Strategy Brief: The AI Workforce Platform

01Executive summary

The next decade of enterprise software will be defined not by a single dominant AI vendor, but by a heterogeneous mesh of agents — built by many vendors, running on many platforms, acting on behalf of real people inside regulated organizations. The work to govern that mesh is the work this brief is about.

ClearPoint Logic is building the system of record for that AI workforce: a vendor-neutral trust fabric (Anchor), a multi-framework runtime (Agent Core), and a set of surfaces — Studio, Nexus, Meridian — that customers use to build, distribute, and govern agents. We are model-pluralistic, vendor-neutral, and intentionally independent of any single platform incumbent.^[1]

“Every enterprise will run agents from many vendors. None of those vendors will be trusted to govern the others.”
— Strategy Brief, §1

02The market shift

From 2023 to 2025, enterprise AI spend was concentrated on a single class of product: the model API and its first-party scaffolding. From 2026 forward, that spend fragments. Customers are buying agents — pre-built, vertical, sometimes from CPL, sometimes from Microsoft, Salesforce, ServiceNow, Anthropic, Google, and increasingly from independent ISVs.^[2]

Every one of those vendors has a governance story. None of those stories work across vendors. The result is the most predictable outcome in enterprise software: a third party emerges to govern the rest.

The numbers

Average agent footprint and vendor coverage at a Fortune 500 company
Year	Avg. agents per F500	Avg. vendors involved	Govern via vendor tools
2024	4	1.8	94%
2025	17	3.4	71%
2026 (est.)	52	5.7	38%
2027 (est.)	140+	7.2	12%

The right column is the wedge. By 2027, fewer than one in eight agents at the average F500 will be governable through the vendor tools of the platform that produced them.^[3]

03What incumbents miss

Every incumbent governance product is built inside an ecosystem and sees only that ecosystem. Microsoft Purview governs the Microsoft Agent Framework. Google’s Agentspace governs ADK. Salesforce’s Agentforce governs Agentforce. Each of these is real, well-engineered, and incomplete by construction.

Definition · Vendor governance

Governance scoped to one vendor’s ecosystem. By definition, cannot govern agents that don’t belong to that vendor — even when those agents touch the same data, users, and business processes.

Customers do not live inside one ecosystem. The CISO of a Fortune 100 health system has agents from at least four vendors operating against the same patient data on day one. The governance question is not “can Microsoft govern Microsoft?” — it’s “who governs everything?”

Meridian

Want to see Meridian in action? Talk to sales for a 30-minute walkthrough.

Schedule a demo

04Defining the AI workforce

We use the term AI workforce deliberately. It is not branding. It captures something specific about the operating model that comes after the chatbot wave: agents are not features bolted onto applications, they are workers that hold roles, accumulate context, take reversible actions, and are accountable to operators.^[4]

Definition · AI workforce

The set of autonomous and semi-autonomous agents operating inside an enterprise. Each agent has an identity, a role, a set of permitted tools, an operator of record, and a stream of signed evidence describing what it has done.

This framing is what makes governance tractable. You cannot govern “the model.” You can govern a worker. Workers have job descriptions, scopes, supervisors, audit trails, and the ability to be paused, retrained, or removed. The platform is built around that abstraction.

05The independence thesis

If the system of record for the AI workforce is going to be trusted, it cannot be owned by a vendor whose other agents are being governed by it. The conflict of interest is too plain. This is the most important architectural commitment ClearPoint Logic makes.

“The vendor that governs the workforce cannot also be the vendor whose agents make up the largest share of the workforce.”
— Independence Charter

We are deeply integrated with Anthropic and Google — they are partners and, in the case of Google, our infrastructure provider. We integrate with Microsoft and Salesforce ecosystems. None of them owns the trust fabric or the system of record. That is the boundary the platform is designed to defend.

06Anchor: the trust fabric

Anchor is the layer everything in the platform is signed against. It binds people, agents, models, prompts, tools, datasets, and runs into a single signed record — auditable end-to-end and exportable to your evidence system.

