Can an AI agent be put on a Performance Improvement Plan?

At Build 2026, Microsoft gave every AI agent its own login, an email address, and a place on the org chart.

Illustration of a manager holding a performance review meeting with a glowing AI agent seated across the desk

At Build 2026, Microsoft gave every AI agent its own login, an email address, and a place on the org chart. And a system to govern them all, called Agent 365.

I posted about it, and the post went around the world several times - more than 60,000 views and 140-plus comments.

I’m sharing the numbers because that reaction was completely unexpected. When one announcement generates that kind of response from executives, architects, risk managers and engineers all at once, it sends a pretty strong signal.

Three patterns stood out in the comments.

1. Everyone jumped to management, not technology.

Almost nobody debated features.

People asked who manages an agent. Whether bots need managers. What a span of control means when it includes non-humans. Who carries the consequence when an agent gets it wrong.

There were jokes about the first agent to get a performance improvement plan, and about what happens when one becomes the CEO.

πŸ‘‰ The key takeaway is obvious: this is an organisational consideration disguised as a new technology product. Treat it like a tech rollout and you’ll get it wrong.

2. The honest admission: foundations aren’t ready.

The most repeated worry wasn’t the agents. It was everything underneath them.

Identity models that can’t tell an agent from a service account. Agents inheriting the full access of whoever spawned them, instead of the handful of permissions they actually need.

Governance capability that takes years to build, while platforms ship new features overnight.

πŸ‘‰ One of the comments summed it up: organisations were told they could fix their foundations later. It is later now.

3. The sceptics have seen this movie before.

A healthy contingent called it marketing. They pointed out RPA vendors promised the same thing in 2017, and read the licensing fine print out loud.

Fair enough - some of it is marketing. But scepticism about a vendor isn’t a strategy for the thing the vendor is responding to. Agents acting with real agency inside organisations is happening either way.

And the most interesting signal wasn’t a comment at all.

People kept tagging colleagues into the thread. β€œThis is what I said we’d need.” β€œFYI - from Build.” Dozens saved the post for later. A few went away and wrote their own posts in response.

Those aren’t casual reactions. Those are live internal conversations surfacing in public.

πŸ‘‰ The key takeaway: This is being argued inside organisations right now, and it needs clarity.

Talking is the easy part

One commenter asked an interesting question: where exactly is the kill switch?

It has an unglamorous answer. It’s not a feature you wait for a vendor to ship. It’s something you build - and that’s true of almost everything the thread was worried about.

The same week as the announcement, I hosted a private roundtable of senior enterprise leaders on exactly this question - when AI makes the decision, who’s accountable?

The room landed somewhere most of the commentary doesn’t.

AI isn’t just another tool, so ownership matters more than usual - but a single owner becomes dangerous the moment AI turns into a technology initiative. It’s a business one.

Strategy belongs at the corporate level, with guardrails and education as first-class concerns. IT builds the plumbing, and teaches the business to use it.

And then there’s the actual work.

I’m in the middle of it with some of my customers right now.

Before agents scale up, we’re working through: an identity and access model for agents and the people who build them. Separate environments so experiments can’t touch production. Guardrails on what agents can connect to.

An audit baseline so every action is visible - and yes, a kill switch, so any agent can be stopped. Build standards so the tenth agent inherits the discipline of the first.

None of it waits for the next announcement. That’s the point. The platforms will keep shipping - Agent 365, Scout, whatever comes next. Foundations built now absorb each wave as it arrives.

Organisations that wait do the same work later, retrofitted across live agents instead of built underneath them.

There’s no finish line on this. It’s a capability you keep building, not a project you close.

Two questions to consider.

Could your identity systems give an AI agent its own identity today - its own span of control?

And if an agent made a bad call tomorrow, would you know - and could you stop it?

Foundations before agents

The identity model, the guardrails, the audit baseline, the kill switch - built underneath the agents before they scale, not bolted on after. It's what I'm doing with customers right now.

If either of those two questions was hard to answer, that's your gap - and closing it is exactly what I do.

Start here: Enterprise Architecture, including the 90-minute gap analysis that shows where your foundations break.

Learn about our Enterprise Architecture