates intelligence into authorized enterprise action.
Put differently: the hard problem is no longer getting agents to be capable. It’s getting them to be trustworthy inside a real enterprise environment.
And trustworthy means something very specific. It means identity-aware. Policy-enforced. Auditable. Observable. Capable of escalating exceptions rather than quietly making the wrong call.
The more I think about it, the more the control layer feels like more than just another architectural component. It may be the place where economic power begins to consolidate in the agent era. Because in a world where intelligence is increasingly accessible and execution can increasingly be automated, the scarce resource becomes not capability — but authority.
That helps explain why this layer matters so much right now. A 2026 Celonis report on process optimization, based on a survey of more than 1,600 global business leaders, found that 85% of organizations want to become an “agentic enterprise” within three years — yet 76% admit their current processes can’t support it. And 82% of leaders believe AI will fail to deliver ROI if it doesn’t understand how the business actually runs. That gap — between agentic ambition and operational readiness — is exactly where the control-layer battle is being fought.
What has stood out over the last three months is how many of the major enterprise platforms have simultaneously staked a claim to this same layer — each from a different direction, each with a credible starting point.
Microsoft has arguably planted the clearest flag. Agent 365, now generally available, is positioned explicitly as a control plane for agents — giving IT one place to observe, govern, and secure every agent across the organization, whether built by Microsoft or by third parties. That is entirely consistent with the Nadella thesis: if the application layer is under pressure, become the substrate that governs what comes next.
Workday has made a similarly direct move, but from a different starting point. Its Agent System of Record became generally available earlier this year, with explicit emphasis on visibility, accountability, lifecycle management, and control across enterprise AI agents. What makes Workday’s framing interesting is that it treats agents less like software features and more like a new class of workforce asset — something that needs to be registered, governed, and eventually retired, in the same way that human workers are onboarded, managed, and offboarded.
Snowflake has entered the same conversation from the data side. With Project SnowWork in research preview, it is explicitly describing the need for a control plane that connects enterprise data, intelligence, and action in a governed way. The signal is meaningful: Snowflake does not see governed data infrastructure as adjacent to the control problem — it sees it as foundational to it.
And ServiceNow, whose broader positioning has been consistent throughout this period, keeps making the same argument in different language: in a world of proliferating agents, enterprises need an orchestration and governance layer that prevents agent sprawl, enforces policy, and coordinates work across systems. That is a natural extension of what ServiceNow has been building for two decades.
Four different players. Four different entry points. All converging on the same strategic claim.
What makes this battle genuinely interesting is that the control layer is not a single capability. It sits at the intersection of three things that no single platform fully owns today.
Identity asks: who or what is acting?
Context asks: what data, state, or process is the agent operating on?
Governance asks: what is the agent allowed to do, under what constraints, with what audit trail?
No platform has complete command of all three at once. That is what makes this race so fluid — and why multiple companies can make credible claims at the same time.
In my opinion, Microsoft’s framing extends naturally from identity, security, and productivity infrastructure. Workday’s extends from the system of record and the accountability model it has built around workforce and finance data. Snowflake’s extends from governed enterprise data. ServiceNow’s extends from workflow logic, auditability, and operational orchestration. None of those starting points are trivial. But none, by themselves, are the whole answer either.
That is why I suspect the control layer will be harder to own than many product narratives suggest.
There is another dimension here that I think deserves more attention than it’s getting. The control layer may not be one market. It may be two.
Recent CIO and analyst coverage has pointed to a growing architectural split between horizontal agents — broad agents from Microsoft, Google, and others that help people navigate work across general tools — and vertical agents embedded inside domain-specific systems of record, where high-trust execution actually happens. The framing that emerged in analyst commentary is striking: horizontal agents help employees navigate work; vertical agents embedded in systems of record are the ones enterprises trust to actually execute it.
That distinction matters. Horizontal agents may become the interaction layer — the place where intent is expressed and tasks are initiated. But vertical agents, grounded in deep domain context and governed by business rules, may be the ones given authority over the decisions that actually move the business.
If that split holds, then the control-layer battle may not resolve into a single winner. It may fragment across multiple domains, with one kind of control layer governing broad agent interaction and another governing high-trust execution inside specific systems.
That would make the future architecture less like a single operating system and more like a coordinated fabric of control layers that themselves need orchestration. Which, if you think about it, is also a new kind of moat.
This is where I keep coming back to the framework I’ve been building through this series. The control layer is not a fifth moat. It is the prize that the existing moat types are now racing to capture.
Companies with strong system-of-record moats are claiming that control belongs closest to the data — because accountability and context are inseparable. Companies with strong workflow and process moats are claiming it belongs with the governance logic — because agents without guardrails create liability. Companies with strong compliance infrastructure are claiming it belongs wherever auditability is hardest to replicate — which, in regulated industries, is very close to the process itself.
That makes the original moat question more urgent, not less. Because if a company cannot credibly claim governance authority over the agents acting in its domain, its moat becomes thinner — regardless of how deep it once appeared.
The companies best positioned in the next five years won’t just be the ones with the richest data or the most complex workflows. They will be the ones that can translate those assets into governance authority over the agents that operate within them.
The question I keep sitting with is not whether a control layer will emerge. It will. The question is whether control authority consolidates around one platform — or remains fragmented across multiple layers that must themselves be coordinated.
If it consolidates, the platform that owns it will sit in a position of extraordinary leverage, governing how intelligence is applied across the enterprise.
If it fragments, the challenge for enterprise organizations becomes more demanding. The problem is no longer just deploying agents. It becomes coordinating multiple layers of identity, policy, workflow, and data governance across them — and ensuring those layers don’t create the very complexity they were supposed to solve.
Either way, the implication feels clear. The control layer is not an implementation detail. It is a strategic decision — one that will shape which vendors organizations deepen their relationships with, and which ones they quietly route around.
For most people in a hurry, governance is not the exciting part of the agentic story. I suspect it turns out to be the most important part.
The organizations asking serious questions about agent governance now — before agent sprawl becomes a bigger operational problem — will be in a meaningfully better position than those treating it as an afterthought.
