AI
Agentic Strategy
Responsible AI
I’m writing this because yesterday I tried to use an AI agent to deal with something basic on my local council website.
I live in North London. Like most places, the council has a website. I thought: I have an agent, why not automate a few tasks?
I wanted simple things.
- When are my bins collected?
- What are the latest local updates?
- Can I get alerts without checking the site every week?
I set the agent up, got it running, and sent it off to do the job.
It hit a wall almost immediately.
The council’s systems detected the agent, saw it was running on a virtual private server, and flagged it as spam.
Then I realised the bigger issue.
My council has no API (Application Programming Interface). So it’s invisible to every single agent in the world.
Not only invisible. It’s actively blocking them.
Here’s the thing. If I want the information, I have to do it myself, with my browser and my own eyes.
Yes, I could run an agent inside my own browser and hand over my login details. But that feels risky, and I’m not comfortable with it.
That led to a bigger question.
If the next wave of development is agents talking to services, and you don’t have an API layer, you’re invisible.
You can’t be seen.
You’re not at the table.
You’re not even in the room.
So what happens when your clients and suppliers start working through agents as normal?
If your services are invisible to agents, clients won’t find you.
They won’t go to your website, because your website is built for humans.
So where is your data?
Is your API available and accessible?
My suspicion is that most organisations do not have an API strategy for agent access. And they probably do not have a plan to make one public by 2026.
Some might be thinking about it.
I doubt many are taking action.
You don’t want to wait until clients stop working with you because you’re invisible to their agents.
My advice is simple.
- Start now
- Look at your data
- Decide what needs to be available, not as a website, but as accessible data
- Consider which APIs you might need
- Work out how you will enable agents to communicate with you
- Even making your website more agent-friendly is a start
Don’t wait until the orders dry up.
By then, it’s too late.
Good luck, everyone.
Agentic (AI created research and content)
Agentic workflows are shifting how work gets discovered, evaluated, and executed, and APIs are becoming the “front door” for that future.
Two things can be true at once:
- Agents can reduce friction for customers and teams.
- Agents can also increase your risk surface if you expose the wrong things, in the wrong way.
So the leadership question is not “Do we build an API?”
It’s:
- What should be visible to agents?
- Under what rules?
- With what controls?
- And who is accountable when something goes wrong?
What’s Changing In 2026 (And Why Leaders Should Care)
There’s a growing expectation that agents will move from assistant behaviour to execution behaviour.
One LinkedIn post frames it like this:
“If 2025 was about the emergence of AI agents, 2026 will be the year they truly transform the business landscape. We are moving beyond passive "copilots" to active, autonomous Multi-Agent Systems that don’t just assist—they execute.”
Another highlights the competitive angle:
“In 2026, we’re heading into an era where AI agents transact with each other, invisibly. Agent-to-agent (A2A) transactions are not a future problem. They are the new competitive layer.”
This matters because “visibility” stops being a branding issue and becomes an operational one.
If a customer’s agent can:
- discover suppliers
- check availability
- request a quote
- place an order
- reconcile an invoice
Then the supplier that supports that flow wins more often, even if their website is worse.
That is not hype. It is basic convenience economics.
APIs As A Leadership Topic, Not A Developer Topic
The strongest argument for APIs is not “we need modern architecture”.
It’s:
- We need low-friction automation for customers, partners, and our own teams.
- We need evidence-based decision making from consistent, structured data access.
- We need to be reachable by the tools people actually use, including agents.
InformationWeek makes the link between API accessibility and agentic automation explicit.
Use it as a conversation starter with your CIO (Chief Information Officer) and COO (Chief Operating Officer).
The Hard Truth: “No API” Often Means “No Strategy”
When I see organisations with no meaningful API layer, it often correlates with:
- unclear data ownership
- inconsistent definitions (the same metric means different things in different teams)
- manual workarounds everywhere
- fragile integrations held together by goodwill
- security that relies on obscurity
Agents do not fix that.
Agents amplify it.
If your internal world is messy, agentic workflows make the mess run faster.
