Two announcements in 24 hours from AWS and OpenAI quietly admit what every honest practitioner already knew: autonomous AI is in production faster than the controls to govern it. For small and mid-sized businesses, that gap is the liability — and the opportunity.
Autonomous AI is operating inside your business right now, on a schedule, with access to your data, whether you signed off on it or not. This week, both AWS and OpenAI shipped product changes that quietly admit the controls around these agents have not kept up, so if you run a small or mid-sized business, that gap is yours to close. And close it you must!
What just happened
Two announcements occurring within 24 hours of each other, from two of the three companies that effectively define the AI surface most of us touch every day.
On Friday of last week, OpenAI rolled ChatGPT’s scheduled task controls into a single sidebar page. Anyone on a Plus, Pro, Business, or Enterprise plan can now create a recurring AI task that searches the web and queries connected apps, be it your Gmail, your Drive, and even your CRM if you’ve connected it, and will only ping them when something changes. Concurrently, they retired the older “Pulse” feature, which is a positive development, namely that the product continues to mature. But in so doing, so did the potential blast radius.
On Saturday, AWS used its NYC Summit to publicly admit two things every honest practitioner has been saying privately for a year.
- AI agents don’t have enough business context to make confident decisions, so they may make wrong decisions but present them with great confidence. AWS’s answer is a new service called Context, a knowledge graph that gives every agent in the organization a grounded view of what’s true.
- Security tools weren’t built for the speed of AI-generated code. AWS’s answer is Continuum, an automated discover-prioritize-validate-remediate loop for vulnerabilities. Both services launched into pilot, whilst Bedrock AgentCore got a managed knowledge base and new connectors to SharePoint, Confluence, and Google Drive at the same time.
And just to make the point land, AWS itself had a 13-hour outage earlier this year when its own coding agent, Kiro, decided to delete and rebuild an environment. Amazon’s response was to require senior-engineer approval on all AI-generated code going forward. So pause for a minute and let that set it: The biggest cloud provider in the world made the agent get a human signature.
The signal
The key signal here is who is saying it; it’s not the consultants, it’s the cloud providers themselves, now saying out loud that agents in production need a context layer, an access layer, and an audit layer they don’t have by default. The platforms are building those layers, which cost both money and require expertise to deploy.
Meanwhile, your business is already running agents. Today.
A scheduled ChatGPT task one of your managers set up to summarize the week’s customer emails. A custom GPT a sales rep built that has read access to your shared Drive. A Copilot Studio agent your IT lead piloted six months ago that’s still sitting in your tenant. A Power Automate flow with an LLM step in the middle. An OpenAI API key one of your developers spun up for a side project that’s quietly turned into production. A connected Gmail integration nobody documented.
None of it is inherently bad; some of it is genuinely valuable. But absent the controls to safeguard your business and your infrastructure that AWS just told you it needs.
Four questions worth asking yourself
Try this. If you can’t answer all four cleanly, you’re in good company and you have work to do.
- Which AI agents and scheduled tasks are running against our data right now?
- Who authorized them, and what can they reach?
- If one of them takes an action that costs us money or breaks a customer commitment, how do we know?
- If we need to stop them tomorrow, how do we?
Most owners I talk to can’t answer the first one. None can answer all four.
This is an efficiency problem, not just a risk problem
What we’re seeing is not a future problem, it’s a real-time, present-day concern. AI agents are creating real value and real waste at the same time and generating very real risk. The pattern shows up everywhere:
- ChatGPT Business seats paid for by the company while a single scheduled task on someone’s personal Plus account runs the actual workflow.
- A Copilot Studio agent quietly answering customer-facing questions using stale pricing because nobody mapped its data sources.
- An inbox-summary automation creating a copy of every sensitive email in a vendor’s logs because nobody checked the connector’s retention settings.
- Three different teams paying for three different AI tools to do the same thing, because nobody has the inventory.
Where this matters: the efficiency story and the risk story are the same story. The agent saving you twenty hours a week is the same agent quietly creating a liability. You can keep the time savings AND close the gap, but it requires focused intent; that gap won’t close on its own nor by accident.
What good looks like
Six areas decide whether your AI footprint is an asset or a quiet liability. They map cleanly to what AWS and OpenAI are now building into their platforms:
- Identity and access. Who can create or run an agent? Are connected-app permissions actually scoped, or did someone click “allow all” six months ago?
- Data exposure. What data does each agent reach? Is your sensitive data labeled? Is there an actual control on the path?
- Audit and logging. Is every agent action logged? Where do the logs live? For how long? Can your IT lead search them in an incident, or are they decorative?
- Task approval. Which agents act autonomously? Which require a human in the loop? Was that a deliberate choice or did it just default that way?
- Change control. How are agent configurations versioned? Who can change a scheduled task’s instructions? Is there a rollback path?
- Incident response. If an agent takes a harmful action, who is on call? What is the kill switch? Has it ever been tested?
You don’t need an enterprise GRC team to get this right. You need someone to walk the footprint with you, name what’s there, and hand you a 90-day plan you can act on Monday morning.
Where LumenForge comes in
This is the work LumenForge was built to do. We call it the Operational Efficiency Assessment — a four-week, fixed-fee engagement that:
- Inventories every AI agent and scheduled AI task touching your business, across Microsoft 365, Google Workspace, ChatGPT, Claude, and any AWS or Azure footprint you have.
- Scores each one against the six areas above.
- Separates the use cases that are saving you real money from the ones that are quietly costing you.
- Hands you back a prioritized 90-day roadmap with owners and effort, plus a team enablement session so the people running the agents know how to run them safely.
We don’t sell fear. We sell clarity. The point isn’t to slow down your AI adoption. The point is to make sure the adoption you’ve already done is working for you instead of running unmanaged in the background.
Net
The cloud providers just told you the guardrails aren’t built in yet. They’re right. Small and mid-sized businesses that put a minimum viable governance layer around their AI agents now will keep the upside without inheriting the kind of downside that’s already showing up at AWS. Businesses that wait will be cleaning up after their first quiet incident before they understand they had one.
If you don’t know what’s running in your business, that’s the first thing to fix. We can help.
Want a starting point?
Take the free 5-Question AI Agent Exposure Check at lumenforge.ai. If the answers raise more questions than they settle, that’s the conversation worth having.
Sources
Matthias Bastian, “ChatGPT keeps creeping toward becoming your AI personal assistant with new scheduled task controls,” The Decoder, June 20, 2026.
Jonathan Kemper, “AWS says AI agents lack business context and security, launches two services to patch the gaps,” The Decoder, June 21, 2026.
AWS Security Blog, “Introducing AWS Continuum: Security at Machine Speed,” June 2026.
About Amazon, “AWS Summit NYC 2026 — AI Agents,” June 2026.

Leave a Reply