Every major enterprise platform this quarter — Salesforce Headless 360, Workday Agent System of Record, Microsoft Copilot Studio, SAP Joule, Oracle agentic, ServiceNow Moveworks, IBM watsonx Orchestrate — is pitching a control plane for your AI agents. But none of them is solving the real problem: who inside your organization actually owns the agent workforce, and who's steering it at the speed agents now act?

In this edition of Lens Four,

🔍 In this episode:

— Why Workday's line — "Organizations wouldn't hire thousands of employees without an HR system to manage them. The same discipline is now required for AI agents" — exposes the HR-procurement collision everyone is about to run into

— Gartner's forecast: by the end of 2026, 40% of enterprise applications will be integrated with task-specific AI agents, up from less than 5% in 2025

— Why Jensen Huang's CES 2025 line — "IT is the HR department of agentic AI in the future" — is half-right, half-wrong, and why Josh Bersin's reframe (HR teams will be the managers and caretakers of AI agents) gets closer

— Bain and IDC agreeing that per-seat pricing is ending: by 2028, 70% of software vendors will refactor pricing around consumption, outcomes, or organizational capability — and what that means for the CEO's agenda

— The contingent workforce market is real money ($171.5B in 2021, projected to $465.2B by 2031 per Allied Market Research) — and why the contingent-labor playbook is the closest analogy for agents

— Aaron Levie's "tokenmaxxing" as the strategic-prioritization problem nobody is ready for

— Why the three vendor vocabularies (employee, contractor, software) are all task vocabularies — and why the agent era needs a judgment vocabulary instead

— The Fourth Lens: the collision between HR and procurement can go two ways (meteor or dressing), but the real steering question lives upstairs with the CEO, COO, and line-of-business leaders

Fourth Lens: The forced consolidation coming over the next twelve to eighteen months solves the plumbing. It doesn't solve the operating model. The organizations that win the next decade of enterprise work will build both the function downstairs that runs the agent roster and the leadership cadence upstairs that sets direction at machine speed.

🔗 Full article and references: seanmartin.com/lens-four/whos-managing-your-agent-workforce

📧 Subscribe to Lens Four: seanmartin.com/lens-four

🎙 Redefining CyberSecurity Podcast: redefiningcybersecuritypodcast.com

🎧 Music Evolves Podcast: musicevolvespodcast.com

🌐 ITSPmagazine: itspmagazine.com

🎬 Studio C60: studioc60.com

Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience across engineering, product development, marketing, and media. He is co-founder of ITSPmagazine (itspmagazine.com) and Studio C60 (studioc60.com), host of the Redefining CyberSecurity Podcast (redefiningcybersecuritypodcast.com) and Music Evolves Podcast (musicevolvespodcast.com), and co-host of On Location (itspmagazine.com/on-location) and Random and Unscripted (randomandunscripted.com). Learn more at seanmartin.com.

🔎 Keywords: AI agents, agentic AI, digital workforce, Salesforce Headless 360, Agentforce, AgentExchange, Workday Agent System of Record, ASOR, Salesforce TDX 2026, Aaron Levie, Marc Benioff, Joe Inzerillo, Jensen Huang, Josh Bersin, Jorge Amar, Kate Leggett, Gartner AI agents forecast, IDC FutureScape 2026, Forrester agentic AI, Bain SaaS pricing, Deloitte workforce planning, KPMG total workforce planning, McKinsey hybrid workforce, Futurum sameness, Model Context Protocol, MCP, contingent workforce, ManpowerGroup TAPFIN, Allied Market Research, outcome-based pricing, consumption-based pricing, per-seat obsolescence, tokenmaxxing, CapEx vs OpEx AI, systemic HR, superagents, digital employees, HR-procurement collision, total talent management, workforce orchestration, CEO strategic intent, line-of-business leadership, employee vs contractor classification, Sean Martin, Lens Four

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When Anthropic announced Project Glasswing, the headline was the capability: an AI model that found a 27-year-old flaw in OpenBSD and a 17-year-old remote code execution vulnerability in FreeBSD — fully autonomously, no human in the loop after the initial prompt. But the story underneath the capability is a structural one about who gets early intelligence, who sets the disclosure timeline, and what happens to every organization that wasn't in the room.

In this edition of Lens Four, Sean Martin examines Project Glasswing through three lenses: the intelligence asymmetry it creates for security programs, what it reveals about the broken assumptions underneath CVE, CVSS, and NIST, and why the equity framing in Glasswing's messaging doesn't survive contact with the data.

🔍 In this episode:

• Why the 12 Glasswing partners are operating with fundamentally different intelligence than everyone else — not eventually, but today
• The precise claim: patches flow downstream to everyone, but self-scanning access, pre-public intelligence, and disclosure timeline influence stay inside the coalition
• How Mythos chains five CVEs into a novel exploit in under 24 hours — and why CVSS has no score for that
• Why NIST's draft Cyber AI Profile was built before anyone outside Anthropic knew what Mythos could do
• Casey Ellis of Bugcrowd on the terrain Glasswing can't reach: forgotten firmware, end-of-life routers, the places the industry stopped looking
• Ed Skoudis of SANS on what it means that AI will surpass all human vulnerability researchers combined within months
• The Anthropic-DoD standoff and the geopolitical dimension of a Western-only coalition
• The CSA, SANS, and OWASP joint briefing: 250 CISOs saying the frameworks are already inadequate

Fourth Lens: The CVE system was built on human-speed assumptions. CVSS was built on single-flaw assumptions. NIST frameworks were built on governance-speed assumptions. Every one of them was already under pressure. Now they're under pressure from a model that broke them at machine speed. The question worth asking: when the next model crosses this threshold, will the answer to "who gets the defense first" still be determined by who was already at the table?

🔗 Full article and references
🎙 Redefining CyberSecurity Podcast
📧 Subscribe to Lens Four

Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience. He is co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and Music Evolves Podcast, and co-host of On Location and Random and Unscripted.

🎙 Keywords: Project Glasswing, Claude Mythos, Anthropic, AI vulnerability discovery, zero-day vulnerabilities, intelligence asymmetry, CVE, CVSS, NIST IR 8596, responsible disclosure, cyber inequity, CrowdStrike 2026 Global Threat Report, WEF Global Cybersecurity Outlook 2026, open-source security, critical infrastructure, autonomous exploit chaining, breakout time, nation-state cyber threats, AI safety, AI governance, CISO, patch management, Casey Ellis, Bugcrowd, Ed Skoudis, SANS Technology Institute, Cloud Security Alliance, OWASP, Sean Martin, ITSPmagazine, Lens Four

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.