At the Box Content+AI Summit in San Francisco earlier this month, Box CEO Aaron Levie sat down with Rao Surapaneni, VP and GM of Business Applications at Google Cloud, to get his perspective on how companies are navigating the transition to AI-first business processes. Here’s a transcript of their conversation, lightly edited for clarity.
Key takeaways:
- AI adoption is moving beyond chat: AI is already widely used for knowledge synthesis and personal productivity, and companies are now starting to explore agents that can handle more specific tasks and workflows
- Enterprises will need to rethink workflows, not just automate them: Rao believes companies can improve existing processes with AI, but over time many processes may need to be redesigned for an AI-native world
- Governance and coordination are major challenges: Secure access control, interoperability across systems, and better orchestration of multiple agents will be critical for enterprise adoption
AARON
Rao, really great to have you here. You’re sitting at the center of the conversation around enterprises transforming with agents and automating workflows. What are you seeing? What are you working on at the moment?
RAO
Thanks, Aaron, it’s a pleasure to be here.
In general, as the technology evolves, my focus is on both helping productize and also looking at the horizon: Where are we going with multi-agents? How can we make it easier and safer and secure to deploy these solutions for real world use?
AARON
Where do you think we are right now with agents and enterprise adoption? We’re here at the center of Silicon Valley. But thinking across the country and globally, where are we on the chat-to-full-agent continuum?
Well, for knowledge synthesis and helping humans, it’s already widely adopted. Whether the experience is via chat bot or deep research, the amount of content that can be processed and reasoned over by today’s models is huge. Next it’s about packaging the experience and how to do it right for each specific use case.
Then comes agent solutions, where the agent is able to do more things autonomously. We’re seeing early signals of success in multi-agent scenarios where each agent is able to do one specific task amazingly well, but in very deterministic and narrow domains.
The next challenge is to orchestrate it, but still do it reliably. We're starting to see early signals of that. But a lot more autonomous capabilities are still evolving.
AARON
You just brought up the whole ballgame over the next 5 or 10 years, which is this jump from narrow, deterministic actions to what happens when the agent is long running or has many sub-agents. How do you make sure it performs at a level of quality that you could do a loan process, a client onboarding workflow, or a complete HR process? What do companies have to get right? Are the models there, or not yet?
RAO
If you’re an enterprise, adopting AI or any new technology really crosses the dimensions of people, process, and products.
We need to train people on how to use this technology, and how to give feedback so that the technology and the products can improve.
If you’re an enterprise, adopting AI or any new technology really crosses the dimensions of people, process, and products.
Then we have so many existing processes. You can infuse AI into existing processes and gain 20%, 30% improvements. But you should also look at where the model is today and where it’s going to be.
If I were to redesign this process, do I even need it? Can I rethink what I'm doing for the AI-native world? Can I delegate it to an agent, and what are the blockers to enabling that?
AARON
Just to just to give you a completely unfair question – ten years from now, we're sitting here doing the follow-up postmortem…
RAO
Ten years in the AI world?
AARON
Yeah, so, 400 years worth of model progress. What percentage of workflows will have been reinvented from the ground up to get the full benefit of agents, and what percentage remained the same human version?
RAO
In an enterprise context I expect we’ll need at least 60% to 70% new processes to take advantage of AI capabilities. Again, ten years is a very long time.
AARON
Fair. We can't really hold you to this. But it's an interesting question everybody's thinking about, which is, we imagined the holy grail solution as AI that’s so smart and intelligent, you drop it into your workflow and it just automates everything. But there are all these constraints. You have a context window constraint, an access control constraint, planning constraints. How should we think about process reinvention? How do you get started?
RAO
I talk to a lot of customers, and I think there are two ways to go about it.
One is to just empower every employee with AI and they'll figure out how to be productive with their task. That ability to enable agent-building capability and personal productivity with AI, whether it’s summarizing an email or writing better content, is happening today.
The other end of the spectrum is thinking deeply about workflows. I'll use employee onboarding as an example. That’s an end-to-end flow: The new employee needs a laptop, and laptop procurement could be in a different system that has its own agent. If the new employee is a salesperson, you want to equip them on day one with their region and accounts and playbook. So you need to be able to orchestrate across all of these agents doing specialized jobs.
AARON
This is one of the dilemmas in a lot of agentic workflows: the tough reality of giving access to an agent without accidentally leaking it somewhere else in the flow. How do you think about agent governance and security?
