20 questions for the Agentic Enterprise (and how Agent Platform can help)

1 hour ago 3

If you’re an IT leader, you might be getting a lot of questions about how to build and deploy agents. 

The pressure to move fast is intense, but the engineering reality is incredibly complex. Where do your teams even begin? How do you untangle a fragmented mess of disconnected tools? And as things grow, how do you ensure your agents don’t accidentally leak sensitive data, or burn through your token budget in an afternoon? It’s a lot to balance, and trying to establish a secure foundation for an entire organization can quickly feel overwhelming.

That’s why we built Gemini Enterprise Agent Platform. It gives your technical teams a unified destination to build, scale, govern, and optimize both customer-facing agents and the ones managing your internal operations. Agent Platform handles the underlying complexity so your teams can focus on driving actual business value.

To help you navigate these conversations, we gathered 20 essential questions to ask your engineering teams, along with some practical advice and code examples to get you going. Let’s dive in. 

Section 1: The build phase — Establishing the foundation

#0 Who is building the application?
Before choosing a tool, look at who on your team is actually doing the work. Is it your engineer? Your legal team? Building with AI is no longer exclusive to high-code engineers. Anyone can vibe code now. This incredible accessibility has turned millions of non-coders into creators who can build and launch applications in seconds. So it means your work could be coming from anywhere. This may sound like an obvious step, but it’s an important one in the AI era. 

The ecosystem now spans a spectrum of personas: no-code business experts defining logic via visual interfaces (think: your business teams, sales, and marketing), low-code developers assembling modular parts, and high-code engineers creating bespoke, custom reasoning loops. Successful adoption means choosing a platform that empowers all three personas without siloing your data or security.

#1 Where should my developers start?
When setting up an agentic strategy, it's easy to focus exclusively on the end product, like the agents that will handle customer support or financial analysis. But to build those sophisticated agents, you have to start by empowering the builders who write their underlying logic. Your developers need their own specialized AI tools, like coding agents, to accelerate code generation, scaffolding, and integration.

However, most coding agents are isolated. They can only analyze the immediate file they are working on, with no connection to your live databases, internal documentation, tech stack, or business systems. 

To keep your devs moving quickly without sacrificing governance, we recommend using Google Antigravity as your primary engineering harness, and then integrating specific extensions based on what that team is building. Here’s a helpful breakdown: 

  • For core application engineers: Use the upgraded Agent Development Kit (ADK) as your baseline framework, paired with Agents CLI to handle the entire agent lifecycle from the terminal. 

  • For data engineers: Plug in the Google Cloud Data Agent Kit, which provides dedicated skills and Model Context Protocol (MCP) tools tailored for data pipelines.

  • For Google Cloud ecosystems: Deploy Agent Skills to give your coding environment native capabilities across Google products. 

  • For integrated IDE experiences: Connect the Developer Knowledge Base via MCP to stream official documentation directly into your teams' workflows.

#2 Who are we building for? Humans, or other agents? 
Like #1, this might sound like a straightforward question, but you'll want to decide early on if you're building an AI agent for your employees to talk to directly, or if it's meant to coordinate with other agents behind the scenes. Your design requirements will look completely different depending on who — or what — is interacting with the system, so keeping everything under your team's control starts with knowing exactly who you're building for.

If your answer is humans (building for employees or customers), focus on user experience. You can host and share these tools in a single place like the Gemini Enterprise app, or use the Agent-to-User Interface (A2UI) framework to drop interactive components directly into your custom apps.

If your answer is agents (and you’re building agents meant to talk to other agents), focus on interoperability. By adopting the open Agent2Agent (A2A) protocol, an open standard for seamless communication and collaboration between AI agents, your agents can use standardized metadata to discover each other, pass context, and securely delegate background work across completely different enterprise frameworks.

See question #14 for more on user and agent identity.

