Ready to Work Together?
Let's discuss how our expertise can help transform your business.
Jordan Saunders
·
Jul 1, 2026
If you run a mid-market company and your teams are wiring agents into everything right now, you have probably felt a little uneasy about it. You are handing autonomous software access to your systems, your data, and your credentials, faster than you can put any real control around it. That feeling is not paranoia. It is you paying attention.
Here is the reality most leaders have not said out loud yet. Agents are already inside your company. Your developers are running coding agents. Your operations, finance, and marketing people are starting to point agents at their own tools and data. Almost all of it runs through the same new plumbing — a protocol called MCP that lets an agent reach out and call outside tools — and almost none of it is governed. The debate about whether to use agents is over. You are using them. The only open question is whether you govern them or just tell yourself you do.
And the thing that makes an agent useful is the exact thing that should worry you. Autonomy is the point. You want it reaching into systems and acting on its own, because that is where the leverage is. But an agent authenticated as one of your developers, sitting on a laptop, holding production credentials, free to call whatever tool it likes, is quietly the least-governed compute in your entire company. Nobody set it up that way on purpose. It happened one useful tool at a time.
So people go looking for AI governance, and here I want to be blunt. Most of what gets sold under that name is theater. It shows up in two flavors.
Neither one can answer the three questions your security lead, your auditor, or your cyber insurer will eventually ask.
If the honest answer is a shrug, you do not have governance. You have hope.
That is why governance has to move down to the runtime — to the place the agent actually executes. Enforce, do not advise. In practice that means a handful of things working together.
That is the layer Docker is betting on with its AI governance work, and I think it is the right one, because it is the only layer that can see what the agent is doing instead of what you asked it to do.
Now the part most vendors will not tell you. This kind of tooling is infrastructure, not a finished security program. Buying it does not govern your agents any more than buying a lock installs itself on your door. Someone still has to decide the actual policy, wire it into your identity and audit systems, and keep running it as agent use spreads across the company. That is the real work, and it is the part almost nobody is staffed for. The tool is the easy twenty percent. The program around it is the other eighty.
I want to be clear about why this matters, because it is not about fear. The goal was never to slow your teams down. Fear pushes companies toward the worst possible move here, which is doing nothing and letting agents pile up ungoverned because stopping them felt impossible. Governance is not the brake. It is what lets you take your foot off the brake. Once you can actually see and control what your agents do, you get to say yes to them on purpose, at scale, with your eyes open, instead of hoping the useful thing never turns into the expensive thing.
This is the gap we help mid-market companies close at NextLink, and it is why we partnered with Docker to do it at the runtime layer rather than the policy layer. We design the policy model, deploy it, connect it to the tooling you already run, and stand up the program around it. If any of this is landing a little too close to home, that is worth a conversation.
So, founder to founder. If you are connecting everything to agents and you cannot answer those three questions today, you do not have an AI strategy. You have exposure. The good news is that the answer exists now, it works, and there is nothing exotic about it. It is mostly a matter of deciding to do the work before something out there decides it for you.
Author at NextLink Labs
Five engineering defaults are quietly making your AI features 10x more expensive than they should be. Here's how to find them and fix them in a week.
Jordan Saunders
·
Jun 24, 2026
Token prices keep falling but your AI spend keeps climbing. Here's why the old capacity planning model is structurally wrong for agentic AI — and what finance and engineering should do about it.
Jordan Saunders
·
Jun 17, 2026
The AI on your feed isn't what ships to production. Here's what working AI actually looks like in mid-market companies — narrow, boring, and wrapped in operational discipline.
Jordan Saunders
·
Jun 10, 2026
Let's discuss how our expertise can help transform your business.