AI Runs on Execution. Execution Runs on Authority.

In a recent Fortune commentary, SAP CEO Christian Klein made an argument that should reframe how every enterprise thinks about its AI investments. The race, he wrote, has become a contest over interfaces: smarter copilots, more capable agents, new orchestration layers. The progress is real. But it is aimed at the wrong target. Enterprises do not run on prompts; they run on execution.

That distinction matters. Klein's point is that intelligence disconnected from operational context, meaning the processes, the data, and the rules and policies that govern an organization, produces activity without progress. A generated recommendation can sound convincing while missing a dependency three systems away. An agent can automate one workflow cleanly while quietly breaking the planning assumptions of another. The problem is not a shortage of AI outputs. It is a shortage of systems that understand the operational consequences of those outputs.

We agree. And there is one dimension of operational context that sits at the center of his argument and rarely gets named directly: authority.

The operational context AI keeps missing is authority

Klein describes the systems that will matter most in the AI era as the ones that understand permissions, policies, dependencies, financial consequences, and organizational accountability. Read that list again. Four of those five are, at root, authority questions. Who is permitted to make this decision. Under what policy. Within what financial limit. Who is accountable for the outcome.

Most enterprises cannot answer those questions in a form a system can act on. The rules exist, but they live in a delegation of authority (DOA) matrix in a spreadsheet, a policy PDF, and an approval chain that only a few people fully understand. EY and the Society for Corporate Governance found in their 2025 study, The Delegation Edge, that 29% of organizations rate their DOA as less than effective (222 respondents). That gap was tolerable when every consequential action passed through a person who knew the unwritten rules. It stops being tolerable the moment software starts executing.

Agentic work turns a quiet gap into an urgent one

Your teams are starting to use AI agents for real work, not chat but action: drafting a supplier contract, triggering an approval, issuing a purchase order, modifying a master data record. The moment that happens, a question with no clear owner moves to the center of the business: who authorized this agent to do that?

It is not whether the agent can reach the system, which is an identity and access management question. It is not whether the agent is authenticated, which the platform handles. It is a business-level question: what is this agent allowed to decide, at what limits, on whose behalf, with what escalation path when the answer is uncertain, and who is accountable when it acts.

The failure modes are already visible in the organizations furthest along. The OWASP Top 10 for Large Language Model Applications 2025 moved "Excessive Agency" up to the sixth spot on its list, from eighth in 2023: agents granted broad authority who take actions the enterprise cannot consistently justify or constrain. SailPoint's 2025 research found that 80% of organizations report unintended actions by AI agents. Deloitte's State of AI in the Enterprise 2026 found that only 21% have a mature governance model for autonomous agents. Adoption is outrunning governance, and authority is where the two collide. We examined this category shift in depth in managing decision authority in the age of agentic AI.

Rules are not enough. You need enforcement and evidence.

Klein is right that trustworthy AI depends on context, process integrity, and governance. But a rule that cannot be enforced at the point of action is documentation, not control. And a control you cannot prove after the fact does little for an auditor.

This is where authority breaks down on two fronts. A spreadsheet cannot be queried by an agent in real time, and it cannot stop an action that exceeds a limit, so there is no enforcement at the moment of execution. And when an auditor later asks how an action was authorized, a static matrix cannot reconstruct what the policy was at the moment the action occurred, who the accountable owner was, or what escalation path applied, so there is no evidence either.

Execution needs a hardened, verifiable system of record for authority: one that validates an action before it happens and preserves the proof after.

The system of record is becoming the rails for agents

This is not only SAP's view. Industry analyst Josh Bersin recently described Workday's reinvention from a system of record into a platform of agents, and the argument is the same one: reasoning alone cannot run payroll, close the books, or enforce segregation of duties. Those need deterministic rules, approval chains, and a data model built over years. Workday's position is that its configuration, policies, and compliance machinery are the rails that let agents run safely, and that an agent acting outside those rules can produce output that looks reasonable while violating policy. Build agents on extracted data without the rails, the analysis argues, and they are lawless by design: they optimize the task without enforcing the rules.

Workday is productizing that idea as an Agent System of Record, where agents are treated as first-class identities with scoped authorization and audit trails, alongside SAP's push to ground AI inside operational context. When the two largest enterprise platforms reach the same conclusion in the same season, the direction is clear: agents must run on the enterprise's rules, not around them.

