Databricks urges strict governance, evaluation and small pilots to scale enterprise AI agents

Databricks advises organizations to require strict data-access governance, systematic evaluation of agent outputs, and narrow pilots to improve the odds of moving agentic AI from experiment to production.

Databricks is urging enterprises to adopt three up-front practices — strict governance of data access, systematic evaluation of agent outputs, and small pilot projects — to raise the likelihood that AI agents will move from experiments into production. Craig Wiley, Databricks’ head of AI, frames these steps as practical ways to address the common deployment barriers of controlling access, proving value, and managing cost rather than attempting broad workflow replacements at the outset. it can access corporate resources such as databases, execute code outside a large language model, call external programs like email systems, and orchestrate multi — step workflows.

Governance is the primary concern. Wiley recommends deciding up front what data an agent may access and enforcing rules to prevent harmful disclosures. Concrete controls include least — privilege access, selective permissions for tools, and strict separation of duties where appropriate. Databricks points to customer examples to illustrate the risks: the women’s health app Flow, which serves 75 million users, must prevent responses that could leak one user’s information to another, while asset manager Franklin Templeton applies careful controls when sending portfolio reports to clients.

Adoption remains limited. Databricks’ State of AI Agents report found that just 19% of organizations have deployed agents, and then mostly at a small scale. Wiley summarizes the finance team concerns that often stall decisions in three blunt questions: "Can you control it, can you tell me if it’s any good, and how much does it cost?" He positions governance, evaluation, and cost monitoring as prerequisites for executive approvals and wider rollouts.

For builders and platform teams, the guidance has immediate technical implications. Databricks recommends maintaining clean, well-organized data sources and implementing fine-grained access controls for each external integration an agent might use. Teams should instrument agent outputs for correctness checks and business — value measurement, and design cost-tracking mechanisms for chained actions so leaders can see the per-request and cumulative financial impact. Databricks also counsels starting with narrow, focused pilots to validate return on investment and uncover failure modes before widening an agent’s responsibilities. Small pilots let teams iterate on tooling, logging, and guardrails in a controlled setting and provide concrete metrics to justify expansion or rollback.

The recommendations arrive as industry figures warn agentic AI is evolving rapidly; Mustafa Suleyman has described computing as approaching "nearly human — level agents," increasing the urgency for safe, measurable rollouts. Databricks’ three — step approach aims to give agentic systems a controlled head start so organizations can scale them with fewer governance and correctness surprises.