On June 9, Microsoft and KPMG announced that KPMG is rolling out something called Agent 365 to 276,000 people. Not as a productivity app. As a governance system, the same category of tool a company uses to track who has access to what, who did what, and who's accountable when something goes wrong. Except the "who" here isn't a person. It's an AI agent.
That detail stopped me mid-scroll. We've spent the last year talking about what AI agents can do. This is the first time I've seen a Fortune-scale rollout built entirely around the question of what happens when an agent does something wrong, and who's on the hook. I run an AI-first agency in Kashmir, and I've written before about why agents fail in production and what clients actually mean when they ask for one. This is the next chapter, and it changes how I think about scoping every agent project we take on.
Agents are getting employee IDs
Agent 365 gives every AI agent in a company a registry entry, an identity, and an audit trail. It logs what the agent decided, what data it touched, and the reasoning chain behind each action, written into an immutable record the same way you'd log a financial transaction. IT teams get a list of every agent running in the business, approved or not, with an owner attached to each one.
Read that list again: identity, ownership, audit trail, immutable record. That's not a feature set for a chatbot. That's the onboarding paperwork you give a new employee. Microsoft is explicitly treating agents as a new category of digital worker, one that needs a badge, a manager, and a performance file, because regulators and auditors are going to ask for one eventually whether the company is ready or not.
Why a 276,000-person company needs this and a small business doesn't, yet
KPMG isn't doing this because their agents are unusually unreliable. They're doing it because at that scale, "we're not sure which agent touched this client's data" is not an answer regulators or clients will accept. When you have hundreds of thousands of employees and an unknown number of agents running quietly inside workflows, the absence of an audit trail becomes the risk, not the agent itself.
Most of the businesses I work with in Kashmir are nowhere near that scale. A shop owner running a WhatsApp triage bot doesn't need an agent registry. But the gap between "doesn't need this yet" and "will never need this" is closing faster than I expected. The moment a small business agent touches payments, medical information, or anything a customer could later dispute, "who approved this and what did it actually do" stops being a nice-to-have question and becomes the first thing asked after a complaint.
Get new posts by email, daily-ish writing on ISP economics, AI in production, and building in Kashmir.
What this actually means for how we build
We're not installing Agent 365 for a five-person client team. But the underlying idea, that every agent should have an owner and a paper trail, scales down fine without the enterprise software. We've started doing three small things on every project, even tiny ones:
First, every agent gets a name and a person responsible for it, written down somewhere the client can find it later. Not "the AI," not "the bot," a specific named workflow with a specific human owner. Second, every agent decision that touches money, a customer record, or a commitment gets logged in plain language, not just a database row but a sentence a non-technical person could read six months later and understand. Third, we tell the client up front which decisions the agent makes alone and which ones a human signs off on, and we put that list in the project document, not just in a Slack message.
None of that is expensive. It's the same discipline Agent 365 is selling at enterprise scale, just done with a spreadsheet and some plain habits instead of a Microsoft product. The cost of skipping it isn't obvious on day one. It shows up the day something goes wrong and nobody can say with confidence what the agent actually did.
The hype cycle is finally meeting the compliance cycle
Every wave of enterprise software follows the same arc: a capability gets adopted fast, then the unglamorous layer of identity, logging, and accountability shows up a year or two later once the first real incident happens. We saw it with cloud computing, then with SaaS data access, and now it's happening to AI agents in real time, compressed into about eighteen months instead of a decade.
KPMG putting Agent 365 in front of 276,000 people isn't a story about a cool new feature. It's a signal that the industry has quietly accepted that agents will make mistakes, sometimes expensive ones, and the only real defense is knowing exactly which agent did what and being able to prove it. That's a far more honest starting point than last year's pitch decks, which mostly assumed the agent would just work.
What I tell clients now
When someone asks me to build them an agent now, I add one more question to the list I've used since writing about the compounding failure math: if this agent makes a bad call next month, can you point to exactly what it decided and who's responsible for fixing it? If the honest answer is no, we build the logging and ownership in before we build anything fancier. It's not exciting work, and it won't show up in a demo. But it's the part that's quietly becoming the actual job, and the businesses that skip it are the ones that will be improvising answers when a client or regulator finally asks.
If you're shipping AI agents in a real business and want to compare notes on what a small-scale version of this governance layer should look like, I'd genuinely like to hear from you: me@mehranshahmiri.com
