AI Enablement Radar: Week 17, 2026

Top Stories This Week

• Large enterprise AI adoption declines — US Census Bureau data shows large enterprise AI adoption peaked at 13.4% in July 2025 and declined to 11.7%, a 13% drop. Smallest firms continue growing in AI usage.
• Critical security vulnerability in AI agents — Over 1,500 AI projects are vulnerable to ModelScope CVE-2026-2256, a silent command-injection exploit in AI agent pipelines.
• EU AI Act approaches next deadline — The first compliance deadline passed February 2, 2025. The next major deadline is August 2, 2026 for general-purpose AI models, and open-source compliance tools are beginning to emerge.
• Agent protocols battle for the future — MCP (Model Context Protocol) is becoming a de facto standard for agent interoperability, while A2A (Agent-to-Agent) is emerging as a competing protocol for agent negotiation and commerce.
• Open-source tooling consolidates — Mastra, Laminar, and TensorZero have reached notable maturity as open-source frameworks and platforms for agent development and LLMOps, signaling the tooling layer is hardening.

Enterprise Adoption

Large enterprise AI adoption declined 13% since July 2025 peak, per US Census Bureau Business Trends and Outlook Survey tracking 1.2 million US businesses. Large firms (250+ employees) dropped from 13.4% to 11.7%; smallest firms continue growing.

Source: narev.ai

Anthropic's Economic Index (September 2025) found uneven geographic and enterprise AI adoption: 40% of US employees report using AI at work, up from 20% in 2023. Adoption patterns differ significantly by region and firm size.

Source: anthropic.com

Enablement Landscape

• Agentic Trust — Launched an enterprise MCP Server Platform for secure AI agents with knowledge bases, tool calling, and workflows with enterprise-grade security.
• OpenLegion — Released an AI agent framework with container isolation, vault-secured credentials, and per-agent budgets for production deployment.
• Usplus.ai — Launched as a platform to build AI-Native Companies with agents embedded in org charts, targeting enterprise workflow transformation.

Source: agentictrust.com

Source: openlegion.ai

Source: usplus.ai

Tools and Platforms

• Mastra 1.0 — Open-source TypeScript AI agent framework from the team behind Gatsby, for building AI-powered applications with a modern TypeScript stack.
• Laminar — Open-source observability platform purpose-built for AI agents, offering DataDog + PostHog-like LLM tracing, built in Rust. YC S24.
• TensorZero — Open-source LLMOps platform unifying LLM gateway, observability, evaluation, optimization, and experimentation.
• Iris — First MCP-native eval and observability tool for AI agents — scoring output quality, catching safety failures, and enforcing cost budgets.
• Index (by Laminar) — SOTA open-source browser agent for autonomously performing complex tasks on the web.
• VoltAgent — Open-source observability-first TypeScript AI agent framework with built-in tracing and evaluation.
• RunAgent — Serverless deployment platform for AI agents with multi-language SDK support and built-in invocation streaming.
• Rowboat — Open-source AI coworker with memory for multi-agent systems.
• AgentKit (by Inngest) — JavaScript alternative to OpenAI Agents SDK with native MCP support, deterministic routing, and rich tooling.
• Cua (by TryCua) — Open-source infrastructure for Computer-Use Agents with sandboxes, SDKs, and benchmarks for training and evaluating desktop-controlling agents.
• TinyFish Web Agent — Scored 82% on hard Mind2Web tasks vs OpenAI Operator's 43%, publishing all 300 runs.
• Spongecake — Open-source Operator alternative for computer use, enabling easy deployment of agents that can use computers.
• JACoB — Open-source AI coding agent for real-world productivity.
• FlowScript — Queryable reasoning memory for AI agents with six typed queries (why, tensions, blocked, whatIf, alternatives, counterfactual) over reasoning graphs.
• Trigger.dev v4.4.4 — Released with AI agents support, long-running tasks, retries, queues, and elastic scaling for TypeScript workflows.
• Notte — Framework to build and deploy serverless web automation functions on reliable browser infrastructure.
• Workflow-use (by Browser-Use) — For creating and running deterministic, self-healing browser automation workflows (RPA 2.0).
• TuFT — Multi-tenant fine-tuning platform for local LLMs with Tinker-compatible API.

Source: github.com/mastra-ai/mastra

Source: github.com/lmnr-ai/lmnr

Source: github.com/tensorzero/tensorzero

Source: github.com/iris-eval/mcp-server

Source: github.com/lmnr-ai/index

Source: github.com/VoltAgent/voltagent

Source: github.com/runagent-dev/runagent

Source: github.com/rowboatlabs/rowboat

Source: github.com/inngest/agent-kit

Source: github.com/trycua/cua

Source: tinyfish.ai

Source: github.com/aditya-nadkarni/spongecake

Source: github.com/jacob-ai-bot/jacob

Source: github.com/phillipclapham/flowscript

Source: trigger.dev

Source: github.com/nottelabs/notte

Source: github.com/browser-use/workflow-use

Source: github.com/agentscope-ai/TuFT

Use Cases

• Manufacturing — Bucket Robotics (YC S24) deployed defect detection for molded and cast parts using AI vision systems.
• Finance — Integrate.ai enables machine learning and analytics on hard-to-access sensitive data for financial services compliance.
• Healthcare / BFSI — AI orchestration market witnesses surge in use across healthcare and BFSI sectors.

Source: ycombinator.com

Source: integrate.ai

Source: globenewswire.com

Governance and Regulation

The EU AI Act's first compliance deadline (February 2, 2025) banned AI systems with "unacceptable risk." The next major deadline is August 2026 for general-purpose AI models.

Source: techcrunch.com

Multiple open-source EU AI Act compliance tools emerged, including a compliance layer for AI agents, a scanner finding 97% of agent code non-compliant, and a 16-year-old builder creating compliance audit software.

Source: euaiactnews.live

A2CN (Agent-to-Agent Commercial Negotiation) protocol submitted as an open protocol for agent-to-agent commercial negotiation with IETF draft.

Source: a2cn.io

Grantex submitted an open authorization protocol for AI agents with IETF draft, addressing cross-agent authentication.

Source: github.com/grantex/grantex

Notable Signals

The Register: "If MCP is the USB-C of AI agents, A2A is their Ethernet" — analysis of competing agent protocols and their roles.

Source: theregister.com

Peter Steinberger (founder of PSPDFKit) joined OpenAI, signaling deeper enterprise tooling focus.

Source: blog.saimadugula.com

Databricks published guidance on scaling secure AI workflows, addressing enterprise deployment patterns.

Source: databricks.com

Ask HN: "What tools are you using for AI evals? Everything feels half-baked" — community consensus that evaluation tooling remains immature despite rapid framework releases.

Source: news.ycombinator.com

Companies to Watch

• Lucidic (YC W25) — Debug, test, and evaluate AI agents in production.
• Gecko Security (YC F24) — AI that finds vulnerabilities in code.
• CodeComplete (YC W23) — Copilot for Enterprise with enhanced security controls.

Source: lucidic.ai

Source: geckosecurity.io

Source: codecomplete.ai