Position Paper 01

AI Agents Are Users, Not Features

The next era of enterprise software won't be defined by better AI. It will be defined by a second kind of user.

Rolf Bäck · Founder & Chief Architect, Copyl 20 minute read Gepubliceerd augustus 2026 v0.1
PDF downloaden
Why this paper exists

Enterprise AI is being discussed at the wrong altitude.

The conversation is dominated by models, copilots and benchmarks. This paper argues that the harder — and more durable — problem is architectural: what an AI agent is inside an enterprise system, and how it is identified, deployed and governed.

Written for enterprise architects, CTOs and technology leaders designing systems that must still make sense five years from now. Not a product brochure — a point of view.

The argument in one breath

Enterprise software just gained a second kind of user — and almost every platform is modelling it in the wrong place.

For forty years, enterprise systems assumed a single actor: a human at a screen. AI agents break that assumption. They observe, decide and act on their own. Yet today’s platforms bolt them in as features — buttons inside applications — when they behave like users of those applications.

This paper makes one claim: an enterprise agent is the first entity that is both a user and a program, and it must be given an identity, a deployment lifecycle and governance to match.

Every enterprise platform has added AI.

Almost all added it in the same place.

Inside the application.

As a feature.

That decision will look as dated as making the Internet a menu option. The mistake isn’t the AI. The mistake is the object model.

Human — a real user Application AI feature bolted inside menus · forms · buttons no identity no lifecycle no audit
A feature can't log in, be assigned work, be governed, or be rolled back. We put a new kind of user where menu items go.

You don’t configure an agent. You ship it.

The moment you say that out loud, enterprise AI stops being a model conversation and becomes a software-engineering one: draft, staging, production, rollback, versioning. Ground every architect has already stood on for twenty years.

The thesis

One entity. Two natures.

An enterprise agent is the first thing that is both a user and a program. It logs in like a person. It ships like software. Every hard question about it comes from treating it as both at once.

USERS identity permissions accountability PROGRAMS written versioned deployed ENTERPRISE AGENT logs in · ships
Identity systems own the left circle. Automation systems flirt with the right. Neither holds the intersection.
Demand one

It needs an identity.

Not an API key in a config file. A first-class principal on the same identity plane as your people: its own credentials, its own assigned work, its own place in your permission model.

Identity & access plane — one model for every principal Human credentials · work · permissions accountable AI Agent credentials · work · permissions accountable
If it can act in your systems, it must be someone your systems recognise.
Demand two — the page most platforms can’t write

It needs a deployment lifecycle.

You draft it, stage it, promote it to production, and roll it back when it misbehaves — because it is software, and software is deployed, not toggled.

Draft v-next Staging evaluate Production active version rollback Versioned v1 · v2 · v3
Identity is becoming crowded. This is not. It's the moat hiding in plain sight.
Demand three

It needs governance.

The same controls you already trust for people and systems — permissions, scoped capabilities, human approval, a complete record — applied to a principal that never sleeps.

Identity who it is Permissions RBAC · roles Capabilities tool allowlist narrow-only Approval human in the loop Audit every act
Governed like a member of the org. Logged like a system. Deployed like code.
The tell

Notice what every real question turns out to be.

Ask what it means to add an AI user to your enterprise. Not one question is about AI. They are all enterprise-software questions.

01 What is an AI user?
02 How is it authenticated?
03 Who assigned it work?
04 How is it governed?
05 How is it deployed?
06 Who audits what it did?
07 Who updates it?
08 Who rolls it back?

The future of enterprise AI is not a model problem. It's an architecture problem we already know how to reason about.

What it looks like in motion

Watch one event move through the architecture.

A supplier invoice falls overdue. No one opens a screen. An identified agent — not a feature — wakes on the event, checks what it is permitted to do, drafts the action with a scoped tool, pauses for a human to approve, executes, and writes the whole sequence to an audit trail.

Event invoice overdue Identified agent wakes & authenticates Policy may it act? Scoped tool drafts action Approval human signs off Audit trail every step recorded
Identity systems see step 2. Automation sees step 4. Only an architecture that treats the agent as user and program at once can see — and govern — the whole line.

AI agents shouldn’t be features inside enterprise software. They should be users of it.

When that sentence turns up in an architecture review that has never heard of the company that wrote it, the argument has done its job.

This is not a proposal

This architecture already exists.

Copyl was built this way. An agent is an authenticated principal with its own credentials, assigned work like a colleague, governed by the same permission model as your people — and versioned, staged, promoted to production, and rolled back like software.

Shipping today

Enforced in the platform, not the pitch.

  • Agents as authenticated identity principals
  • Human permission model (RBAC) over every agent
  • Scoped, narrow-only tool capabilities
  • Human approval gates: pause, resume, cancel
  • Draft → staging → production, with rollback
  • Event subscriptions that wake agents to act
  • Execution, decision & activity logging

The roadmap

The same model, deepened — not a new one.

  • Richer authority: mandates & limits on what an agent may do
  • Richer delegation between agents
  • Richer governance & measurable accountability
  • Tamper-evident, append-only audit trails
  • Hardened behavioural boundaries

Today an agent is a governed user. The roadmap doesn’t change that model — it deepens it.

Gerelateerde lectuur

Over de auteur

Rolf Bäck

Rolf Bäck

Founder & Chief Architect, Copyl

Rolf has spent more than 30 years building enterprise software platforms. Since 2011 he has led the development of Copyl, an enterprise platform for business applications, automation and AI. His current work focuses on how AI agents become governed participants in enterprise systems rather than isolated assistants.

  • Founder of Copyl
  • Enterprise software architect
  • Working on enterprise AI architecture since 2022
  • Based in Sweden

Over Copyl

Copyl is an Enterprise AI Operating System that enables organizations to deploy, govern and orchestrate AI agents alongside business applications, APIs and automations on a single platform.

copyl.com