Google Cloud Next ’26 was not just another cloud conference with bigger chips, smarter models and familiar parade of customer logos. It signalled that the cloud conversation has moved into a more demanding phase. The question is no longer, “Where should we run the workload?” It is, “Who, or what, is allowed to act on behalf of the business?”
That is why Google’s “Agentic Enterprise” framing matters. The company announced Gemini Enterprise Agent Platform, new Gemini Enterprise app capabilities, eighth-generation TPUs, an Agentic Data Cloud, and an Agentic Defense proposition built around Google threat intelligence and Wiz. Together, these announcements point to a larger architectural shift: cloud platforms are becoming control planes for autonomous work.
I have seen this movie before. Virtualisation, cloud migration, DevOps and platform engineering all started as technology choices and became operating model problems. AI agents are following the same path, only faster and with more risk attached.
The headline is agents, but the issue is control
Google describes Gemini Enterprise Agent Platform as a way to build, scale, govern and optimise agents. It brings together Vertex AI capabilities with features such as Agent Studio, Agent-to-Agent Orchestration, Agent Registry, Agent Identity, Agent Gateway and Agent Observability. That list is telling. The centre of gravity is not the model alone. It is the management layer around the model.
Frankly, that is where enterprise AI programmes have been weak. They have treated agents as assistants rather than digital workers touching real systems. A sales agent that drafts an email is useful. A procurement agent that checks supplier risk, compares contract terms, raises a purchase request and routes an exception is part of the operating fabric. The second one needs identity, policy, audit and escalation.
I once advised a regional financial services client that had built more than a dozen automation bots across risk, operations and customer service. Each team insisted its bot was small and harmless. When we mapped the flows, those bots had access to customer records, payment exceptions and internal approval queues. The problem was not automation; nobody owned the system of work end to end. AI agents make that governance gap more expensive.
Agent registry is the new application inventory
One of the more important Next ’26 announcements is easy to underestimate: Agent Registry. Google positions it as a single point of control that indexes internal agents and tools so they can be discovered and governed. In practice, it could become as important as the CMDB was supposed to be, and far more dynamic.
Enterprises already struggle to maintain an accurate application inventory. Now add agents created by developers, business analysts, vendors and no-code users. Some will call APIs, read documents, trigger workflows or wake up on a schedule. Without a registry, the enterprise ends up with shadow AI: useful enough to spread, invisible enough to become dangerous.
The hard truth is that the future cloud architecture diagram needs a new layer between applications and users. That layer must answer four questions: which agents exist, who owns them, what they can access, which actions need approval, and which logs prove what happened when something goes wrong. If a CIO cannot answer those questions, they do not have an agentic enterprise. They have a digital bazaar.
Agent identity is the security control boards will understand
Google’s Agent Identity announcement is strategically important because it gives enterprises a language for non-human accountability. The company says each agent can receive a cryptographic ID, with authorisation policies that are traceable and auditable. That matters because the old security model assumes a human user sits behind an action. In agentic workflows, that assumption breaks.
Consider a finance agent that prepares a quarterly forecast. It may read spreadsheets, query a data warehouse, summarise assumptions, draft commentary and notify regional controllers. If it makes a recommendation that influences working capital, “the AI did it” is not an acceptable audit answer. The business needs to know which agent acted, under which policy, using which data, and whether a human approved the final decision.
This is where identity and access management has to grow up. Service accounts, API keys and bots have been treated as plumbing for years. Agents turn that plumbing into board-level exposure because they combine access with reasoning and action. The right mental model is not a chatbot account. It is a junior employee with system privileges, inconsistent judgement and perfect speed.
For Singapore and APAC organisations in regulated sectors, agent identity creates the audit spine they will need before moving from pilot to production.
Data is now a decision layer
Google also announced Agentic Data Cloud capabilities, including Knowledge Catalog, Data Agent Kit and a cross-cloud, AI-native lakehouse. Strip away the branding and the message is simple: agents are only as good as the business context they can safely understand.
For years, enterprise data programmes have been sold as a way to create better dashboards. Agentic AI changes the economics. Data quality is no longer just an analytics issue; it becomes an operational risk issue. If an agent is allowed to recommend an inventory transfer, flag a suspicious claim or prioritise a customer escalation, bad metadata becomes bad action.
The Knowledge Catalog idea recognises that agents need semantics, not just storage. They need to understand that “net revenue”, “recognised revenue” and “billable revenue” may mean different things in different parts of the company. They need context about ownership, freshness, sensitivity and business rules.
