AI Agentic Systems

State of play.

• The Pentagon has committed to agentic AI at classified scale, formalizing agreements with eight vendors—Google, Microsoft, AWS, Nvidia, OpenAI, Reflection, SpaceX, and Oracle—for Impact Level 6 and 7 access, while simultaneously barring Anthropic as a "supply chain risk" over safety constraints .
• Legal ethics frameworks are shifting from reactive review to pre-deployment governance, with the "human-at-the-helm" model emerging as the professional standard—tiered by risk, with parameters set before agents act rather than results inspected after .
• Agentic commerce protocols are fracturing into competing standards, with OpenAI's ACP-based Instant Checkout shut down after limited merchant adoption and Google's UCP gaining major retail partners—a protocol war with direct implications for consumer contract formation, liability allocation, and antitrust exposure .
• Regulated industries are deploying agentic systems in production, not pilots: the FIS-Anthropic Financial Crimes AI Agent targets AML investigations at BMO and Amalgamated Bank, and the Public brokerage platform has launched autonomous portfolio-trading agents .
• For counsel advising enterprise technology clients, regulated financial institutions, law firms, or defense contractors, the practical baseline is that agentic AI has crossed from experimentation into production deployment across defense, financial services, healthcare, and legal operations simultaneously—and the liability, regulatory, and governance frameworks have not kept pace.

Where things stand.

• "Human-at-the-helm" governance is becoming the professional standard for agentic AI deployment. Legal ethics experts and regulatory frameworks—including the EU AI Act and NIST AI Risk Management Framework—are converging on tiered pre-deployment controls: full autonomy for low-stakes administrative tasks, strict human oversight for high-judgment work carrying malpractice or regulatory liability. Significant governance gaps persist around data access sprawl, permission accumulation, and training data provenance .
• Pentagon vendor selection for classified AI is an active contracting battleground. Eight companies hold Impact Level 6/7 access; Anthropic's exclusion on safety-constraint grounds establishes a precedent that ethical guardrails can be treated as a disqualifying supply-chain risk in defense procurement .
• Agentic commerce protocol fragmentation is creating a contested standard-setting environment. Google's UCP—built with Shopify, Etsy, Wayfair, Target, and Walmart—is operational with major retailers; OpenAI's ACP-based Instant Checkout shut down after fewer than 30 Shopify stores went live; Microsoft's Copilot Checkout has entered the field. Protocol interoperability is unresolved, and the winner will effectively control retail's digital shelf space .
• AML and financial crimes compliance is the first regulated-industry agentic deployment at scale. The FIS-Anthropic architecture—client data in FIS-controlled infrastructure, full auditability, human-in-the-loop review—is likely to become the template regulators evaluate for other agentic financial services deployments .
• Autonomous portfolio-trading agents are live at a retail brokerage. Public's launch of AI agents for automated portfolio management raises immediate questions about investment adviser registration, best-execution obligations, and fiduciary duty when the decision-maker is an agent rather than a human .
• Healthcare is transitioning agentic AI from pilots to routine clinical operations. McKinsey's 2025 survey found 50 percent of organizations have implemented generative AI; agentic systems are the identified next deployment layer, with liability exposure intensifying around claims processing, prior authorization, and clinical decision support .
• Enterprise software pricing models are under structural pressure from agentic displacement. The market rotation away from seat-based SaaS toward token-consumption and workflow-monetization models will reshape software licensing negotiations, loan covenant stress tests, and M&A valuations .
• Custom silicon architecture is being purpose-built for agentic workloads. Meta's multibillion-dollar AWS Graviton CPU deployment—tens of millions of cores for real-time reasoning and multi-step task orchestration—signals that agentic AI infrastructure is diverging from GPU-centric model-training architecture, with vendor lock-in and infrastructure consolidation implications .
• In-house legal operations are restructuring around agent capacity. The shift from headcount-scaled to token-scaled legal operations is compressing outside counsel referral volume for routine matters and changing the economics of legal services delivery .

Latest developments.

• Legal ethics experts and regulatory frameworks are converging on a "human-at-the-helm" governance model for agentic AI—tiered by risk, with pre-deployment parameter-setting replacing post-hoc output review; governance gaps around data access sprawl and permission accumulation identified as the leading unresolved implementation challenge .

Active questions and open splits.

• What governance standard satisfies professional responsibility for agentic legal tools. The "human-at-the-helm" framework establishes a conceptual model—tiered autonomy, pre-deployment controls—but bar associations have not translated it into specific supervisory rules. Whether a firm's tiering decisions constitute adequate supervision under Model Rule 5.3, and who bears malpractice exposure when a pre-authorized agent acts erroneously, has no settled answer .
• Agentic commerce contract formation and liability allocation. When an AI agent autonomously completes a purchase on a consumer's behalf—selecting product, price, and merchant—the doctrinal questions of offer, acceptance, authority, and liability for erroneous or unauthorized transactions have no settled answer. The UCP/ACP protocol war adds a layer: which protocol's terms govern, and who bears risk when they conflict .
• Defense procurement exclusion on safety-constraint grounds. The Pentagon's Anthropic bar establishes that ethical AI constraints can be treated as a supply-chain disqualifier—but the legal standard for such a designation, and whether it is challengeable through bid protest or APA review, is untested .
• Regulatory acceptance of agentic AML architecture. The FIS-Anthropic design choices—auditability, data residency, human-in-the-loop surfacing—are being built ahead of regulatory guidance. Whether FinCEN, OCC, and the Fed will treat this architecture as satisfying BSA/AML obligations, or will require additional controls, is unresolved .
• Investment adviser and fiduciary status of autonomous trading agents. Public's portfolio-trading agents execute investment decisions without per-trade human approval. Whether the agent, the platform, or neither constitutes an investment adviser under the Advisers Act—and how best-execution and suitability obligations attach—has no settled answer .
• Healthcare agent liability when clinical workflows go wrong. As agentic systems move into prior authorization, claims processing, and clinical decision support, the allocation of liability among the AI developer, the deploying health system, and the clinician who relies on agent output remains doctrinally open .
• Unauthorized practice and professional responsibility for agent-executed legal work. As in-house agents execute contract review, drafting, and compliance analysis at scale, the line between permissible legal technology and unauthorized practice—and the supervising attorney's professional responsibility exposure—has no clear regulatory answer .

What to watch.

• Bar association guidance translating the "human-at-the-helm" framework into specific supervisory rules—the first jurisdiction to publish concrete standards will set the template for professional responsibility compliance across law firms and in-house departments .
• Whether Google's UCP achieves de facto standard status in agentic commerce before ACP can be relaunched or interoperability is negotiated—a tipping point executives suggest is months away—and whether antitrust scrutiny of Google's Shopping Graph data advantage follows .
• FinCEN, OCC, and Federal Reserve guidance or examination findings on the FIS-Anthropic AML agent architecture—this will be the first regulatory signal on what agentic compliance infrastructure must look like in banking .
• Bid protest filings or APA challenges to the Pentagon's Anthropic supply-chain-risk designation; any such challenge would define the legal standard for safety-constraint-based exclusions in defense AI procurement .
• SEC staff guidance or enforcement action addressing autonomous retail trading agents and investment adviser registration obligations under the Advisers Act .
• Software credit agreement covenant stress: watch for material adverse change triggers or impairment disclosures from SaaS incumbents as agentic displacement compresses seat-based revenue .