For years, enterprise AI strategy has operated on a simple assumption that once the models get good enough, adoption will follow. That assumption is now being tested — and failing. Model capability has, by most measures, arrived. What hasn’t arrived yet are the infrastructure, security posture, and workflow architecture needed to enable autonomous systems to operate safely within the enterprise.
One clear signal of this gap comes from the federal government itself. When NIST published a formal Request for Information on AI agent security in January 2026, it drew 932 public comments before its March 9, 2026 close—an extraordinary response volume that reflects how urgently practitioners are grappling with problems current frameworks don’t address.
NIST’s own assessment of why is blunt: autonomous agents are being embedded into production environments without the identity management infrastructure, access controls, or audit mechanisms that govern traditional software, even as they write and execute code and chain tool calls across dozens of integrated services.
The security data underlying that concern is sobering. Novel attack strategies against AI agents succeeded 81% of the time in early-2025 red-team exercises referenced in NIST’s internal research — a failure rate that has nothing to do with how well the underlying model reasons.
Healthcare illustrates the workflow side of the problem most sharply. A formal comment submitted to HHS’s Office of the National Coordinator for Health IT argues that capabilities related to data readiness, interoperability, life cycle monitoring, and auditability are foundational to realizing AI’s potential while safeguarding patients, clinicians, and institutions, particularly for AI embedded in documentation and operational workflows that influence care without being regulated as a medical device.
The pattern across every source is identical: the bottleneck isn’t intelligence. It’s readiness.
Alex Tyrrell, SVP and CTO of Health at Wolters Kluwer, joined Emerj’s Matthew DeMello on the AI in Business Podcast to explain why agentic AI success now depends on modernizing enterprise infrastructure, security posture, and workflow architecture rather than improving model performance.
This article examines three insights that clarify why agentic AI adoption is constrained by enterprise readiness rather than model capability.
- Infrastructure readiness as the gating factor: Agentic AI cannot operate reliably when legacy systems, brittle APIs, and monolithic architectures prevent autonomous execution across multi‑step, regulated workflows.
- Domain‑adapted reasoning as the engine of agentic performance: Multi‑model orchestration, fine‑tuning, and dynamic chain‑of‑thought are required to decompose complex tasks into executable steps that consistently deliver outcomes.
- Autonomous security posture as the new enterprise requirement: Machine‑initiated actions expand the attack surface, complicate compliance, and demand identity, entitlement, and observability controls built for agents rather than human operators.
Episode: From Experimentation to Clinical-grade AI in Healthcare – with Alex Tyrrell of Wolters Kluwer
Guest: Alex Tyrrell, SVP and CTO of Health at Wolters Kluwer
Expertise: Artificial Intelligence, Machine Learning, Healthcare Technology, Data & Product Engineering
Brief Recognition: Alex Tyrrell is a technology executive with expertise spanning AI, machine learning, data platforms, and healthcare technology. He currently serves as Executive Vice President and CTO of Health at Wolters Kluwer, where he leads product engineering, technology strategy, and AI and Data Centers of Excellence across the Health Division’s portfolio of clinical decision support, research, and healthcare solutions. Previously, Alex held engineering and product leadership roles at Thomson Reuters and Refinitiv, where he led work across search, natural language processing, machine learning, data platforms, and enterprise content solutions. Earlier in his career, Alex was a postdoctoral fellow at Massachusetts General Hospital and Harvard Medical School, conducting research in high-performance computing, image analysis, and computational modeling that contributed to publications in journals including Nature Medicine, Nature Methods, and the New England Journal of Medicine. He holds a Ph.D. in Computer Engineering from Rensselaer Polytechnic Institute and an M.S. in Computer Science from Rochester Institute of Technology.
Infrastructure Readiness as the Gating Factor
Alex opens the episode by drawing a sharp line between what agentic AI can do and what enterprises are actually prepared to support. His core message is that autonomous systems don’t fail because the models are weak — they fail because the enterprise stack underneath them was built for human‑paced, screen‑based workflows. Agentic AI removes that friction entirely, exposing architectural weaknesses that were previously hidden.
According to Alex, the biggest constraint is not an appetite for innovation but technical debt: monolithic applications, brittle APIs, coarse entitlements, and operational tooling designed for human operators rather than autonomous agents. When agents begin executing tasks at machine speed, these weaknesses become systemic blockers.
He emphasizes that enterprises must modernize the underlying infrastructure before they can safely deploy agents into regulated workflows. That modernization includes decomposing monoliths, tightening entitlements, instrumenting APIs, and upgrading observability so teams can trace autonomous actions across distributed systems.
Alex states::
“When you had all these screens and these buttons and human operators… the volume of traffic was almost somewhat metered by how quickly you can press those buttons. Now agents are doing the work. There’s no more friction. The rate and speed and volume they can send to your back end — you better be ready for that.”
- Alex Tyrrell, SVP & CTO, Health, Wolters Kluwer
From this, Alex sets out several practical steps enterprises must take before deploying agentic systems:
- Decompose monoliths into modular, observable components: Agents cannot operate inside black‑box systems; they require clear, auditable endpoints and predictable behavior.
- Redesign APIs for fine‑grained, least‑privilege access: Coarse or brittle APIs break under autonomous load, and insufficient entitlements create compliance risk in regulated workflows.
