You Just Hired 50 Employees With No HR File

Last week I was on a call with a client rolling out their first wave of customer-service agents. Fifty of them. Priced per resolved ticket, not per seat. The vendor calls them "agents." The contract calls them "units of productivity." Their head of ops had one question for me: "If one of these screws up badly, who's actually on the hook?"

The room went quiet.

Not because it's a hard question. Because nobody had thought to ask it before signing.

I've had some version of this conversation three times in the last month. Different industries, different vendors, same gap.

The Pattern

In the last six weeks, four of the biggest enterprise vendors quietly changed what they're selling.

Cloudflare is pitching runtime for autonomous, long-running agents moving from demos to production. Okta is selling identity and governance for agents. Box is positioning enterprise content as the context digital workers need to do real work. ServiceNow is embedding them inside the system of work itself. And pricing coverage across industry press describes a shift in language from seats to "units of labor."

A unit of labor is not a software license, and it's not an employee. It's a new thing, sitting in a governance vacuum your existing controls weren't designed to catch.

Here's what happens in practice. Procurement sees a vendor agreement and treats it like SaaS. Legal reviews it as a tool license. HR isn't in the room because it's not a hire. Everyone signs off on their piece, and nobody owns the frame.

So something new starts operating inside the organization. It makes judgment calls. Interacts with customers. Accesses internal systems. Can cause real harm. And it has no named accountable owner, no performance review, no termination pathway, and no clear liability structure when it fails.

Most organizations are signing without reading what they're actually buying.

Why This Slips Past the Usual Controls

Your organization has intake processes. Security review, vendor risk, data classification, procurement thresholds. None of them were designed for a product that sits between software and workforce.

The contract is the first thing that fools you. It reads like a standard SaaS agreement. Usage-based pricing is normal now. Data processing addenda are standard. Nothing in the paper signals that this is a new category.

Then there's the authority question. A software tool has permissions. An employee has authority. A digital worker has both, and neither gets documented the way it would for the equivalent human role. What is this thing allowed to approve? What can it waive? What can it commit the company to? Most contracts don't say, and most buyers don't ask.

The bigger trap is liability. Read the indemnification clause on any of these agreements. The vendor is protected against claims arising from how you deploy the worker. You are not protected against what the worker actually does. A bad refund is your liability. A discriminatory eligibility call is your liability. A data leak through an over-permissioned agent is your liability. The vendor ships the product; you own the outcomes.

And then the exit path. You can fire an employee. You can uninstall software. A digital worker that's embedded in six workflows, holding state across customer conversations, and contractually paid per unit of output? Turning it off means breaking things. That changes how quickly you act when something goes wrong.

None of this is a vendor problem. The vendors are doing what vendors do. It's a buyer problem. The organization doesn't have a frame for what it's buying.

The Three Questions Nobody Can Answer

Okta put three questions at the center of their recent agent governance material. They're the right ones, and most organizations can't answer any of them in under an hour.

Where are they? Not "which vendors have we signed with." Which specific digital workers are running right now, in which workflows, with what scope? If procurement, engineering, and operations each have their own answer, you don't have an inventory. You have fragments.

What do they access? Which internal systems, data stores, customer records, and external services does each digital worker connect to? Identity-linked, auditable, and scoped, or a service account with standing credentials and no expiration?

What are they allowed to do? Read, write, approve, commit the company to a refund, a discount, a contract term? The difference between "recommend" and "act" is where liability lives. It's the question most contracts leave ambiguous.

If the answers require a meeting to figure out, that's not an inventory problem. It's an accountability problem waiting for its trigger.

What Readiness Actually Looks Like

The companies handling this well aren't refusing to buy digital workers. They're onboarding them the way they'd onboard a vendor employee with decision authority, which is what these things are.

A named accountable owner, by name, for every digital worker in production. Not "the platform team owns it." A person whose job description includes answering for the outputs. Scoped authority documented in writing, translated from your organization's policy into the worker's actual permissions, with evidence you can show an auditor. Each worker gets its own identity, and every action it takes gets logged against that identity, so when a regulator or customer asks who made this decision and when, the answer exists in a system of record instead of somebody's memory.

And a shutdown path that actually works. The shadow tools issue and the Kill Switch piece both touched this. For digital workers the question has a new twist: what happens to the work in flight? Who picks up the open tickets, the half-finished approvals, the customers mid-conversation? If the fallback is "we'll figure it out," that's where the governance gap lives.

The last piece is evidence. Override rates, exception logs, escalation frequency, reviewer activity. Not a policy document. Structured evidence that humans can point to when someone asks whether oversight is real or theater.

The Real Test

Pick one digital worker or AI agent already running in a customer-facing or decision-adjacent workflow. Ask four questions.

Who, by name, is accountable for what this worker does?

What is it specifically authorized to approve or commit the company to?

If a regulator asked for a log of its decisions in the last 90 days, how long would it take to produce one?

If you needed to shut it down by end of day, what breaks, and who handles the work in flight?

If any answer is "let me find out," you have a digital worker operating without a governance wrapper. That's survivable when nothing goes wrong. It's a board incident when something does.

The Bottom Line

The vendors changed what they're selling. Most buyers haven't changed how they're buying.

A digital worker isn't a software license, and it isn't an employee. It's a new category that makes decisions, holds authority, accesses sensitive systems, and can cause harm, being signed into production under contracts written for something else.

The gap isn't in the technology. The technology works. The gap is accountability. Who owns it. What it's allowed to do. How you prove it behaved.

If you can't answer who's accountable for a digital worker before you sign the contract, you're not buying productivity. You're buying exposure.