AI Enablement Radar week 26: agent work needs sources, permissions and receipts

This week points in a very practical direction: AI is not just getting smarter, it is getting places to work. Excel, Jira, Slack, Dropbox, Google Voice and customer platforms are gaining agent features that can read, write, follow up and leave a trail. For small teams, the question is no longer "which model is best?" It is: which workflow may AI touch, which sources may it use, and where must a human approve the next step?
Top signals this week
- Microsoft makes Excel more reviewable for finance work. Copilot in Excel is getting skills for repeatable finance workflows, workbook rules and new data connectors including CB Insights, Daloopa and FactSet. The useful lesson is not the finance jargon. It is the pattern: write down the method, let AI follow it and require traceability before anyone trusts the numbers.
Source: Copilot in Excel: Built for the era of Frontier Finance, Microsoft 365 Blog.
- GitHub starts measuring whether Copilot adoption shows up in delivery. Enterprise and organization reports can now show
total_pull_requests_mergedby AI adoption phase. It is a small data point, but a useful one: AI programs need to be checked against real work measures, not just the feeling that people are using the tool.
Source: Track total merges by adoption phase in enterprise and organization reports, GitHub Changelog.
- Claude moves into the team channel. Anthropic launched Claude Tag in beta for Claude Enterprise and Team, starting in Slack. Anthropic says 65 percent of its product team's code is created by its internal version of Claude Tag. The practical lesson is bigger than Slack: an agent working in a shared room needs its own identity, its own permissions and visible work steps.
Sources: Introducing Claude Tag, Anthropic; Agent identity: a new access model for autonomous, team-wide AI, Claude Blog.
- Dropbox connects Claude to real project files. Dropbox announced three Claude integrations: a connector for Claude, a plugin for Claude Cowork and a plugin for Claude Code. They let Claude search, summarize, organize, create links and save new material back to Dropbox using existing Dropbox permissions as the base.
Sources: Work seamlessly with Dropbox in Claude, Dropbox Blog; Dropbox Connector, Claude connectors.
- HubSpot reports measurable sales, marketing and support outcomes. HubSpot reports 4x more leads for customers using Breeze Assistant in marketing work, 80 percent more meetings booked for Prospecting Agent and a 2.3x higher support conversation resolution rate for Customer Agent. The numbers are HubSpot's own, but they are still useful: measure by workflow.
Source: HubSpot data: AI is driving real outcomes for GTM teams, HubSpot Company News.
- EU AI rules are turning into an operating checklist. The European Commission's AI Act page is updated ahead of the regulation becoming fully applicable on 2 August 2026, and the General-Purpose AI Code of Practice page was updated on 25 June. For ordinary organizations, that does not mean every AI task becomes legal work. It means risk classification, documentation, logging and human oversight need to appear earlier.
Sources: AI Act, European Commission; Drawing-up a General-Purpose AI Code of Practice, European Commission.
What organizations are actually doing with AI
The interesting thing right now is not another demo. It is AI landing in boring, valuable work.
HubSpot describes how AI across marketing, sales and support works better when the same customer context follows the funnel. Breeze Assistant is used for audiences, outreach and follow-up. Prospecting Agent is used for prospect research and personalized email. Customer Agent uses knowledge bases, previous conversations and product documentation to resolve routine cases and hand off when needed.
Source: HubSpot data: AI is driving real outcomes for GTM teams, HubSpot Company News.
Interactive Brokers shows the same pattern in a more regulated setting. Its AI integration connects ChatGPT, Claude and Grok to portfolio data through Model Context Protocol, or MCP. MCP is a way for AI tools to connect to external systems and data through defined tools and permissions. At IBKR, AI can analyze a portfolio and draft order instructions, but instructions never become orders automatically. The customer reviews and submits every order.
Source: AI-Powered Portfolio Analysis & Trading Tools, Interactive Brokers.
The Dropbox example is more everyday, but just as important. Many teams already live in folders, comments and versions. When Claude can work against Dropbox, the AI routine can move from "paste five documents into chat" to "find the right source material, create a draft, save it back and let someone review".
Sources: Work seamlessly with Dropbox in Claude, Dropbox Blog; Dropbox Connector, Claude connectors.
The tooling layer: platforms, agents, and workflows
GitHub Copilot for Jira is now generally available. The point is not only that a coding agent can connect to an issue. The useful part is that agent status can stream back into Jira, follow-up instructions can continue on the same pull request, and Confluence context through MCP is part of the earlier improvement list. For a small product team, this is a model for AI work: one issue, one work log, one proposal, one review.
Source: GitHub Copilot for Jira is now generally available, GitHub Changelog.
Google Workspace also had two practical signals. AI note-taking is now available in Google Voice, which can make customer calls and internal calls easier to turn into work orders. Google Apps Script is now a Google Workspace core service with enterprise-grade data protection. Apps Script lets teams automate Google Workspace with code, and core service status makes it easier to treat small automations as part of a governed IT environment.