- Engineer for machine‑driven traffic spikes: Human workflows naturally throttle system load; agents do not. Infrastructure must be prepared for sudden, high‑volume execution.
- Modernize observability and monitoring: When agents act across multiple systems, traditional logging cannot explain where errors originate or why spikes occur. Distributed tracing becomes mandatory.
- Strengthen identity and access controls for agents: Autonomous systems require identity models and permissioning frameworks tailored to machine‑initiated actions.
Together, these steps form Alex’s core argument: agentic AI succeeds when the enterprise foundation is rebuilt for autonomy rather than human operation.
Domain‑Adapted Reasoning as the Engine of Agentic Performance
Rather than beginning with architecture or infrastructure, Alex pivots this part of the conversation toward the behavior of agentic systems — specifically, how they think. His argument is that enterprises consistently underestimate the amount of domain adaptation required for agents to perform reliably. The question is never “which model,” but “how many layers of domain logic must be embedded before the model can actually execute a regulated task?”
Alex describes a pattern he sees across every serious deployment: the off‑the‑shelf model is just the starting point. Once it enters a real workflow, it must be reshaped — through supervised instruction, fine‑tuning, low‑rank adaptation, and dynamic chain‑of‑thought — until it reflects the reasoning patterns of trained professionals. In his view, this is where the enterprise’s true differentiation lives.
A key moment in the conversation comes when Alex explains how dramatically a model changes once it is adapted to a domain:
“You might start with a foundational frontier model, but you’re going to domain‑adapt it… and it’s not going to look like what you took off the shelf. It’s going to be better — and you’re likely going to do this multiple times.”
- Alex Tyrrell, SVP & CTO, Health, Wolters Kluwer
Instead of listing steps, Alex illustrates the concept through the nature of agentic workflows themselves. A human might see a single task — a pre‑authorization check, a claim review, a clinical summary — but an agent must break that task into reasoning units that are often invisible to the human operator. Sometimes the agent decomposes the task more finely than a human would; other times it collapses multiple human steps into one. The adaptation process teaches the model how to make those decisions.
Alex’s practical guidance emerges from this framing:
- Domain expertise becomes the scaffolding for agent reasoning. Subject‑matter experts are no longer just reviewers — they define the reasoning pathways agents must learn.
- Multi‑model systems become the norm. Different parts of a workflow require different reasoning behaviors, and no single model can reliably cover the entire chain.
- Dynamic chain‑of‑thought becomes essential. Agents must adjust their reasoning to the exact facts of each instance, rather than relying on static prompts or generic instructions.
- Explainability comes from granularity. When tasks are decomposed into fine‑grained reasoning steps, enterprises gain the transparency required for regulated environments.
Alex’s overarching point is that agentic performance is not a property of the model — it is a property of the adaptation process. Enterprises that treat domain reasoning as a first‑class engineering discipline will see agents behave with the consistency and reliability their workflows demand.
Autonomous Security Posture as the New Enterprise Requirement
Alex’s final theme shifts from workflow and reasoning to the operational reality enterprises face once agents begin acting inside regulated environments. His point is straightforward: the security assumptions that have governed cloud and SaaS systems no longer hold when autonomous systems initiate actions, communicate with other agents, and generate machine‑paced traffic across the enterprise. The attack surface expands, the identity model changes, and compliance frameworks must evolve to account for machine‑driven behavior.
Rather than treating security as a supporting concern, Alex frames it as the first constraint enterprises encounter when agents move from experimentation to production. Identity, entitlements, auditability, and observability — all historically designed for human users — must be rebuilt for autonomous actors capable of initiating workflows, accessing sensitive data, and interacting with external systems. In his view, this shift is not incremental; it is structural.
He highlights a second dimension: threat actors now benefit from the same generative capabilities enterprises use. LLM‑enabled attacks become harder to detect, easier to scale, and more adaptive. This forces enterprises to rethink how they validate agent identity, monitor agent‑to‑agent communication, and maintain compliance under HIPAA, SOC 2, ISO, and similar frameworks.
Alex’s most pointed observation in this section comes when he describes how traditional operational signals break down once agents replace human clicks:
“Where did the spike come from? Where did this error come from? The observability, the monitoring — it’s a challenge, so you have to adapt.”
- Alex Tyrrell, SVP & CTO, Health, Wolters Kluwer
From this framing, several practical insights emerge:
- Agent identity becomes a first‑class security primitive. Enterprises must be able to verify which agent is acting, under what permissions, and with what provenance — not just which human user initiated a session.
- Least‑privilege entitlements must be redesigned for autonomous behavior. Agents require narrower, more explicit permission boundaries than human operators, especially in healthcare and financial workflows.
- Auditability must extend to machine‑initiated reasoning steps. It is no longer sufficient to log API calls; enterprises must be able to trace how an agent arrived at a decision and what data it used.
- Observability must evolve to detect non‑human traffic patterns. Traditional monitoring cannot explain machine‑driven spikes or cross‑system cascades triggered by autonomous workflows.
- Compliance frameworks must incorporate agent behavior. HIPAA, SOC 2, and ISO controls must be interpreted through the lens of autonomous execution rather than human‑mediated workflows.
Alex’s overarching message is that agentic AI changes the security posture from the ground up. Enterprises that modernize identity, entitlements, observability, and compliance for autonomous systems will be positioned to deploy agents safely and sustainably across regulated environments.
