
Enterprise AI teams appear to have settled one part of the agent debate: they are increasingly standardizing on major model-provider platforms. But a new cluster of VentureBeat Pulse Research surveys suggests the harder problem is not choosing a platform. It is getting anything resembling a reliable, governable, multi-step agent into production without breaking trust, budgets, or security.
The most direct signal comes from VentureBeat AI’s June 2026 orchestration survey of 101 enterprises with more than 100 employees. According to that survey, Anthropic’s Claude was the primary orchestration platform for 40% of respondents, ahead of Microsoft at 18% and OpenAI at 13%. Yet the same respondents said most of their deployed “agents” are not really agents in the stricter workflow sense: 71% said a quarter or fewer of their deployed systems were true multi-step orchestrated workflows rather than single-prompt chatbot wrappers.
Taken alone, that would already be a useful correction to the market’s agent rhetoric. Taken together with three related VentureBeat AI surveys on context, evaluation, and security, it points to a broader pattern. Enterprises are moving quickly to wire AI into business systems, but the surrounding control layers are immature. Retrieval infrastructure is widespread but not fully trusted. Evaluation tooling is in use but poorly aligned with production reality. Security controls are often borrowed from model providers and cloud platforms rather than designed around autonomous software. The result is less a platform war than a deployment gap.
VentureBeat AI’s orchestration survey argues that enterprise buyers are choosing platforms based primarily on “model gravity” rather than allegiance to independent orchestration frameworks. In the survey, the top selection factor was alignment with a preferred base model, while flexibility and ease of development followed behind. The implication is practical: enterprises are often starting where the model already lives, then adding their own control logic later.
That helps explain why provider platforms dominated reported primary usage while tools such as LangChain/LangGraph and custom in-house orchestration remained in single digits. But the same survey also found unusually high churn intent. VentureBeat AI reported that 68% planned to adopt a new, additional, or replacement orchestration platform within a year, and that the largest group of movers had not yet shortlisted a vendor.
This does not read like a settled market. It reads like temporary concentration around the easiest starting point.
The strongest contradiction in the data is the one VentureBeat AI itself highlighted: teams say they judge orchestration by reliable multi-step execution, yet most admit their deployed portfolio still consists mostly of chatbot wrappers. That matters for builders and buyers alike because a single-turn assistant and a system that plans, calls tools, coordinates state, and takes actions across enterprise systems create very different operational requirements.
Even basic financial controls look thin. In the orchestration survey, 27% said they had no real-time programmatic way to stop a runaway agent before the bill arrived. Another 32% relied entirely on provider-native caps and throttles. Only minorities reported building custom gateways or cross-model routing to manage spend more deterministically.
The orchestration findings become more significant when set against VentureBeat AI’s parallel June 2026 surveys on the rest of the enterprise agent stack.
In the context survey, based on 101 enterprises, 57% said their AI agents had produced confident but wrong answers in the past six months because of missing or inconsistent business context. Retrieval-augmented generation was reported as the primary context source for 38% of organizations, making it the most common approach. Provider-native retrieval also led reported production usage, with OpenAI file search at 40% and Google Vertex AI Search at 38%, ahead of dedicated vector tools such as Pinecone, Weaviate, Milvus, and Qdrant.
That combination is important. The market conversation often treats retrieval as a solved plumbing problem and vector infrastructure as a mature category. But this survey suggests the actual enterprise issue is not whether a team can retrieve documents. It is whether the retrieved context is governed, consistent, access-aware, and trustworthy enough to support business decisions.
VentureBeat AI’s evaluation survey, with 157 enterprise respondents, points to a similar mismatch. Half said they had shipped an agent or LLM feature that passed internal evaluations and then failed in a customer-facing setting. Only 5% said they fully trusted automated evaluation. Yet 66% either already allowed zero-human-in-the-loop deployment for low-risk agents or were engineering toward it within a year.
The evaluation tooling market in that survey also looked early and fragmented. OpenAI’s native evals and traces were tied with “no dedicated tooling at all” as the most common primary setup, at 17% each, while Anthropic’s Claude Console evals and independent tools including DeepEval, Braintrust, LangSmith, Weave, Promptfoo, Langfuse, and Arize remained distributed across smaller shares.
This matters because orchestration without trustworthy evaluation becomes a way to scale false confidence. A passing benchmark or internal test suite is not the same as proving that an agent will behave correctly under real workload, data, and customer conditions.
The most concrete risk signal in the cluster comes from VentureBeat AI’s security survey of 107 enterprises. It found that 54% had already experienced either a confirmed AI agent security incident or a near-miss. Only 32% said every agent had its own scoped, managed identity. Most reported some form of credential sharing, and only 30% sandboxed their highest-risk agents.
