AI Agents Are Coming, but They’re Not There Yet

AI trendsSmall Business AIAI Agents
Written By Sam Hardin

Published by Sam Hardin | Bright Pivot LLC

Something significant happened at Apple's developer conference last week. Apple announced a new framework for building AI agents into iOS that routes every action through a structured permission contract — a pre-approved list of exactly what an agent is allowed to do. Book a flight? The app has to declare that capability in advance. Send a calendar invite? Same thing. No freelancing. No surprises.

Apple's engineers called it the App Intents framework, and buried in that announcement is something worth paying attention to: even the most security-obsessed technology company in the world is treating agentic AI as a problem that requires tight controls before it's safe to deploy at scale. That's not a knock on the technology. It's an honest signal about where we are.

So where are we, exactly?

What AI Agents Actually Are

Before the hype takes over, let's be plain about what we're talking about.

An AI agent is software that can take actions on your behalf — not just generate text, but actually do things. It can search the web, send emails, update records, call other programs, make decisions, and hand off tasks to other agents. Done right, it's like hiring someone who works at machine speed and never needs a lunch break. Done wrong, it's a liability that can cause real damage before you even notice something is off.

That's the honest version. And right now, for most small and medium businesses, the "done wrong" risk is more likely than the "done right" payoff.

The Real Risks Nobody Is Talking About Plainly

Security is genuinely unsolved

AI agents need permissions to be useful. They have to be able to access your calendar, your email, your customer data, your business systems. That's the whole point. But those same permissions are what make a compromised agent dangerous.

Security researchers have documented agents that delete emails, take unauthorized actions, and accumulate sensitive credentials in memory that can be extracted later. A survey from early 2026 found that 88% of organizations reported confirmed or suspected AI agent security incidents in the past year — and most of them believed their existing controls were sufficient before it happened. The gap between executive confidence and actual runtime security controls is, according to multiple research reports, the defining problem of enterprise AI right now.

For a large company, that's expensive and embarrassing. For a small business, it can be catastrophic.

Runaway costs are a real thing

AI agents make API calls to other programs. Lots of them. A poorly configured agent can burn through compute costs at a rate that would make your eyes water before you get the bill. Researchers call it "token explosion" — minor misconfigurations that compound into significant infrastructure costs over time. When agents are running autonomously and you're not monitoring them closely, those costs can accumulate in the background for days or weeks before anyone notices.

For a small business running on tight margins, that's not an acceptable risk profile.

The "silent failure" problem

When a human makes a mistake, there's usually some visible sign — a typo, a delay, a complaint. When an agent makes a mistake, it may do so at scale, consistently and quietly, until the damage is already done. A CNBC analysis described this as "silent failure at scale" — systems that do exactly what they were told, not what the business actually meant.

That requires a level of monitoring and oversight infrastructure most small businesses simply don't have yet.

What's Changing — And Why It Matters

None of this means AI agents are a bad idea. It means we're early.

The Apple announcement is a good example of the maturation happening in real time. Their approach — requiring apps to pre-declare every action an agent can take, routing everything through a structured contract Apple can inspect — is exactly the kind of standardization this industry needs. It's not perfect, but it's a model: limit scope, require transparency, and build the permission structure before you build the capability.

Gartner projects that 40% of enterprise applications will include task-specific AI agents by the end of 2026. Deloitte expects 75% of companies to be using agentic AI in some form by 2028. The trajectory is not in question, the timing is.

On-device AI is also getting more serious. Apple's Private Cloud Compute and the Foundation Models framework opening up to developers reduces the cloud dependency that creates some of the cost and data exposure risks in the first place. As compute moves closer to the device and away from third-party cloud infrastructure for sensitive tasks, the risk profile of agent deployments improves meaningfully.

We're probably 6 to 12 months away from a landscape where the tooling, the security standards, and the monitoring infrastructure have matured enough that a small business can adopt agent automation with reasonable confidence in the outcome.

What You Should Be Doing Right Now

This is not a "wait and see" situation. It's a "get ready to move fast when the time is right" situation. The businesses that win in agent adoption won’t be the ones that are standing still at the starting line when the industry catches up to their needs. They’ll be the ones already running past the starting blocks as the starting pistol fires. Here's the difference:

Watch the signal, not the noise. Pay attention to how enterprise security standards for AI agents develop. The NIST AI Risk Management Framework, the OWASP Top 10 for AI, and what major platforms like Apple and Microsoft require of agentic apps — these will define the safe floor.

Understand your workflows before you automate them. The biggest mistake businesses will make is throwing agents at broken or undocumented processes. Agents amplify what's already there. If your intake process is a mess, an agent will be a faster mess. The businesses that will benefit most from agent automation are the ones that already know what their workflows look like.

Start with lower-stakes automation now. Not all automation is agentic. Simple, well-bounded automations — missed call text-backs, appointment reminders, lead follow-up sequences, intake form routing — can deliver real value today without the security exposure of a full autonomous agent. Build the habit of automation, and you'll be positioned to layer in more capability when the tools are ready.

Don't let a vendor tell you the risk is solved. It isn't. Anyone selling you a "fully autonomous AI agent" for your business today without a serious conversation about permissions, monitoring, data handling, and cost controls is selling you a product, not a solution. These tools need to be customized. Ask hard questions.

The Bottom Line

AI agents will be a standard part of how small businesses operate. That's not speculation, the direction is clear and the benefits are real. Autonomous systems that handle intake, follow-up, scheduling, data management, and customer communication will free up significant time and reduce costly human error.

But the industry isn't there yet. Security standards are still maturing. Cost controls are still inconsistent. And the monitoring infrastructure most small businesses would need to run agents safely is still being built.

The smart move right now is to get your operations documented, get your foundational automations running, and watch the maturation of this space closely. When the tools are ready — and they're getting there faster than most people realize — you want to be the business that can move in weeks, not the one that's still trying to figure out what it even wants to automate.

The race to get ahead of this is coming. You don't have to run it today, but you should be warming up.

Sam Hardin
Next

Data Centers are Not the Future, but They are Still in Our Future