AI Agentic Systems

State of play.

• The Pentagon has committed to agentic AI at classified scale, formalizing agreements with eight vendors—Google, Microsoft, AWS, Nvidia, OpenAI, Reflection, SpaceX, and Oracle—for Impact Level 6 and 7 access, while simultaneously barring Anthropic as a "supply chain risk" over safety constraints (→ Army Asks Missile Makers to Hack Their Own Weapons).
• Legal ethics frameworks are shifting from reactive review to pre-deployment governance, with the "human-at-the-helm" model emerging as the professional standard—tiered by risk, with parameters set before agents act rather than results inspected after (→ From Human-in-the-Loop to Human-at-the-Helm: Navigating the Ethics of Agentic AI).
• Agentic commerce protocols are fracturing into competing standards, with OpenAI's ACP-based Instant Checkout shut down after limited merchant adoption and Google's UCP gaining major retail partners—a protocol war with direct implications for consumer contract formation, liability allocation, and antitrust exposure (→ Google and OpenAI Compete in Agentic Commerce via UCP and ACP Protocols).
• Regulated industries are deploying agentic systems in production, not pilots: the FIS-Anthropic Financial Crimes AI Agent targets AML investigations at BMO and Amalgamated Bank, and the Public brokerage platform has launched autonomous portfolio-trading agents (→ FIS and Anthropic Launch AI Agent to Automate AML Investigations at Banks).
• For counsel advising enterprise technology clients, regulated financial institutions, law firms, or defense contractors, the practical baseline is that agentic AI has crossed from experimentation into production deployment across defense, financial services, healthcare, and legal operations simultaneously—and the liability, regulatory, and governance frameworks have not kept pace.

Where things stand.

• "Human-at-the-helm" governance is becoming the professional standard for agentic AI deployment. Legal ethics experts and regulatory frameworks—including the EU AI Act and NIST AI Risk Management Framework—are converging on tiered pre-deployment controls: full autonomy for low-stakes administrative tasks, strict human oversight for high-judgment work carrying malpractice or regulatory liability. Significant governance gaps persist around data access sprawl, permission accumulation, and training data provenance (→ From Human-in-the-Loop to Human-at-the-Helm: Navigating the Ethics of Agentic AI).
• Pentagon vendor selection for classified AI is an active contracting battleground. Eight companies hold Impact Level 6/7 access; Anthropic's exclusion on safety-constraint grounds establishes a precedent that ethical guardrails can be treated as a disqualifying supply-chain risk in defense procurement (→ Army Asks Missile Makers to Hack Their Own Weapons).
• Agentic commerce protocol fragmentation is creating a contested standard-setting environment. Google's UCP—built with Shopify, Etsy, Wayfair, Target, and Walmart—is operational with major retailers; OpenAI's ACP-based Instant Checkout shut down after fewer than 30 Shopify stores went live; Microsoft's Copilot Checkout has entered the field. Protocol interoperability is unresolved, and the winner will effectively control retail's digital shelf space (→ Google and OpenAI Compete in Agentic Commerce via UCP and ACP Protocols).
• AML and financial crimes compliance is the first regulated-industry agentic deployment at scale. The FIS-Anthropic architecture—client data in FIS-controlled infrastructure, full auditability, human-in-the-loop review—is likely to become the template regulators evaluate for other agentic financial services deployments (→ FIS and Anthropic Launch AI Agent to Automate AML Investigations at Banks).
• Autonomous portfolio-trading agents are live at a retail brokerage. Public's launch of AI agents for automated portfolio management raises immediate questions about investment adviser registration, best-execution obligations, and fiduciary duty when the decision-maker is an agent rather than a human .
• Healthcare is transitioning agentic AI from pilots to routine clinical operations. McKinsey's 2025 survey found 50 percent of organizations have implemented generative AI; agentic systems are the identified next deployment layer, with liability exposure intensifying around claims processing, prior authorization, and clinical decision support .
• Enterprise software pricing models are under structural pressure from agentic displacement. The market rotation away from seat-based SaaS toward token-consumption and workflow-monetization models will reshape software licensing negotiations, loan covenant stress tests, and M&A valuations (→ Wall Street Sell-Off Divides Software Stocks into AI Winners and Losers).
• Custom silicon architecture is being purpose-built for agentic workloads. Meta's multibillion-dollar AWS Graviton CPU deployment—tens of millions of cores for real-time reasoning and multi-step task orchestration—signals that agentic AI infrastructure is diverging from GPU-centric model-training architecture, with vendor lock-in and infrastructure consolidation implications (→ Meta Deploys Tens of Millions of AWS Graviton Chips in Multibillion-Dollar Deal).
• In-house legal operations are restructuring around agent capacity. The shift from headcount-scaled to token-scaled legal operations is compressing outside counsel referral volume for routine matters and changing the economics of legal services delivery (→ AI Agents Enable Legal Teams to Scale Without Hiring More Lawyers).