But notice how this is unfolding. Workday governs agents on Workday's rails. SAP grounds agents in SAP's context. ServiceNow, Microsoft, and others are each building their own agent control layers, and identity may still run through Okta or Entra. Bersin makes the point directly: agents will live across many surfaces, some inside a given platform and many outside it. An enterprise then ends up with several systems of record, each asserting authority over the agents in its own domain, and none of them spanning the others.

That is the cross-platform authority gap. The question "can this agent approve a $250,000 commitment on behalf of the CFO" has to resolve the same way whether the agent is running on Workday's rails, calling SAP, acting through Microsoft, or built in-house. Business-level delegated authority cannot live inside any one platform when agents act across all of them. It needs a source of truth that sits above the platforms, and that each of them can check.

Aptly is the execution enabler for bounded authority

Aptly is the system of record for delegated authority across the human and agent workforce. It is the Authority Layer that sits between your identity systems, which know who the actors are, and your execution systems, where work actually happens. It answers the question neither was built to answer: what is this person or agent authorized to decide. Three capabilities make that operational.

An authority registry for humans and agents. Every delegation carries scoped limits, conditions, effective dates, and an accountable owner. Version history and point-in-time recall mean you can reconstruct exactly what the authority policy was at the moment an action occurred. That is the evidence an auditor asks for.

Runtime authority checks inside workflows. Before a sensitive action runs, your agent runtime, workflow engine, or business system queries Aptly and receives one of five answers: permit, deny, permit with conditions, requires approval, or escalate to a specific human. The decision accounts for amount thresholds, data sensitivity, and entity or jurisdiction scope. This is what turns autonomy into something bounded and enforceable at the point of action, rather than a guardrail written in a document nobody checks at runtime.

Human escalation routing. When an agent hits a high-risk or ambiguous decision, the right response is not to halt and alert whoever is nearest. It is to route the decision to the correct accountable person based on the delegation in force. That keeps Klein's principle intact: people define priorities and hold accountability, while systems coordinate and execute the work around them.

Aptly does not replace your ERP, your identity platform, or your agent platform, and it does not compete with a platform's in-house agent registry. It completes them, and it spans them. Where Workday's Agent System of Record governs agents on Workday's rails, Aptly holds the business-level delegated authority that applies across Workday, SAP, ServiceNow, Microsoft, and your own agents, so the same person or agent gets the same answer no matter which platform's rails the action runs on. It is the cross-platform authority system of record those platforms and agents call before work is executed, so the boundary on any action is explicit, live, and provable.

There is upside here, not only control. West Monroe's 2026 Speed Wins research found that 73% of senior executives connect faster decision-making to a revenue impact of 5% or more. Speed is the prize. Bounded, provable authority is how you capture it without trading away control.

This is the direction of travel

The platform shift is matched by a regulatory one. Google DeepMind published a formal delegation framework in February 2026, defining delegation as the transfer of authority and accountability to AI agents and noting that existing connection protocols lack adequate governance for deep delegation chains. Singapore's Infocomm Media Development Authority released the first government-backed agentic AI governance framework in January 2026, calling for bounded authority and human approval checkpoints for sensitive actions. The EU AI Act's high-risk provisions, which include record-keeping and human-oversight requirements, are scheduled to take effect in August 2026.

A leading AI lab, a national government, and a supranational regulator reached the same conclusion inside six months. Authority for agents is moving from concept to requirement.

The teams that win the next phase will ground intelligence in authority

Klein is right that the AI race is being fought in the wrong place. The organizations that win the next phase will ground intelligence in operational reality, and a central part of that reality is authority: who can do what, under what conditions, with what proof. Better models will not settle it. A verifiable system of record for authority will.

Aptly is that system, and the execution enabler that lets your people and your agents act with confidence, within bounds, and on the record.

See Aptly in your environment.

Sources

1. Christian Klein, "SAP CEO: the AI race is being fought in the wrong place," Fortune, May 12, 2026. fortune.com
2. Josh Bersin, "The Reinvention of Workday: From System of Record to Platform of Agents," April 2026. joshbersin.com
3. EY and Society for Corporate Governance, The Delegation Edge, 2025 (222 respondents). ey.com
4. OWASP, Top 10 for Large Language Model Applications 2025. owasp.org
5. SailPoint and Dimensional Research, AI agent adoption study, May 2025. businesswire.com
6. Deloitte, State of AI in the Enterprise 2026. deloitte.com
7. West Monroe, Speed Wins, 2026. westmonroe.com
8. Singapore Infocomm Media Development Authority, Model AI Governance Framework for Agentic AI, January 2026. imda.gov.sg
9. EU AI Act, Articles 12 and 14. artificialintelligenceact.eu