#3 Which agent development tool should I use?
With so many frameworks available, it’s easy for engineering teams to default to fragmented, homegrown setups. To simplify this, we look at agent development as a four-rung ladder, which allows teams to slide between out-of-the-box configuration and code-first control:

  • Rung 1: Agent Studio (low-code): A visual workspace inside Agent Platform for rapid prototyping and business teams. Build an agent with Agent Studio here.

  • Rung 2: Managed Agents API (Agent-as-a-Service): For technical teams who want to define agent behavior via API and let Google handle the infrastructure inside a secure sandbox. Build a custom agent with Managed Agents API here.

  • Rung 3: Antigravity 2.0: A dedicated workspace for developers leveraging AI for advanced coding tasks and engineering pipelines. Build with Antigravity here.

  • Rung 4: Agent Development Kit (ADK 2.0): An engineering-first, code-first framework for software engineers building highly custom, multi-agent networks from scratch. Build a sample agent with ADK here.

#4 Should I start with one agent or many, and how do I specialize them?
Always advocate for your teams to start with a single, highly specialized agent for initial prototyping. If an agent tries to do everything, a few things might happen: accuracy drops, latency spikes, and debugging becomes a nightmare. To avoid this, write tight instructions and limit the tools it can access.

As your workflows grow more complex – or if you hit model context limits – have your engineers graduate to a multi-agent system. At its core, a multi-agent system is a collection of individual, autonomous agents that collaborate to achieve a goal. Using a framework like ADK, they can organize agents into a network of sub-agents where a coordinator delegates specific tasks to specialized team members, maintaining clear organizational logic.

Example: Build a sample multi-agent solution with ADK here.

Section 2: The scale phase - connectivity and interoperability

#5 How do we connect enterprise data and maintain the right business context?
Your agents need access to the right data to be truly useful. This is where “enterprise truth” comes in – it's what we call your enterprise’s specific data, tools, constraints, policies, and processes that the agent needs to be successful.

While there are several ways to accomplish this, the emerging practice is using open standards like Model Context Protocol (MCP) to connect your agents directly to live databases and business apps. However, simply establishing connectivity isn’t enough. To help your agents work accurately and avoid hallucinations, you must also organize this data with clear business context, metadata, and logic. This structured approach ensures your agents don’t just pull raw information, but actually interpret it correctly to and make better decisions across your organization

Example: Build a sample multi-agent solution with ADK and MCP Toolbox (Managed Server).

#6 How do we connect agents built on completely different frameworks?
In a large organization, different teams will naturally build agents using the tools that best fit their specific needs, whether that's LangGraph, a homegrown framework, or something else entirely. However, if these systems can’t communicate, you end up with isolated data and workflow silos. 

Establishing a universal communication standard allows agents developed on completely different platforms or frameworks to exchange intents, state, and results without specialized integration work.

For cross-framework connectivity (e.g., connecting a LangGraph-based HR agent to an ADK-based CRM agent ), you can implement the A2A protocol. This allows a microservices-style communication pattern across multiple distinct agents, ensuring they can securely talk to each other.

Example: Build a sample multi-agent solution with ADK and A2A.

#7 How do we help agents find the specific tools they need? 
Stuffing an agent's context window with multiple tools and APIs degrades performance, increases latency, and drives up token costs. Just as we use RAG to dynamically fetch data on demand, we must apply the same dynamic retrieval strategy to agent tooling. 

By utilizing focused agentic Skills, agents load capabilities only when a task requires them. Instead of parsing a massive library of generic instructions, the agent pulls from a single, task-specific index card—ensuring precise, tightly controlled execution.

Example: Build a multi-agent orchestration pattern with ADK and Skills

#8 How do we deploy our agents so they can easily scale?
This is the million-dollar question — or, perhaps more accurately, the "tokens-per-minute" question. The key isn't just about choosing the cheapest option, but about finding the right recipe of tools and services that aligns with your workload patterns.

To scale your agents without racking up massive infrastructure overhead, your teams should deploy agents within a fully managed, serverless execution environment. Agent Runtime is a set of services that enables developers to deploy, manage, and scale AI agents in production. Agent Runtime handles the infrastructure to scale agents in production so you can focus on creating applications. 