Latest developments.

• Legal ethics experts and regulatory frameworks are converging on a "human-at-the-helm" governance model for agentic AI—tiered by risk, with pre-deployment parameter-setting replacing post-hoc output review; governance gaps around data access sprawl and permission accumulation identified as the leading unresolved implementation challenge (→ From Human-in-the-Loop to Human-at-the-Helm: Navigating the Ethics of Agentic AI).

Active questions and open splits.

• What governance standard satisfies professional responsibility for agentic legal tools. The "human-at-the-helm" framework establishes a conceptual model—tiered autonomy, pre-deployment controls—but bar associations have not translated it into specific supervisory rules. Whether a firm's tiering decisions constitute adequate supervision under Model Rule 5.3, and who bears malpractice exposure when a pre-authorized agent acts erroneously, has no settled answer (→ From Human-in-the-Loop to Human-at-the-Helm: Navigating the Ethics of Agentic AI).
• Agentic commerce contract formation and liability allocation. When an AI agent autonomously completes a purchase on a consumer's behalf—selecting product, price, and merchant—the doctrinal questions of offer, acceptance, authority, and liability for erroneous or unauthorized transactions have no settled answer. The UCP/ACP protocol war adds a layer: which protocol's terms govern, and who bears risk when they conflict (→ Google and OpenAI Compete in Agentic Commerce via UCP and ACP Protocols).
• Defense procurement exclusion on safety-constraint grounds. The Pentagon's Anthropic bar establishes that ethical AI constraints can be treated as a supply-chain disqualifier—but the legal standard for such a designation, and whether it is challengeable through bid protest or APA review, is untested (→ Army Asks Missile Makers to Hack Their Own Weapons).
• Regulatory acceptance of agentic AML architecture. The FIS-Anthropic design choices—auditability, data residency, human-in-the-loop surfacing—are being built ahead of regulatory guidance. Whether FinCEN, OCC, and the Fed will treat this architecture as satisfying BSA/AML obligations, or will require additional controls, is unresolved (→ FIS and Anthropic Launch AI Agent to Automate AML Investigations at Banks).
• Investment adviser and fiduciary status of autonomous trading agents. Public's portfolio-trading agents execute investment decisions without per-trade human approval. Whether the agent, the platform, or neither constitutes an investment adviser under the Advisers Act—and how best-execution and suitability obligations attach—has no settled answer .
• Healthcare agent liability when clinical workflows go wrong. As agentic systems move into prior authorization, claims processing, and clinical decision support, the allocation of liability among the AI developer, the deploying health system, and the clinician who relies on agent output remains doctrinally open .
• Unauthorized practice and professional responsibility for agent-executed legal work. As in-house agents execute contract review, drafting, and compliance analysis at scale, the line between permissible legal technology and unauthorized practice—and the supervising attorney's professional responsibility exposure—has no clear regulatory answer (→ AI Agents Enable Legal Teams to Scale Without Hiring More Lawyers, From Human-in-the-Loop to Human-at-the-Helm: Navigating the Ethics of Agentic AI).

What to watch.

• Bar association guidance translating the "human-at-the-helm" framework into specific supervisory rules—the first jurisdiction to publish concrete standards will set the template for professional responsibility compliance across law firms and in-house departments (→ From Human-in-the-Loop to Human-at-the-Helm: Navigating the Ethics of Agentic AI).
• Whether Google's UCP achieves de facto standard status in agentic commerce before ACP can be relaunched or interoperability is negotiated—a tipping point executives suggest is months away—and whether antitrust scrutiny of Google's Shopping Graph data advantage follows (→ Google and OpenAI Compete in Agentic Commerce via UCP and ACP Protocols).
• FinCEN, OCC, and Federal Reserve guidance or examination findings on the FIS-Anthropic AML agent architecture—this will be the first regulatory signal on what agentic compliance infrastructure must look like in banking (→ FIS and Anthropic Launch AI Agent to Automate AML Investigations at Banks).
• Bid protest filings or APA challenges to the Pentagon's Anthropic supply-chain-risk designation; any such challenge would define the legal standard for safety-constraint-based exclusions in defense AI procurement (→ Army Asks Missile Makers to Hack Their Own Weapons).
• SEC staff guidance or enforcement action addressing autonomous retail trading agents and investment adviser registration obligations under the Advisers Act .
• Software credit agreement covenant stress: watch for material adverse change triggers or impairment disclosures from SaaS incumbents as agentic displacement compresses seat-based revenue (→ Wall Street Sell-Off Divides Software Stocks into AI Winners and Losers).