I once worked with a manufacturing client where two regions used the same product code differently after a merger. Human planners knew the quirk; the reporting system did not. A conventional dashboard produced confusion. An autonomous agent acting on that same ambiguity could have created procurement mistakes, delivery delays and margin leakage. In the agentic era, data governance is not a back-office discipline. It is production control.
Infrastructure still matters, but for a different reason
Cloud providers love accelerators, and Google had plenty to say. At Next ’26, it announced eighth-generation TPUs: TPU 8t for training and TPU 8i for inference. Google said TPU 8i delivers 80% better performance per dollar for inference than the prior generation, alongside Managed Lustre throughput of 10 TB per second and networking for very large AI systems.
Those details matter, but not because every enterprise will train frontier models. Most will not. They matter because agentic systems are inference-hungry. A business process made of multiple agents can call models repeatedly, consult tools, retrieve context, check policy and generate outputs across several steps. That turns AI from a project cost into a transaction cost.
The P&L implication is blunt. If agents become embedded in service, operations, finance and engineering, AI consumption becomes part of the unit economics of work. CIOs and CFOs will need FinOps for agents, not just FinOps for compute.
This is where performance per dollar, inference efficiency and workload placement become strategic. The cheapest proof of concept often becomes the most expensive production pattern. Platform teams must design for cost visibility before business teams scale usage across thousands of workflows.
Agentic defence is not optional decoration
Google’s Agentic Defense message combines Google Threat Intelligence and Security Operations with Wiz’s cloud and AI security platform, including agents for threat detection, detection engineering and remediation.
That pairing is a reminder that agentic cloud architecture is not only about productivity. It expands the attack surface. Agents can be manipulated through prompts, poisoned tools, excessive permissions, weak connectors and poor data boundaries. They can also make mistakes at machine speed.
The useful security metaphor is air traffic control. Google uses similar language for Agent Gateway, which is designed to understand agentic protocols such as MCP and A2A and enforce policy in real time. In an agentic estate, security cannot be a quarterly review of model cards. It has to sit in the flow of execution.
A CISO should ask a practical question: “Can I stop an agent mid-flight?” If the answer is no, the organisation is not ready for high-impact use cases. Kill switches, policy gates, audit trails and exception queues sound boring until an agent touches regulated data, customer communication or production infrastructure.
The customer examples show where value is moving
Google cited a long list of customers using Gemini Enterprise and related capabilities. Several examples are worth noting because they show the spread of use cases. Macquarie Bank is described as reclaiming more than 100,000 hours of team members’ time. KPMG reportedly achieved 90% Gemini Enterprise adoption among employees and created more than a hundred agents in the first month. Virgin Voyages is using more than 1,000 specialised AI agents, including more than 50 aimed at reducing campaign creation times by 40%. FairPrice Group is applying Gemini-powered agents to smart carts and store operations.
These are not all the same story. Banking productivity, professional services knowledge work, cruise marketing and Singapore retail operations have different risk profiles. That is exactly the point. The agentic enterprise will not arrive as one giant transformation programme. It will arrive through hundreds of workflow-level decisions. The operating model must classify use cases by consequence, not by excitement.
What CIOs should do
The wrong response to Google Cloud Next ’26 is to ask, “Should we buy this platform?” The better question is, “What capabilities must we have before agents become normal work?” Operating discipline comes first.
A practical roadmap starts with an agent inventory covering vendor agents, internal prototypes, no-code workflows and AI features embedded inside SaaS tools. Then define decision rights: some agents summarise, some recommend, some execute within limits, and only a few act autonomously inside tested boundaries.
Make identity non-negotiable. Every agent needs an owner, purpose, scope, expiry rule and audit trail. Treat data context as a production dependency, because weak lineage flows straight into agent behaviour. Finally, build observability into the workflow. Logs that show only the final answer are not enough; leaders need tool calls, handoffs, policy checks, human interventions and failure modes.
Bottom line
Google Cloud Next ’26 made one thing clear: the cloud is becoming less like infrastructure warehousing and more like an operating system for business action. Gemini Enterprise Agent Platform, Agent Registry, Agent Identity, Agentic Data Cloud and Agentic Defense are all pieces of that shift.
But technology will not rescue a weak operating model. Enterprises that simply bolt agents onto messy processes will automate confusion. Enterprises that redesign work around ownership, policy, data context, cost visibility and human accountability will get something more valuable: faster decisions without surrendering control.
The agentic enterprise is not a product category. It is a test. The winners will not have the most agents. They will be the ones that know exactly which agents they trust, what those agents are allowed to do, and who answers when the work leaves the runway.