The autonomous future of Australian and New Zealand enterprises
As the number and breadth of autonomous systems accumulate inside of enterprises, now is the time to decide how to govern and secure them – before it becomes a monumental task.
When organisations talk about the autonomous enterprise, most conversations are focused on a far-off future vision. But the reality is coming faster than enterprise leaders may believe, and it's time to start thinking about the systems that will power greater automation.
For most, becoming more autonomous is not yet a set strategic direction, but instead a creeping influence in their processes and operational ways of working.
The early signals are everywhere: agents, automated workflows, AIOps loops, policy-driven remediation, and systems that increasingly recommend – and in some cases execute – actions, are becoming ubiquitous in enterprise software suites.
The number of systems incorporating autonomy in some form is rapidly accelerating. Some 40% of enterprise applications are expected to incorporate agents capable of running and performing complex end-to-end tasks by the end of this year, according to one recent estimate.
But having the capability is not the same as having the confidence to utilise it to its full extent.
An autonomous enterprise is one in which systems are allowed to make decisions and take actions within clearly defined boundaries, and in which those decisions can be observed, explained, constrained, and reversed.
Autonomy will not arrive all at once. It will emerge through small decisions that expand system authority over time.
The delegation of decision-making and action to autonomous systems will be naturally constrained over time - but what is viewed as a necessary constraint, and the stringency in which it's applied, will vary by individual enterprise.
The major constraint for most enterprises today concerns their ability to retain control as systems begin to decide and act on their own. This is more simple in the current landscape of isolated initiatives and ringfenced experiments, but will become more complex over time as autonomous initiatives accumulate.
This is why the current moment matters.
In the rush to incorporate autonomy into enterprise applications and systems, there is a pressing need to step back, think more strategically, and ultimately to design for what is coming. Enterprises need a framework and architectural foundation for enterprise-wide adoption before isolated initiatives can accumulate into something that is difficult to govern.
The two key architectural elements
Autonomy will emerge in enterprises gradually. The architectural foundations that support it must be deliberate and come early.
Two important architectural foundations are observability and security.
Observability already plays an important role in enterprises, helping teams troubleshoot incidents, diagnose performance issues, and understand system behaviour after something goes wrong. For example, in the network, IT teams need complete visibility so they can optimise and secure systems while ensuring employees have access to the right apps and data. Without complete visibility, that task is tricky for human employees, and impossible for AI.
The autonomous model works when systems execute what humans explicitly tell them to do, but it can break down when systems begin to decide. As autonomy increases, decisions themselves become part of system behaviour. Behaviour that cannot be observed cannot be governed.
This is the architectural shift that matters most: In a future autonomous enterprise, observability is not a debugging tool. It is the foundation that enables autonomy.
Autonomous systems require decision visibility, which means being able to reconstruct how a system moved from signal to action: what inputs were considered, what context mattered, what conditions were evaluated, what policies allowed or constrained action, and what action was taken or deliberately not taken.
As autonomy expands, many incidents will not be bugs. They will be reasonable decisions made under incomplete or changing conditions. Without decision visibility, investigations turn into speculation, and confidence erodes quickly.
The enterprises that prepare now will later be able to say: We know what happened. We understand why it happened. And we can fix it. By contrast, once systems begin acting autonomously, retrofitting visibility into decisions becomes complex, fragile, and expensive.
Security will also play a key architectural role in enabling Australian enterprises to become more autonomous over time. Security is often perceived as something that slows autonomy down - a perception that usually comes from treating security as external to system behaviour, approvals, gates, and static controls.
But as enterprise decisions and actions happen continuously, often initiated by non-human actors, security cannot sit outside the loop. It must become part of it.
Now is the time to rethink security: assigning identities to AI agents and automated workflows, authenticating and authorising them explicitly, and scoping permissions tightly and revoking them dynamically.
Such actions can ensure that autonomous systems do not become invisible threat actors in enterprise environments tomorrow. Security designed this way also does not block autonomy, but instead allows autonomy to expand without becoming unsafe.
In summary, for CTOs and engineering teams, the really critical question is: What are we preparing today to let systems do tomorrow safely, and under what conditions?
The answer to that question will ultimately determine not just how autonomous an enterprise becomes, but how reliably it can deliver business outcomes as complexity and speed continue to increase.
The enterprises that succeed will be the ones that used this moment, before autonomy was unavoidable, to design observability and security as foundations, not as afterthoughts.