This stuff is genuinely hard, especially in older organisations with legacy systems, outsourced platforms, or multiple CRMs (Customer Relationship Management systems).
But it is solvable if you treat it as an operating model change, not a “tech project”.
A Pragmatic Roadmap: Become Agent-Visible Without Creating Chaos
You do not need to expose everything.
Start with a narrow slice that creates value and builds confidence.
1) Pick One High-Value “Agentic Workflow”
Choose a workflow that is frequent, measurable, and currently painful.
Examples:
- “Check order status”
- “Request a quote”
- “Book a service slot”
- “Download invoices”
- “Update account details”
Make the outcome clear.
- What does “done” look like?
- What is the current cycle time?
- Where do humans get stuck?
2) Define Your “Minimum Useful API”
Leadership-level rule: expose the smallest surface that still delivers value.
Aim for:
- read-only access first where possible
- clear authentication (who is calling and why)
- rate limits (so you do not get hammered)
- logging and monitoring from day one
This is where you streamline risk.
You are not “opening the gates”.
You are building a controlled doorway.
3) Build Governance Before Scale
If you want agent access, you need governance that can keep up.
At minimum, agree:
- who owns each endpoint and dataset
- what data is confidential
- what data is public
- what gets audited
- what gets blocked
- what gets escalated
If you do not do this early, you end up with shadow APIs and quiet exceptions.
That is how incidents happen.
4) Design For Humans And Agents
Your website still matters.
But agentic workflows need:
- structured data
- stable identifiers
- predictable behaviour
- clear error messages
A human can “figure it out”.
An agent needs rules it can rely on.
5) Run A 30-Day Pilot With Real Users
Make it real quickly.
- pick one workflow
- ship a small API
- test with a partner, customer, or internal team
- measure outcomes weekly
If you already use tools like HubSpot, Airtable, or Xero, you can often prototype the workflow before you touch core systems.
The goal is learning, not perfection.
Counterpoints Worth Taking Seriously
There is a valid concern that APIs increase exposure.
One LinkedIn article puts it bluntly:
“In the agentic era, your API is not a product — it’s a risk surface. Picture a world where systems no longer “call” each other — they understand each other. Where customer data flows contextually between functions, without explicit integration calls. Where AI agents don’t need to query APIs; they interpret intent.”
https://www.linkedin.com/pulse/api-less-enterprise-why-your-product-architecture-needs-hide-fh5mc
I agree with the warning, even if we debate the end-state.
The practical takeaway for leaders is:
- Treat API design as part of your security posture.
- Treat agent access as a governance topic.
- Treat data exposure as a board-level risk discussion, not a sprint backlog item.
What I’d Do Next If I Were In Your Seat
If you lead a function, a product, or a whole organisation, here are next steps you can take this month:
- Ask for an inventory of your current APIs, including who uses them and why
- Identify one workflow that would benefit from agentic automation
- Decide what data you are comfortable exposing, and what is off-limits
- Set success measures (time saved, fewer tickets, faster conversion, fewer errors)
- Create a lightweight policy for authentication, logging, and rate limiting
- Pilot, learn, iterate
If you do nothing, you are betting that your customers will keep doing manual work forever.
That is not a great bet.
Links
- https://www.informationweek.com/strategic-cio/digital-business/api-accessibility-the-key-to-unlocking-agentic-automation (trust_rating: high)
Quotes
- “If 2025 was about the emergence of AI agents, 2026 will be the year they truly transform the business landscape. We are moving beyond passive "copilots" to active, autonomous Multi-Agent Systems that don’t just assist—they execute.”
- “In 2026, we’re heading into an era where AI agents transact with each other, invisibly. Agent-to-agent (A2A) transactions are not a future problem. They are the new competitive layer.”
- “In the agentic era, your API is not a product — it’s a risk surface. Picture a world where systems no longer “call” each other — they understand each other. Where customer data flows contextually between functions, without explicit integration calls. Where AI agents don’t need to query APIs; they interpret intent.”
https://www.linkedin.com/pulse/api-less-enterprise-why-your-product-architecture-needs-hide-fh5mc
