Agentic AI in 2025: From hype to hard edges, how to start building trust

By Adrienne Craukamp, Chief Intelligence & Operations Executive | AI Platforms, Enterprise Transformation & Intelligent Automation | COO / Head of Product / Transformation
Issued by Haibot
Johannesburg, 05 Nov 2025
Capturing the upside of agentic AI. (Image: Haibot)
Capturing the upside of agentic AI. (Image: Haibot)

For the last two years, “agentic AI” moved from demos to pilots to real work. Autonomous (or semi-autonomous) software agents now draft proposals, reconcile invoices, update CRMs and trigger workflows. But the real inflection isn’t just capability, it’s confidence. 2025 is the year boards and CIOs are asking: can we capture the upside of agentic AI without letting our data leave the building, or worse, training competitors’ models with our IP?

Where adoption actually stands (today’s picture)

  • Enterprise AI usage keeps climbing: McKinsey’s 2025 State of AI finds 78% of organisations use AI in at least one function, up from 72% in early 2024 and 55% the year before. IT, marketing/sales and service ops lead the pack. McKinsey & Company+1
  • Agentic momentum, with pragmatism: PwC’s May 2025 survey of 300 senior execs reports 79% say AI agents are already being adopted in their companies; 66% of adopting firms see measurable productivity gains; 88% plan to increase AI budgets over the next 12 months. PwC
  • But the market is correcting hype: Gartner warns that over 40% of agentic AI projects will be cancelled by 2027 due to cost/value/risk gaps – and notes “agent-washing” where non-agent tools are labelled as agents. Translation: value is real, but governance and business cases must be sharper. gartner.com+1
  • Direction of travel in apps: Gartner also projects a rapid rise of embedded task-specific AI agents in enterprise software through 2026, accelerating the “agents inside” pattern. gartner.com
  • Trust gap remains: Deloitte finds 82% of users worry about misuse, and workplace usage has surged (from 6% to 34% since 2023). Identity-security firm SailPoint reports 98% plan to expand AI agents, yet 96% see them as a growing security risk; 80% experienced unintended agent actions (including unauthorised access and data sharing). Deloitte+1

The trust question: “Can we do agentic AI without losing control of our data?”

Yes, with the right architecture and vendor choices. A few realities to anchor the discussion:

  1. Major enterprise platforms commit to “no training on your business data” by default.
  2. Consumer chat products are changing privacy posture and we need to know the difference. Anthropic announced that consumer users (Claude Free/Pro/Max) are asked to opt in to training; if enabled, retention extends up to five years. This does not apply to API/enterprise channels (eg, Bedrock/Vertex) unless consented. Policy nuance matters when you test tools outside enterprise lanes. The Verge+1
  3. “Open source model does not equal automatic data leak.” Running open-weights models in your VPC/on-prem means weights don’t phone home. The leak risk appears when you (a) push fine-tuned weights/datasets publicly, (b) use consumer SaaS endpoints with permissive terms, or (c) allow agents to roam systems without identity governance.

The safe pattern: Agentic AI without IP exposure

If you want the upside of agents minus the downside of data drift, anchor on these five design rules:

  1. Private-by-default runtime
  2. Separation of concerns: RAG over re-training
  3. Identity-first agent governance
  4. Guardrails and “do-no-harm” policies
  1. Data-retention and residency controls

What leaders are doing now

  • Scope one narrow, auditable agent first (eg, AR collections assistant, master-data steward or vendor-onboarding bot) with measurable KPIs (cycle time, quality, cash recovered).
  • Stand up an “Agent Review Board”. Make product, security, data and legal jointly accountable for policies, approvals and incident response.
  • Instrument everything. Log tool calls, prompts, retrieved documents and actions. Run weekly drift and misuse reviews.
  • Choose the right procurement lane. Use enterprise/API channels for any workload touching sensitive data; avoid consumer endpoints for production. Point to vendor docs in your DPIA and contracts. OpenAI+1
  • RAG before fine-tune. Only move to fine-tuning once governance is proven and keep weights private.
  • Plan for market churn. Gartner expects shakeouts therefore design with portability (model-ops abstractions, data-layer independence) to avoid lock-in or vendor exits. gartner.com

My take: Confidence is now the real moat

Agentic AI isn’t a science experiment anymore; it’s a governance and engineering discipline. The winners in 2026-2028 won’t just be the first to deploy agents; they’ll be the first to deploy them safely at scale with provable controls, clean audit trails and fast recovery when (not if) an agent misbehaves.

If you’ve been hesitating because of data-leak fears or “training someone else’s model with our IP”, you’re not alone and you’re not stuck. With enterprise channels that don’t train on your inputs by default, private RAG and identity-first guardrails, you can move from “what if” to “in production” without giving away your crown jewels.

Share