Sources: AI note-taking is now available in Google Voice, Google Workspace Updates; Google Apps Script is now a Google Workspace core service with enterprise-grade data protection, Google Workspace Updates.
On the developer side, the tools keep maturing quickly. Claude Code 2.1.195 improves background jobs, remote session startup and hook matching for MCP servers with hyphens in their names. OpenAI Codex 0.142.3, by contrast, was a maintenance release with no user-facing changes since 0.142.2. That is also a signal: not every week brings a new superpower. Sometimes operability, fixes and control points are what make agent work usable.
Sources: Claude Code changelog, Anthropic GitHub; Claude Code v2.1.195, GitHub; OpenAI Codex 0.142.3, GitHub.
Governance and risk: what needs to be in place before scaling
AI governance is not a binder nobody opens. For a normal team, it means someone can answer five questions: what may AI read, what may it write, which keys does it use, who approves actions and where is the log?
Claude Tag makes that concrete. Anthropic describes an agent identity model where Claude does not act through one person's private permissions, but through its own workspace- or channel-scoped identities provisioned by admins. That reduces the risk of a shared channel becoming a side door into someone's private documents.
Source: Agent identity: a new access model for autonomous, team-wide AI, Claude Blog.
GitHub points in the same direction with strictKnownMarketplaces, an enterprise-managed setting that lets admins restrict which plugin marketplaces users can install from in GitHub Copilot CLI and VS Code. The same week, GitHub also launched break-glass credential revocation features for incident response. Agent work needs those exits.
Sources: Enterprise-managed settings now support strictKnownMarketplaces in VS Code and GitHub Copilot CLI, GitHub Changelog; Self-service credential revocation for incident response, GitHub Changelog.
OpenAI's Daybreak work shows the same pattern in security. Codex Security cloud research preview has, according to OpenAI, scanned more than 30 million commits across more than 30,000 codebases, but OpenAI stresses that vulnerability reports do not protect anyone until they are validated, patched and tested. Patch the Planet, built with Trail of Bits, puts human security review between AI findings and open source maintainers.
Sources: Daybreak: Tools for securing every organization in the world, OpenAI; Patch the Planet, OpenAI.
The EU AI Act, NIST AI Risk Management Framework and OWASP GenAI Security Project give different levels of the same map: classify risk, document, test, log, add human oversight and build security in before the system gets more access. For small Nordic organizations, a simple AI work card is often enough to start. It should say which sources are approved, which actions require approval, how outputs are redacted and where the log is saved.
Sources: AI Act, European Commission; NIST AI Risk Management Framework, NIST; OWASP Top 10 for Large Language Model Applications, OWASP.
This week's practical Hammer test
Test one agentic workflow in 45 minutes. An agentic workflow is a workflow where AI does more than answer in chat: it uses sources, tools and steps to propose or perform work.
Choose a recurring workflow that already has clear sources: a customer call that should become a work order, a proposal that should be checked against previous material, or a project folder that should be summarized before the weekly meeting.
Do this:
- Write a work card with the goal, approved sources, allowed tools and stop points.
- Give the AI read-only access first. If it later needs API access, use scoped permissions, environment variables or a secret manager instead of pasting keys into chat.
- Run the workflow once and require a run log: which sources were read, which assumptions were made, which actions are proposed?
- Have a human review the result and mark what was right, wrong or missing a source.
- Decide the next level: continued reading, permission to create drafts, or permission to take an action only after approval.
A prompt to copy:
You are our AI work lead for a small test. Read only the sources I provide. Create a work card with the goal, sources, possible actions, risks, decisions that require human approval and a short run log. Do not suggest integrations until you have listed the permissions, secrets, redactions and audit logs required.
This is a good Tool Forge test: do not build the whole system yet. Build the receipt that shows whether AI can work safely with the right sources.
Companies and tools to watch
- Anthropic Claude Tag: makes the team channel a place where agent work can be delegated, followed and governed.
- Dropbox + Claude: shows how AI becomes more useful when it can work against existing project files with existing permissions.
- GitHub Copilot for Jira: moves coding-agent work closer to the issue, status and review.
- Microsoft Copilot in Excel: a good example of skills, rules and traceability in a sensitive workflow.
- HubSpot Customer Agent and AEO: shows why AI outcomes should be measured by customer workflow, not as a general AI feeling.
If you want to try this week's test with your own files, customer flows or internal routines, Hammer Automation can help shape a first Tool Forge setup: the right sources, the right permissions, one human approval point and a log that can be reviewed. Start with one workflow. That is enough.
FAQ
What should AI teams test after week 26?
Test one recurring workflow with approved sources, read-only access first, one human approval point and a simple run log.
What does MCP mean in practice?
MCP, Model Context Protocol, is a way for AI tools to connect to external systems and data through defined tools and permissions.
How can a team integrate AI safely without blocking useful work?
Use scoped permissions, environment variables or secret managers for keys, output redaction, approval gates for actions and audit logs for each run.
The Forge newsletter
Get new articles in your inbox
Pick the topics you care about. No noise, at most one email a week.
We follow GDPR. Unsubscribe anytime.