The four artifacts that matter:

The four signed artifacts produced by the Anchor trust fabric
Artifact	What it is	Why it matters
Certification Standard	Open spec for what "governed" means at the artifact level	Every claim points to it; auditors can verify offline
Agent Passport	Vendor-neutral identity record for an agent	Same passport works on Microsoft, Google, BYOA
AI Bill of Materials	Signed manifest of every component in an agent	Diffable, replayable, exportable
Signed Evidence	Cryptographically signed run trace	Tamper-evident, audit-grade

07Agent Core: the runtime

Agent Core is where agents actually run. ADK Go, LangChain, the Anthropic Agent SDK, and the Microsoft Agent Framework all share the same identity, lifecycle, approvals, evidence, and memory underneath.

A representative agent definition:

yamlagent: compliance_sentinel
runtime: agent-core
framework: anthropic-agent-sdk
passport: pp_8a2c91…
model:
  primary: claude-sonnet-4.5
policies:
  - hipaa_baseline_v6
  - pii_redact_v2
tools:
  - id: salesforce_read
    scopes: [account.read]
  - id: evidence_writer
    scopes: [bucket.append]
approval:
  dual_control: required
  router: risk_team

08Studio, Nexus, Meridian

The three product surfaces sit on top of Anchor and Agent Core. They are independently adoptable. A customer can buy Meridian to govern agents they built elsewhere; or Studio to compose agents that will be governed by another tool; or all three.

Studio — build

Visual composition, versioning, evals, and one-click promotion. The output is a signed package with an AI BOM attached.

Nexus — distribute

The catalog and partner network. Curated agents from CPL and partners, with policy presets and one-click install. Not a marketplace; a network.

Meridian — govern

The system of record. Inventory, passports, policies, evidence, kill switches, and the auditor view. The work CISOs and risk officers do, every day.

The Platform

Want the architectural deep-dive? Talk to engineering for a technical walkthrough.

Talk to engineering

09Cross-vendor governance

The single most important capability of Meridian is that it sees agents the other governance tools cannot. A Microsoft Copilot agent, a Salesforce Agentforce skill, a custom LangChain agent on AWS, and a CPL Agent running on Agent Core all show up in the same inventory with the same passport schema and the same evidence format.^[5]

10AI Bill of Materials

The AI BOM is the equivalent of an SBOM for software supply chain. Every CPL agent ships with one. Every change is a new signed version. Auditors love it because two AI BOMs can be diffed; promotion is a reviewable change, not a deploy.

11Signed evidence and audit replay

Every agent run produces a signed evidence record: inputs, decision context, tool calls, approvals, model outputs, and the AI BOM in force at the time. Records are append-only, retained per policy, and exportable.

Replay is the property that matters. When a regulator asks “why did this agent do this on this day?”, the answer is a single signed record that can be reconstructed deterministically. We have heard from auditors that this single capability is what makes AI deployable inside their clients at all.^[6]

“We can’t sign a SOC 2 over a system that can’t reproduce its own decisions. The replay record changes that.”
— Big-four audit partner, off-record

12Identity-bound execution

Every agent run is bound to a real operator and a passport. The runtime refuses to execute a tool call that is not covered by the passport’s scopes; the runtime refuses to retain memory that is not covered by the policy envelope. These are runtime invariants, not configuration suggestions.

Definition · Passport

A vendor-neutral identity record for an agent. Includes its scopes, its operator of record, the AI BOM digest it’s permitted to run, and the signing key used to seal its evidence. Issued and revoked centrally.

13The regulatory environment

The EU AI Act, NIST AI RMF, and a fast-moving cohort of US state laws (CO SB205, NYC LL144, CA AB2013) all converge on the same operational requirements: inventory, risk classification, transparency, human oversight, logging, and post-market monitoring.^[7]

A platform that cannot produce a signed inventory of every agent and a signed record of every consequential decision will not pass any of these regimes. A platform that produces both passes all of them with the same evidence pack.

