AI agents are becoming the new gatekeepers of customer relations. Should you build or rent? A CTO decides — and explains why waiting is already choosing.
History repeats itself. Google has captured the relationship between brands and their customers by becoming the obligatory gateway to the web. Amazon did the same for the product. Today, a third wave is taking place; faster, and deeper. Platforms that host users’ personal agents are becoming the new gatekeepers of customer relations. OpenAI’s Operator was reserving tickets and placing orders as early as January 2025. OpenClaw, launched in late 2025, exceeds 340,000 GitHub stars in a few months. What was prospective eighteen months ago is in production. Organizations that wait to decide on their architecture are not being cautious. They let others decide for them.
What has changed, and what that requires
In eighteen months, three layers were put in place. First of all, the user’s personal agent: he no longer answers questions, he acts. It reserves, compares, buys on behalf of its user. The channel which then allows these agents to talk to each other: A2A (Google) standardizes mutual recognition between agents, MCP (Anthropic) gives them access to company tools and data. Finally, the payment layer: the checkout is no longer a page that we design, it is a standard to which we connect.
On this infrastructure, the brand agent orchestrates: he receives the customer’s intention transmitted by his agent, queries stocks and the catalog in real time, composes a proposal, can finalize the purchase without human intervention. The brand ceases to be a catalog. She becomes a project partner. Adobe documented in the second quarter of 2026 a significantly higher conversion on traffic referred by AI versus organic traffic. The channel is open. And as with Google or Amazon, it is those who arrive early who write the rules. Not those who adapt.
This is where the decision becomes strategic. Where do the models shoot? Where does customer data live? Who holds the memory of the relationship? In the event of a regulatory audit, do we have a tamper-proof log of each action of the agent? These questions are not the exclusive competence of the DSI. They determine who owns the customer relationship and who rents it.
Own or rent: what the OpenAI episode reveals
The OpenAI Instant Checkout episode says it better than any theoretical argument. Launch in September 2025, integration into ChatGPT, participating brands access their own customers under the platform’s conditions. Stopping at the start of 2026, pivot towards apps operated directly by brands. Walmart, Target, Etsy, Instacart have continued through their own layer. The others suffered the decision. A rule of the game changed unilaterally, overnight, on a channel in production.
This is exactly what happened with Google in 2010 when algorithm updates destroyed businesses built on SEO. Exactly what happened with Amazon when third-party seller margins were compressed over the years. The mechanism is identical: the platform creates traffic, attracts players, then adjusts the conditions when it has reached a critical mass. Entrusting the heart of your customer relationship to a third party means replaying this film knowing how it ends.
The AI Act adds a regulatory constraint that strengthens the argument. An agent who purchases, who advises on credit, who manages a complaint falls within the scope of high-risk systems and therefore obligations of traceability, logging, explainability. When the logs belong to the platform, compliance depends on its goodwill. When they are in your home, compliance is an asset.
The prerequisites that no one clearly names
Before exposing an agent to customers, the AI must be able to dialogue with its own information assets in a structured and controlled manner. Own catalog, stocks exposed in real time, documented specs. This is the prerequisite that many organizations treat as a secondary project. It is decisive: a poorly informed catalog will not be chosen by the client’s personal agent, regardless of the budgets invested elsewhere. The SEO of tomorrow is the quality of the data exposed to agents.
Regarding identity, the standards have not yet been stabilized. How does a personal agent know they are talking to the real brand agent and not an impostor? The tracks: agent certificates backed by a PKI, Agent Name Service as a universal directory. In the other direction, delegation by cryptographic passes limited in time and scope – authorized to discuss a project, not to access the full history. In February 2026, NIST launched a standardization initiative on this subject. This is the right time to weigh in, not wait for the standards to be set by others.
Where to start?
Three sites can be opened in parallel before putting an agent into production. Governance: define what the agent can do, what he cannot do, who validates, who audits. The fact: an agent cannot be better than what it questions. Unified catalog, real-time stocks, consolidated customer history. The agent’s compliance with this governance: verifying that what has been defined is indeed what is being executed. These three projects can progress simultaneously, in the order that suits the organization. But until all three are in working order, the agent does not go into production.
The right criterion to assess your level of maturity before moving on to the next step: can I, today, change LLM provider in less than a month without losing the memory of my agents or rebuilding my integrations? If the answer is no, the foundation is not there.
The protocols adopted now – A2A and MCP for infrastructure, AP2/ACP/UCP for transactions – define the standards to which agents must comply. Adopting early means weighing on their development and choosing your level of exposure. Waiting means inheriting the choices of others and undergoing the same forced transitions that we experienced with the web and mobile. The window is narrow. The film is known.
