As AI agents begin to autonomously write, test, and deploy code, platform engineering teams face a critical inflection point. The shift from Internal Developer Platforms (IDPs) to Agentic Development Platforms (ADPs) isn't just a technical upgrade - it's a fundamental reimagining of how software gets built, governed, and delivered at scale. The organizations pulling ahead aren't necessarily the ones with the most sophisticated AI - they're the ones with the most prepared platforms.

Main insights

• Organizations seeing real throughput gains from agentic development establish clear governance frameworks and semantic data layers before deploying agents
• The transition from IDP to ADP requires rethinking platform architecture around agent capabilities, not just adding AI features to existing tools
• Compliance and security in agentic workflows demand new approaches to policy enforcement, audit trails, and runtime threat detection
• The time to prepare your infrastructure is now, even if full agent adoption is still months away

This executive roundtable brought together two of platform engineering's most influential voices to tackle the urgent question facing engineering leaders: how do you prepare your organization for autonomous AI agents operating across the software development lifecycle?

Kaspar von Grünberg, who helped establish platform engineering as a discipline, is joined by Ajay Chankramath, CTO at Platform Engineering Advisory & Consulting and author of multiple seminal works on platform engineering. Together, they explored the structural differences between organizations successfully deploying agentic development and those still stuck in pilot purgatory.

You can watch the full discussion here if you missed it.

The structural difference: Why some organizations succeed with agents

The gap between pilot projects and production-scale agentic development isn't about AI sophistication - it's about platform readiness. Organizations seeing real throughput gains share common structural characteristics that set them apart from those still experimenting.

First, they've built a semantic data layer. Von Grünberg describes this as a unified understanding of how code, infrastructure, dependencies, and business logic relate to each other. Without this foundation, agents operate in silos, unable to understand the broader context of their actions. When an agent can query "what services depend on this API?" or "what compliance requirements apply to this data flow?", it can make autonomous decisions safely and confidently.

Second, they've redesigned their platforms to treat agents as first-class users - not just enhanced developer tools. This means rethinking core platform capabilities:

• API-first everything: Every platform capability must be accessible programmatically, with clear contracts and versioning
• Declarative infrastructure: Agents work best with declarative models where they specify desired state rather than imperative steps
• Observable outcomes: Platforms must provide real-time feedback on agent actions, not just logs
• Rollback mechanisms: Automated reversal of agent-initiated changes when outcomes don't match expectations

Third, they've solved the context problem. Agents need to understand not just what code does, but why it exists, what business requirements it fulfills, and what constraints govern its evolution. This requires integrating documentation, architectural decision records, and business logic directly into the platform's knowledge graph.

Governance and compliance: The autonomous agent challenge

When agents operate autonomously across the SDLC, traditional governance models break down. The roundtable identified three critical challenges that leading teams are actively addressing.

Policy as code becomes policy as context. Traditional policy-as-code approaches define rules that humans interpret and apply. Agentic systems need policies expressed as machine-readable context that agents can reason about - encoding not just "what's allowed," but "why it's allowed" and "under what conditions exceptions apply."

Zero trust takes on new meaning with agents. Chankramath emphasized that you can't simply authenticate an agent once and trust all its subsequent actions. Each agent operation must be continuously verified against policy, with runtime threat detection monitoring for anomalous behavior patterns that might indicate compromised or misbehaving agents.

Audit trails must capture intent, not just actions. When a human developer makes a change, you can ask them why. When an agent makes a change, the audit trail must capture the full reasoning chain - what context the agent considered, what alternatives it evaluated, and what constraints it respected. Logs alone are no longer sufficient.

Compliance becomes dynamic, not static. Chankramath advocates for "compliance guardrails" - automated systems that prevent agents from even attempting non-compliant actions, rather than catching violations after the fact. The most sophisticated teams also implement agent sandboxes: isolated environments that mirror production constraints but allow safe experimentation and failure without risking live systems.

Practical first steps: Moving from IDP to ADP

The transition from IDP to ADP doesn't require ripping out your existing platform and starting over. Here's a pragmatic migration path that minimizes disruption while building agent readiness.

1. Invest in platform observability first. Before agents can operate autonomously, your platform must be fully observable - not just monitoring metrics, but understanding relationships, dependencies, and state. Build a comprehensive platform knowledge graph that maps how all components relate. This becomes the foundation agents query to make informed decisions.
2. Identify high-value, low-risk use cases. Don't start by letting agents deploy to production. Begin with tasks that deliver immediate value while building organizational confidence:
   • Automated dependency updates with comprehensive testing
   • Documentation generation from code and infrastructure
   • Test case generation based on code changes
   • Infrastructure drift detection and remediation proposals
3. Establish agent governance frameworks before you scale. Define policies for agent behavior early - what actions agents can take autonomously versus what requires human approval, how agents escalate when they encounter ambiguous situations, what audit trails they must maintain, and how agent performance gets measured and improved.
4. Build semantic understanding into your platform. Start by documenting architectural decisions in machine-readable formats, tagging resources with business context and ownership, mapping dependencies and relationships explicitly, and encoding compliance requirements as queryable rules.
5. Create structured feedback loops. Agents improve through feedback, but that feedback must be structured and actionable. Implement systems that capture when agents make good decisions versus poor ones, and feed that learning back into agent behavior over time.

The timeline: When to act

A critical insight from the roundtable: the time to prepare for agentic development is now, even if you're not deploying agents today. The infrastructure changes required - semantic data layers, enhanced observability, policy-as-context frameworks - take months to implement properly. Organizations that wait until agents are "ready" will find themselves scrambling to catch up.

Early adopters are already reporting 2-3x increases in feature velocity when agents handle routine development tasks, freeing engineers for higher-level architectural and product decisions. These aren't marginal gains - they represent a meaningful competitive advantage that compounds over time.

This isn't about replacing developers. It's about augmenting their capabilities and eliminating toil. The most successful implementations treat agents as team members that handle well-defined, repetitive tasks while humans focus on creativity, judgment, and strategic thinking.

​

If you enjoyed this, find here more great insights and events from our Platform Engineering Community.

For more comprehensive guidance, check out the Platform Engineering Certified Architect Course and learn best practices from industry experts.

​

Key takeaways

• Build your semantic data layer first: Before deploying agents, establish a unified knowledge graph that maps relationships between code, infrastructure, and business logic. This foundation enables agents to make context-aware decisions safely - and it's the single most important differentiator between organizations succeeding with agentic development and those stuck in pilots.
• Rethink governance for autonomous operations: Traditional policy enforcement won't scale with agents. Implement policy-as-context frameworks, continuous verification, and runtime threat detection to maintain control without blocking agent autonomy. Compliance guardrails that prevent violations proactively are far more effective than catching them after the fact.
• Start small with high-value, low-risk use cases: Begin your agentic journey with tasks like dependency updates and documentation generation. Build organizational confidence and learn governance patterns before expanding to higher-risk operations like production deployments.
• Act now, even if full adoption is months away: The infrastructure changes required for agentic development - enhanced observability, semantic understanding, and governance frameworks - take significant time to implement. Organizations that prepare today will be positioned to capitalize on agent capabilities as they mature, while late movers will be playing catch-up.