A production-ready runtime must offer elastic auto-scaling to handle sudden usage spikes, containerized flexibility to bundle custom software dependencies, and native support for bidirectional streaming to ensure low-latency, real-time interactions. The architecture must also integrate built-in private networking interfaces to securely connect to internal enterprise data without public internet exposure.

Example: Build a multi-agent orchestration pattern with Agent Runtime

#9 What if our agents lose track of context during long-running tasks?
To help your AI agents work more effectively, you can give them both short-term and long-term memory. This means using real-time session state to keep immediate conversations going, and a long-term storage layer to remember user preferences and past interactions — all while keeping your agents safely under your team's control.

Agent Platform handles this across two layers. In ADK, a sessionService handles the immediate steps of a multi-stage task, while Agent Memory Bank acts as a persistent, long-term storage layer to recall past user preferences and project outcomes over time.

Example: Build a multi-agent orchestration pattern with Agent Memory Bank and ADK memory

Section 3: The optimize phase — trust and efficiency

#10 How do we limit the blast radius for an agent running scripts or using a browser?
If your agents need to run Python, execute scripts, or browse the web to gather data, they shouldn’t do it directly on your network. Running these tasks in a temporary, isolated sandbox environment makes it easy to isolate any untrusted code or runtime logic errors, keeping them completely separate from your core enterprise systems.

Plus, using our agent runtime with a built-in sandbox helps protect your primary infrastructure and lets your agents safely execute tool calls under your team's full control.

Example: Build a multi-agent orchestration pattern with Agent Sandbox

#11 How do I ensure my agent stays on-brand?
An agent represents your corporate identity. While defining system prompts with clear constraints is a starting point, relying on prompts alone is insufficient (and risky) for production security. You need a mandatory safety layer that enforces core corporate rules and tone constraints, making sure the agent remains bounded regardless of the model's inherent probabilistic nature.

Guardrails turn an unpredictable LLM into a safe enterprise system by allowing the agent to have the flexibility to make autonomous decisions, while keeping it incapable of violating core safety rules. Because these boundaries are implemented as deterministic constraints outside of the agent’s reasoning, they cannot be bypassed.

Complementing this safety layer, structured workflows drive even greater predictability by breaking complex tasks into deterministic, step-by-step pipelines that use code-level routing, conditional logic, and state management to guide the agent through repeatable paths.

Example: Build a multi-agent orchestration pattern with Guardrails agent. See also ADK Workflows

#12 How do we trust the result?
Trust is earned through evidence gathered from rigorous testing and ongoing evaluations across the agent’s entire lifecycle. It’s not an automatic given, but rather a result of your method. 

At scale, evaluation is automated using a mix of metrics, human-in-the-loop oversight, and LLM-as-a-judge patterns. By using a more capable model or a specialized self-evaluation agent to audit the primary agent’s output before it reaches the end-user, you can systematically catch inaccuracies and protect the user experience.

Example: Build a multi-agent orchestration pattern with LLM-as-a Judge and Self Evaluation agent built in

#13 How do I control costs that are going overboard?
High-performance reasoning is powerful, but it isn’t cheap. To optimize your spend, try using a tiered approach: employ fast, lightweight models (like Gemini Flash) for high-speed, low-complexity tasks, leverage open source models (like Gemma), and reserve your largest, most expensive reasoning models for final decision-making. 

For high-volume production, switch to Provisioned Throughput (PT). Think of it like booking dedicated capacity for your steady, predictable everyday traffic, while unexpected spikes safely overflow into standard pay-as-you-go billing.

You can further protect your budget by trimming context windows with precision RAG, utilizing context caching, setting hard stops on agent iterations, and transitioning predictable parts of the agent workflow into deterministic code where feasible.