Operational obligations across major AI regulatory regimes
Regime	Inventory	Logging	Human oversight	Post-market
EU AI Act (high-risk)	Article 11	Article 12	Article 14	Article 72
NIST AI RMF	MAP	MEASURE	GOVERN	MANAGE
CO SB205	§6-1-1701	§6-1-1703	§6-1-1703	§6-1-1703

14Why governance is a wedge, not a feature

Most enterprise software companies treat governance as a feature you add late. We treat it as the entry point. Governance is what gets the platform installed; once installed, the runtime and the build surface follow naturally.

“The governance buyer signs the contract. The build buyer just uses what they were given.”
— Strategy Brief, §14

This is also a defensible posture. A platform incumbent can ship a build tool overnight; they cannot ship a credible cross-vendor governance product without dismantling the part of their business that depends on lock-in.

Trust

Need our security package? CISOs get the full evidence pack under NDA.

Request the package

15Go-to-market posture

We sell to the office of the CISO and the office of the Chief Risk Officer first. Their problem — how do I prove I am governing the agents in my environment? — is acute, urgent, and concrete. The build and distribute surfaces follow naturally inside accounts where Meridian is already in place.

The motion

(1) Land Meridian inside a regulated buyer with three or more vendor agents already in production. (2) Expand to Studio for the next agent the customer builds. (3) Open Nexus access for partner-built agents the customer wants to evaluate without standing up new vendor relationships.

16Pricing philosophy

We price the system of record on agents under management, not on seats or model tokens. Agents are the unit of value and the unit of risk. Tokens are an implementation detail that customers should not have to forecast in order to budget governance.^[8]

Indicative tier structure for Meridian governance
Tier	Agents under management	Per-agent / month	Notes
Team	Up to 10	$120	Self-serve, single-tenant data plane
Business	Up to 100	$80	SSO, SCIM, residency selection
Enterprise	Unlimited	Negotiated	BYOK, private connectivity, pen-test access, dedicated TAM

17Build vs. buy vs. partner

For a customer evaluating CPL against build-it-yourself or against a vendor-native governance product, the question is rarely about features. It is about posture:

Comparison of governance approaches by posture
Approach	Cross-vendor coverage	Time to evidence	Independence
Build it yourself	Theoretical	12–18 months	High, but at engineering cost
Vendor-native (e.g., Purview)	One ecosystem	2–4 months	Low — same vendor governs itself
CPL Meridian	Native	Days to weeks	High by construction

18The next 18 months

Three commitments shape our roadmap through Q4 2027:

1. Independent attestation

SOC 2 Type II completes Q4 2026. ISO 27001 stage 1 follows. The Anchor signing services move to a customer-verifiable transparency log, similar in spirit to certificate transparency.^[9]

2. Open Certification Standard

The Certification Standard becomes a public, versioned spec under a foundation we are helping to convene. Other governance products will be able to issue and verify CPL passports without our involvement.

3. Agent Core open runtime

The Agent Core runtime ships in a self-hostable form for customers who require it on-prem. The control plane stays cloud-hosted, but the data plane can run inside the customer’s VPC.

19How to engage

If you are a CISO, CRO, or AI program lead at a regulated enterprise: schedule a 30-minute walkthrough of Meridian. We will show you the inventory, the passport, the evidence record, and the auditor view, against your actual vendor mix.

If you are an architect or engineer evaluating runtimes: request a technical session with our engineering team. We will walk you through Agent Core internals, the framework adapters, and the deployment patterns.

If you are a partner — an ISV building agents, a consultancy delivering them, an auditor evaluating them — write to partners@clearpointlogic.com. We have a partner program, and we are deliberate about who we onboard.

Citations

CPL Independence Charter, internal v1.0, March 2026.
CPL field research, 24 enterprise interviews Q4 2025–Q1 2026.
Modeled projection from CPL field data; methodology in appendix B of the full PDF.
Term first used in CPL strategy memo "Workforce, not chatbot", October 2024.
Reference architecture: Cross-Vendor Inventory in Meridian.
Big-four audit partner conversation under NDA, Q1 2026.
EU AI Act, Regulation (EU) 2024/1689; NIST AI RMF 1.0 (January 2023).
CPL pricing study, December 2025; full methodology under NDA.
Patterned after RFC 6962 (Certificate Transparency).

ClearPoint Logic Strategy Brief: The AI Workforce Platform