“There aren’t many tasks left that are not going to be changed by agents,” according to Dominic Grillo, Global Head of Technical Success at OpenAI.
At Box Virtual Summit, Box CEO Aaron Levie sat down with Grillo to talk about how agents are reshaping the enterprise, and why governance is so important to consider.
To set the tone, Grillo explained: “In November, there was this seismic shift in what agents are capable of.”
Essentially, two things happened at once:
- The underlying AI models got much better at reasoning
- Agents gained access to a lot more tools
The conversation moved quickly from there to the practical questions every company is wrestling with right now: how to give agents the right context, how to think about identity, and how to govern a workforce that suddenly includes software that acts on your behalf.
What agents can now do, in two parts
“We’re seeing two categories of agents emerge,” Grillo says.
The first is what he calls the “AI super assistant” — an agent that feels like an extension of your identity, often running on your computer with access to the same tools and applications you use. It can look at your calendar and find ways to streamline your day, reach out to teammates to consolidate project updates, or coordinate a 30-minute meeting on your behalf.
Agents can be headless, meaning that they operate in the background through APIs, workflows, or other systems rather than appearing only as a visible chat interface.
The second category is the workspace agent, or the AI coworker. For this, Grillo uses a legal example: the task of reviewing every new agreement and flagging nonstandard terms. Time-consuming for a human, this type of workflow can now be offloaded to an agent, with humans alerted for exceptions and sign-off.
Agentic coworkers, he noted, do not have to live inside a chat window. They can be headless, meaning that they operate in the background through APIs, workflows, or other systems rather than appearing only as a visible chat interface. They can, for instance, show up with fast replies on apps like Slack.
Content is easy, but context is the hard part
Enterprises sit on data that’s roughly 90% unstructured — it’s made up of research, contracts, financial documents, HR records, policies, roadmaps, and more. Giving agents secure access to that content helps organizations turn all that unstructured information into usable context for AI, so agents can assist with real work while people retain judgment, oversight, and accountability.
The growing prevalence of technical tools to connect data to AI (MCP servers, API calls) gives agents secure, seamless access to the right data. Grillo noted that content management tools like Box are a big part of making data securely available.
Equipped with safe access, agents can harness the business context within the data — the information they need to interpret requests accurately, act with relevance, and produce valuable outputs. Grillo says, “Without the business context, it actually makes it very difficult for those agents to do the high-quality types of tasks that ultimately drive automation. It’s not just connections to the data systems. People have to trust an AI coworker to deeply understand the business.”
Without the business context, it actually makes it very difficult for those agents to do the high-quality types of tasks that ultimately drive automation. It’s not just connections to the data systems. People have to trust an AI coworker to deeply understand the business.
Grillo provides an example of asking an agent to calculate the last six months of revenue in Asia Pacific. To answer correctly, the agent has to understand how Asia Pacific is defined in the particular company — and how revenue is calculated. That context is critical to delivering an accurate answer.
Without specific business context, the agent cannot deliver the kind of high-quality work people will trust. With it, the agent becomes an incredibly efficient coworker.
Headless agents and the persistent coworker
Like a human coworker, the best agents are available in all kinds of contexts — whether they’re asking a question over Slack or collaborating on a document in real time. Levie notes, “It would be weird to say, here’s this amazing coworker, but they’re only available if you log in through this web application.”
He predicts that AI agents will evolve to be a persistent resource, traveling with us in whatever application we’re working on, communicating with us however we happen to be communicating in each moment.
For this, interoperability is essential. Levie notes, “We see a world where a customer could come to Box and use the Box Agent directly in the Box environment. And we equally see a world where you could go to ChatGPT or Codex and connect into Box. Complete interoperability is super important for us.”
Grillo agrees that headless is where the market is going. Agents should be persistent across applications and communication types.
Navigating agent governance
With agents persistently available, you want to be careful about what content you give them access to — just as you’d govern the content human employees can access.
The question a lot of AI leaders are grappling with: Should your agents inherit the identity and access of the employee using them, or have their own access identity?
Grillo acknowledges that companies are currently less risk-averse to AI than they likely will become. Right now, generally speaking across industries, innovation and adoption take priority. As a result, security stacks haven’t solidified at the same pace as agent adoption, Grillo says. He lays out three governance concerns enterprise organizations need to think about.
First, as Grillo describes, “One of the killer uses of an agent is to pull a bunch of company data and build a just-in-time dashboard that I can use to make a decision or articulate a part of my strategy.”
One of the killer uses of an agent is to pull a bunch of company data and build a just-in-time dashboard that I can use to make a decision or articulate a part of my strategy.
In this scenario, the agent has the same access to data that the employee making the dashboard has. But when that employee shares the dashboard with others, suddenly, they’ve inadvertently made it available to a bunch of people that shouldn't have access to that data.
Second, he says, “Agents are running on the computer itself and able to make changes to those core file systems within the computer.” An agent, in other words, may be able to read, create, edit, move, or delete files — and potentially change settings or trigger actions across the machine.
Third, “People are going to move from experimentation to actually building a strategy for deploying at scale, and that will require a chain of custody around identity.” You’ll need a clear audit trail documenting who did what (the user vs. the agent) and how.
“We're hyper focused on this problem,” says Grillo.
The cavalry is coming
“We as a lab are maniacally focused on solving these problems that are inhibitors to scale and adoption,” Grillo says. “The short answer is to ensure agents are inheriting the identity [of the user].” This entails having a solid structure around your core data systems so that every rule that applies to your employee population also applies to your agent population.
Soon, Grillo says, “The cavalry is coming. There are going to be some really interesting ways we can help with skill governance, agent memory, proliferation, and the management of company context. We’re thinking about all of this.”
In the meantime, the bottom line: Make sure you have a secured, governed file system, because knowledge has to show up at the right time, in the right way — a secure way — for your agents.
Tune into the Box Virtual Summit to hear the full conversation.