Example: Build with cost control in mind and KPIs that matter

Section 4: The govern phase — security and oversight

#14 How do I align an agent’s data access to match that of its human user?
Aligning an agent’s data access starts with establishing a secure agent identity, which supports three models: operating directly under a user's identity, using the agent's own independent identity, or acting via delegated authority. 

For many employee-facing workflows, leveraging delegated authority is the most secure approach. The agent automatically inherits and respects the existing permissions of the employee interacting with it. This guarantees that the agent cannot access data it isn't explicitly authorized to see, eliminating the need to rebuild complex permission structures from scratch while maintaining a clean audit trail.

Example: Build with Agent Identity

#15 How do I manage shadow AI and agent sprawl?
Unmonitored agents create severe data fragmentation and compliance risks. To prevent sprawl, you can use a central agent registry — a single, discoverable directory that automatically inventories every active agent, its business owner, its target dataset, and its permitted tools. Moving away from manual tracking spreadsheets gives your teams visibility into internal AI projects, ensuring that redundant agents are consolidated and orphaned endpoints are safely decommissioned.

Example: Build with Agent Registry

#16 How do I define how users, agents, data, and tools are allowed to interact?
Scaling enterprise automation safely requires a dual-layered policy architecture. First, apply IAM policies to set clear boundaries so agents only access authorized tools and specific data buckets. Second, implement semantic policies that analyze the natural language intent of a user prompt in real time, validating that the agent's planned response aligns with core business rules and compliance mandates before execution.

Example: Build with Policies

#17 How do I enforce those policies and gain visibility into agent activity?
Policies are meaningless without runtime enforcement and a clear audit trail. To achieve this, you need to route all agent traffic through an agent gateway — the network entry and exit point for all agentic interactions. This gateway should automatically intercept calls between users, agents, and tools to instantly block policy violations, sanitize content, and prevent prompt injections. For total visibility, this gateway must generate network-layer telemetry for every single interaction, feeding real-time behavioral metrics and execution traces directly into your observability dashboards. 

Example: Build with Agent Gateway

#18 How do I protect prompts and responses against data leakage, prompt injections, and offensive content?
When integrated with Agent Platform, Model Armor intercepts prompts before they reach Gemini models, and intercepts responses before your application receives them.

Based on your configuration, Agent Platform calls the Model Armor service, which inspects or blocks traffic that violates your defined policies — enforcing security measures like prompt injection and jailbreak detection, responsible AI filters, and sensitive data protection. You can configure this integration either by using floor settings for project-level protection or by using templates for per-request protection.

Example: Build with Model Armor

#19 How do I know if something has gone wrong with one of my agents?
To protect your systems, you need to look for behavioral anomalies by auditing your agent's decision-making loop in real time. Running this continuous behavioral audit alongside threat detection ensures you instantly catch whenever a compromised agent attempts a high-risk, uncharacteristic action.

This is where Agent Platform Threat Detection (part of Security Command Center) comes in. If an agent attempts unauthorized database commands or connects to unverified external network addresses, the system flags the event in near-real time for rapid isolation — keeping your automated workforce safely under control.

Example: Build with Threat Detection and Agent Anomaly Detection

#20 How can I manage the complete agent lifecycle in one place?
Nobody wants to click through five different cloud consoles just to push an update or run a test. With Agent Platform, you can simply give your coding agents the specific skills and commands needed to build, scale, govern, and optimize production-ready agents.

We recommend using the Agents CLI in Agent Platform as the central command tool for your development teams. It acts as a direct bridge between local terminal work and live production management, making it much easier for developers to transition from testing to a live launch. 

It also allows your teams to version-control agent configurations, run automated evaluations, and seamlessly push updates through your existing CI/CD pipelines. Because the underlying tools and skills are built and rigorously tested by Google's experts, your team can deploy with confidence without having to reinvent the wheel or break their day-to-day coding workflows.

Example: Build with Agents CLI here

Get started today

By tackling these 20 questions early, you can build agents that actually do real work for your business — without keeping your security and operations teams up at night.

Get started with Gemini Enterprise Agent Platform here.

Posted in
Read Entire Article