Microsoft has moved its Agent 365 platform out of preview and into general availability, providing enterprise customers with tools to monitor and control AI agents operating across their networks. The platform addresses what Microsoft calls "shadow AI" - autonomous software tools that employees install on devices without IT oversight.

David Weston, Microsoft's Corporate Vice President of AI Security, said the company is observing three categories of security incidents involving AI agents in enterprise environments: developers inadvertently exposing sensitive systems when connecting agents to backends, attackers using cross-prompt injection techniques to manipulate agent behavior, and agents accessing data through systems not designed for autonomous access patterns.

Agent 365 functions as a centralized registry that provides IT administrators visibility into AI agents running across Microsoft's ecosystem as well as third-party platforms including AWS Bedrock and Google Cloud. The platform costs $15 per user per month and can discover locally-installed AI tools on Windows devices, starting with OpenClaw agents. Microsoft plans to expand detection to 18 different agent types by June 2026.

Meanwhile, American Express is developing its own infrastructure for AI-driven commerce through the Agentic Commerce Experiences (ACE) developer kit. The system allows AI agents to shop and make payments on behalf of users within Amex's closed-loop network, where the company serves as both card issuer and payment processor. Luke Gebb, Amex's EVP and global head of innovation, said the company believes trust and security controls are critical for advancing autonomous commerce.

The ACE kit includes agent registration systems, account enablement features, and what Amex calls "intent contracts" that define user authorization boundaries. When agents complete transactions, they use single-use tokens with built-in spending limits based on user-defined constraints. However, Amex has not disclosed the technical details of how it validates agent transactions.

Separately, vector database company Pinecone announced Nexus, a knowledge engine designed specifically for AI agents rather than traditional retrieval systems. The company claims its approach reduces token consumption by moving reasoning work from query time to a compilation stage that pre-processes enterprise data into task-specific knowledge artifacts. Pinecone CEO Ash Ashutosh said conventional retrieval-augmented generation (RAG) systems were built for human users and don't meet the needs of autonomous agents.