According to VentureBeat AI, the security stack used for these deployments was overwhelmingly provider-native. OpenAI guardrails led reported usage at 51%, alongside controls from major cloud and model providers including Google, Microsoft, and Anthropic. Dedicated categories such as Palo Alto Prisma AIRS, CrowdStrike, Cisco AI Defense, HiddenLayer, Zenity, Check Point, Lakera, Okta for AI Agents, and broader non-human identity platforms were present only at low levels in this sample.
The survey’s core argument is that the enterprise problem is not lack of awareness but a mismatch between the autonomy being granted and the containment systems around it. Agents are being given real access to internal systems and data before per-agent identity, least-privilege access, isolation, and runtime enforcement are broadly in place.
That is where the “most are calling chatbots agents” finding becomes more than semantics. If many production deployments are still wrappers around prompts, today’s security posture may already be weak. If those systems evolve into more autonomous, multi-step agents with tool access, the attack surface expands further.
All of the underlying evidence in this story comes from VentureBeat AI’s own Pulse Research surveys, fielded in June 2026. The orchestration and context reports each sampled 101 enterprises, the security report 107, and the evaluation report 157. All samples excluded very small businesses and skewed toward mid-market or AI-active enterprise respondents. VentureBeat AI repeatedly notes that the surveys are self-selected, cross-sectional, and directional rather than probability samples.
That caveat matters. The numbers should not be treated as definitive market share, precise incidence rates, or audited adoption statistics. They reflect what a particular cohort of respondents told VentureBeat AI about their own deployments and plans. Vendor shares across surveys also should not be overcompared because the samples and question framing differ.
Even so, the directional consistency across the four reports is notable. In orchestration, enterprises cluster around provider platforms but expect hybrid control. In context, they use bundled retrieval but say they want best-of-breed independence. In evaluation, they distrust automated testing but are increasing automation. In security, they report comfort with provider-native controls while also planning tooling changes after incidents and near-misses.
The strongest adoption and effectiveness claims in this cluster are therefore survey-reported, not independently verified. But the pattern is coherent enough to matter.
For AI builders, the message is that the market may be overusing the word “agent” and underinvesting in the surrounding systems that make agents operationally credible. Shipping a wrapper around Claude, OpenAI, or Microsoft is comparatively easy. Building a workflow that can retrieve the right context, pass realistic evaluation, enforce scoped access, and stop itself before overspending is harder and increasingly where value will be judged.
For enterprise buyers, the surveys suggest that “platform standardization” does not equal deployment maturity. A team can choose Anthropic, OpenAI, Microsoft, Google, or Amazon and still lack the controls that matter once AI systems touch live business processes. The likely buying shift is toward hybrid stacks: provider-native primitives for fast starts, with independent layers for control, governance, identity, observability, and cost routing.
For startups, this is the opening. The independent framework story looked weak in current primary usage in the orchestration survey, but stronger in forward consideration. The same was true in adjacent layers: Qdrant and Milvus in retrieval, DeepEval and Braintrust in evaluation, and a handful of security vendors in consideration even when current deployment remained low. That is not evidence of winners yet, but it does suggest dissatisfaction with the bundled default.
The next signal to watch is whether orchestration maturity actually improves or whether the market keeps relabeling assistants as agents. A rising share of true multi-step workflows would be more meaningful than another round of platform branding.
Second, watch whether hybrid control becomes architecture rather than aspiration. If enterprises increasingly keep decision logic, routing, permissions, and spend controls outside provider platforms, independent control-plane vendors and in-house platforms should gain ground.
Third, follow whether the trust layers catch up. In practice that means more production use of governed semantic layers, more live output-quality monitoring, more per-agent identity, and more sandboxing for higher-risk systems.
Finally, monitor budget enforcement. If token spend and tool-call costs keep rising, real-time routing and kill-switch controls may become a more urgent enterprise requirement than many current product roadmaps assume.
The clearest takeaway from this survey cluster is that enterprise AI does not primarily suffer from a shortage of platforms. It suffers from an excess of premature confidence. Teams can already buy orchestration, retrieval, evaluation, and guardrails from the same handful of providers. What they cannot yet do consistently is turn those components into production systems that are trustworthy across cost, security, and business correctness.
That is why the most important competition may shift away from base-model access and toward the operational layer around it. The winners will not just promise “agents.” They will make it harder to confuse a chatbot wrapper with a governed autonomous workflow, and easier to prove when a system is safe, affordable, and actually ready for enterprise use.
VentureBeat surveys suggest enterprises are buying agent platforms fast, but security, context, evaluation and cost controls lag real deployment needs.