RAO
I see agent governance and data management as key unlocks for actually accelerating. Corporate policies are in place for a reason. So we need to really think about whether all these policies are needed for this technology? What tradeoffs are we making? It comes back to value and convenience versus risk and reward. You need sensible governance policies, but giving access to an agent unlocks a lot of value. You need to evaluate this on a case-by-case basis.
I see agent governance and data management as key unlocks for actually accelerating.
AARON
Do you have a strong view on which workflows the agent can take on the rights and privileges of the user versus ones which require it to have its own identity and its own set of access?
RAO
That's something we’re looking at across enterprise deployments. Today we apply current enterprise governance rules: If an agent is executing something on my behalf, it takes on my authentication and authorization. And that works great because the existing policies and models are followed.
But say I request something from a people ops person who has access to more data than I do. My agent can do the task and give me the summary without necessarily sharing all the raw details. Those are cases where you need to be able to give elevated privileges to an agent.
These are the implicit and latent privilege and policy decisions that we’re working on today.
AARON
We're going to get super geeked out for a second. I think a big challenge we're going to have is, for instance, asking an agent for the salary of a team member. Does that agent know how to deterministically figure out if I‘m allowed to ask that question? Can I social-engineer the agent to pull information that I shouldn't have? Do you imagine there being an orchestration layer or control panel between the system and the agent?
RAO
Yeah, the access control and context evaluation needs to happen at every step of the process in an agent world. Just using the same example as before, once I login into an enterprise, I am who I am, and all my authorizations and permissions continue. But in an agentic world, every single tool call, every single access to content, needs to be evaluated in the context of what's happening at that point. Instead of a one-time static login, authorization at every stage needs to be baked into these platforms.
Access control and context evaluation needs to happen at every step of the process in an agent world.
AARON
There isn’t going to be a shortage of work for anybody in IT for the next two decades. There's going to be so much system configuration and integration and security that we all have to all go through.
Interoperability is one of the big dependencies that everybody has. I want to deploy agents across my infrastructure, but do all my tools work with that agent and orchestration layer? Where do you think we are in terms of interop standards?
RAO
One of my side jobs is to work with standards organizations across the industry so that all these platforms can actually interoperate. My original thesis was that there will be multiple agent platforms. So if an enterprise is deploying Box, ServiceNow, and Workday, they need to be able to interoperate.
The old school way to do this was API access. But with agents, you now have the capability to discover those interfaces on the fly and say, ‘I don't have this data point. Can you share it?’ And if permissions allow, that data can flow back.
So this runtime ability to discover and connect and complete a task is possible. But from an adoption point of view, lots of industry dynamics come into play. APIs are here. MCP is becoming a de facto standard for tools and data. And when it comes to agents, there are also options. One of the protocols we invented is agent-to-agent capability. So we’re now on that journey – every multi-agent orchestration solution needs additional things. How do you discover new agents? How do you select which one can do the job that you want to do?
AARON
If you look into your crystal ball over the next 12 to 18 months, where do you think we are? What's the progress on AI models and these multi-agent systems?
RAO
Well, query understanding and natural language processing is a well-solved problem. We’ve seen reasoning capabilities jump by leaps and bounds. That's why we can process long documents and understand what's going on within a single prompt.
The next unlock is going to be memory. When humans go through a day, we only remember a few highlights. Agents will need to remember these key things, so they can personalize interactions and improve over time. So we’re starting to look at memory.
And one more thought on the engineering side is about feedback loops. I use the analogy of agents as interns. When an intern comes into an organization, they need to deal with lots of things, and we want them to do it fast. But at the end of the week they write a status report saying what they got right, where they needed help – which is a human in the loop – and where they got stuff wrong.
That’s an opportunity for feedback. But when you give an agent that feedback, is it retaining knowledge to improve for the next time it sees that scenario? We need to study using memory and storage to complete that feedback loop, so agents develop into faster interns which will go much further in their careers.
AARON
So the TLDR is, we're all going to do a lot of performance reviews and 1:1s with agents.
RAO
I look at every employee as a manager of agents.
I look at every employee as a manager of agents.
AARON
Any final advice? If you had to offer one takeaway for everybody to go back to their agents later today, what should we be doing differently?
RAO
Use them. Use them a lot. Give feedback. That's the only way we can stress-test them and understand what's working and what's not. The technology is here. It is about how we apply it to the right use cases with the right risk profile.
AARON
Awesome. Rao, thank you so much. We appreciate the partnership.
RAO
Thank you.
