The real story this week isn’t “AI agents are coming.” It’s that the big infra players just handed those agents keys to your stack — and most startups are still acting like it’s 2023.
In the last few weeks, Salesforce, Cloudflare, and Microsoft all moved from “cute demos” to infrastructure that lets agents read data, execute workflows, and in some cases spend money and deploy code with almost no human in the loop. If you’re shipping an AI product and still designing only for human users, you’re now behind the platform you’re building on.
What actually shipped
Salesforce’s new Headless 360 essentially turns its entire platform — data, workflows, business logic, and governance controls — into an API and tool surface explicitly built for agents, not humans clicking in a browser. They’re exposing Salesforce capabilities as APIs, MCP tools, and CLI commands so coding agents like Claude Code or Cursor can operate directly on customer records, automations, and approvals.
Cloudflare expanded its Agent Cloud with infrastructure to move agents from experimental toys on a laptop to long‑running, production workloads on its global network. That includes Dynamic Workers for running AI‑generated code in a secure runtime, Git‑like “Artifacts” for code and data at agent scale, and persistent Sandboxes so agents can clone repos, run builds, and ship changes. Their own recap bluntly notes that agents can now create accounts, buy domains, and deploy applications.
Microsoft took the other side of the problem and made Agent 365 generally available as a control plane to observe, govern, and secure agents across your environment, including third‑party and cloud agents. They explicitly frame agents as “digital workers” with identities, policies, and lifecycle management, not random scripts hiding in someone’s notebook.
Translation: the enterprise world just decided agents are not a feature; they’re an actor. Your product will feel the impact whether you like it or not.
Why founders should care
If Salesforce is now a “system of execution” for agents, and Cloudflare makes it trivial for them to deploy code and buy infrastructure, your product is about to be used in ways you never designed or consented to. Agents will hit your APIs at odd cadences, chain flows you never expected, and trigger edge cases no human would ever click into on purpose.
Three problems show up immediately:
- Agent UX debt. Your internal APIs, error messages, and rate limits were built for humans (and maybe a polite integration), not autonomous loops hammering your product 24/7.
- Governance theater. Slapping on “we use AI responsibly” isn’t enough when an agent can misconfigure billing, spam customers, or wipe a workspace in 30 seconds.
- Onboarding blindness. Most onboarding still assumes a human reading tooltips. Agents will never see your empty states, checklists, or marketing copy — they’ll go straight to the guts.
The infra giants are quietly standardizing this world while early‑stage teams are still arguing about whether to add a chatbot to the dashboard.
Design for agents like they’re your most dangerous power users
This shift is not just a DevOps or security story. It’s a product and UX problem.
Designers and product leads now need to think in terms of “agent UX”:
- Clear, constrained surface area. Expose stable, well‑scoped APIs and tool contracts instead of letting agents scrape UI or rely on brittle flows.
- Least‑privilege by design. Treat every agent as an over‑caffeinated senior engineer on their first day: strong guardrails, logged actions, no hidden superpowers.
- Observable behavior. Build dashboards and traces for agents the same way you do for humans: session views, replay, anomaly alerts.
At Poplab, I usually get pulled in when founders already feel the UX damage — activation lagging, support tickets exploding, or teams hacking around a product that wasn’t designed for how it’s actually used. The agent wave will make those gaps show up faster and more brutally.
One practical move for this week
Here’s a concrete thing you can ship in the next sprint: run an “agent‑ready surface area” audit.
Pick one core flow that touches money, access, or irreversible actions. For that flow:
- List every action an agent could theoretically call today (APIs, webhooks, background jobs).
- For each, define an explicit contract: allowed parameters, rate limits, scopes, and safe defaults.
- Add hard gates where you’d never want a fully autonomous agent to proceed without a human (pricing changes, bulk deletions, irreversible migrations).
- Instrument logs and alerts for those actions so you can see, in one place, when humans vs. agents are hitting them.
If you don’t have internal capacity, this is exactly the kind of thing a focused Design Audit or onboarding sprint can de‑risk quickly — but whether you do it with a partner or in‑house, do it now, not after your first “oops, the agent did that?” incident.
The infra layer has already decided agents are first‑class citizens. The only open question is whether your product treats them as such — or lets them rampage through a UX that never assumed they existed.
Leave a Reply