AI & Emerging Tech
Most major enterprise CMS platforms now ship AI agents, and several expose them over MCP so external assistants can act on content.
The useful question in 2026 is no longer whether a platform has agents, but what they are allowed to do: how far across your properties one instruction reaches, whether they touch commerce or only content, and whether they ship through existing approvals.
An AI feature helps one person finish a task faster inside one site, like drafting a headline or tagging an image.
Agentic operations go further: you describe an outcome once and the platform carries it out across every property you run, then routes it through your approval, audit, and rollback workflow.
Most platforms now add AI agents. The difference is whether those agents reach every property, touch commerce as well as content, and ship changes rather than stopping at a draft.
Governed autonomy means an agent can act across your properties while a human approves changes, every action is logged, and any change can be rolled back. It gives a team speed without giving up control of live sites.
Core dna is built for agentic operations: running many properties from one platform by prompt, with approval, audit and rollback. It is not a consumer shopping-agent or a checkout protocol, though an operator can still sell through agentic commerce channels alongside it.
No. Agentic commerce sits on the customer's side and is about buying. Agentic operations sits on the operator's side and is about running the business. A company can use both for different purposes.
Agentic operations is when a business user prompts their platform in plain language to make operational changes, such as content, catalog and pricing updates, across multiple websites or stores at once. The agent works for the operator, not the shopper.
Agentic commerce is online buying carried out by an AI agent on a shopper's behalf. The agent searches, compares and completes the purchase, often inside an assistant such as ChatGPT or Gemini, using open standards like the Agentic Commerce Protocol (ACP) or the Universal Commerce Protocol (UCP).
Agentic operation means you describe a change in plain language and the platform makes it across your properties, with human approval and a full audit trail. It runs on a free MCP server on every account, with 80+ tools and 400+ APIs. You bring your own AI model, so your model spend stays on your own provider contract.
Yes, because the structure governs it. The agent acts inside the exact permissions each person already has, reads your inheritance model so it knows shared from local, and shows a per-property diff before anything ships. Every change runs through your approval rules, is logged with who/when/which property, and can be rolled back in one click. You don't configure new safety for the AI, the structure, permissions, and approvals you already built are what contain it.
Yes, through Core dna MCP. Describe the change in plain language and the platform makes it against the same rules your team uses in the admin, with approval, audit, and rollback built in. Draft a promo, model a margin scenario before it goes live, audit recent overrides, or update contract pricing at renewal, all from a prompt. It runs on a live MCP server with 80+ tools and 400+ APIs. No price or promo goes live until the assigned approver signs off.
By the four-phase exit criteria, not by the model's benchmark scores. The readiness signal is operational: scoped identity in place, audit captures intent, discovery-mode plans match human-operator plans, governed execution has run a representative volume of writes with zero unrecoverable actions, and a governance cadence is established and attended. If any of those is missing, the agent is not ready to scale, regardless of how the model performs in isolation.
With a standing governance group, a monthly cadence, and the audit log as the agenda. Governance covers tool-permission drift, new-tool onboarding, model changes, incident review, and retiring tools the agent no longer needs. The governance group needs representation from digital, platform, security, and risk - not just the team that built the agent.
When it has demonstrated, in discovery mode, that its plans are the plans a human operator would approve, on a representative task set, over a window long enough to surface your edge cases. Write access is earned, not defaulted. And the first writes should be reversible, low-blast-radius actions inside a tight tool box - not high-stakes operations on customer-facing data.
The narrowest set of permissions that lets it do the specific job you hired it for. Agents should never inherit a human's permission set, and they should never share credentials with another agent or service. Permissions are granted at the tool level, scoped to the record types and actions the agent's job actually requires, and reviewed on the same cadence as the rest of your privileged-access program.
In phases, with read-only first. The pattern that works is: prepare the environment with scoped identity and audit, validate the agent in discovery mode where it can plan but not write, promote it to governed execution with tight tool boundaries and rollback, then run it under continuous governance with a standing review cadence. The single most common failure mode is granting write access before discovery-mode validation is honestly complete.