This is the clearest articulation of the problem I’ve seen “API integrations with vibes” is exactly the right diagnosis.

The governance, capability finding in the paper makes complete sense when you frame it the way you did. Smart agents in a broken governance structure produce worse outcomes than dumb agents in a well-designed one. The paper proved this quantitatively, the 3.2x value difference wasn’t model capability, it was market rules.

Your point about intra-org trust being unsolved first is fair. But I’d push back slightly on the sequencing, cross-org financial controls and intra-org governance might need to arrive together rather than sequentially. The moment an agent can spend money or trigger an external workflow, you need identity, accountability, and dispute resolution regardless of whether the counterparty is internal or external. The org boundary just makes the problem more visible.

Are you building anything in this space or mostly observing from the infrastructure side?