AI Agents: From Prototype to Enterprise-Grade Deployment

We are currently experiencing a surge in interest around generative AI across business units. Today, building an agent with tools such as GitHub Copilot is accessible to many. However, a significant gap remains between a rapid prototype (POC) and a secure, performant, and enterprisegrade solution. 

How do you transform experimentation into a governed tool that creates business value? By applying our expertise in critical environments (such as SAP on Google Cloud), we have defined the key pillars that enable the transition from AI “gadgets” to a robust production infrastructure.

1- The Interface: Balancing Freedom and Operational Productivity

AI adoption does not depend on the model itself but on how people use it. We recommend a hybrid approach depending on the user profile. 

• For power users: environments such as Gemini Enterprise and the enterprise version of Google NotebookLM. These tools support complex reasoning and the exploration of unstructured data. 
• For operational teams: a purposebuilt interface (Custom UI). This approach enhances productivity by replacing complex prompt engineering with structured forms and clear action buttons. 

Benefit: better control of licensing costs and the ability to scale deployment through lightweight interfaces without additional per-user licensing fees.

2- Intelligence and Efficiency: The “Cascade” Architecture

For critical processes, organizations must control their business intelligence layer without vendor lock-in. Our architecture relies on the open-source Google Agent ADK framework and Vertex AI. 

To optimize performance and cost, we implement a three-layer segmented agent architecture: 

1. Triage Layer
   Lightweight models (Gemini Flash) classify intent, filter irrelevant requests, and anonymize sensitive data (PII).
2. Reasoning Layer (Brain)
   The core reasoning engine (Gemini Pro) is used only for complex tasks that require deeper analysis.
3. Execution Layer (Worker)
   A code-driven executor converts AI decisions into concrete actions through trusted sources such as Vertex AI Search, preventing hallucinations.

3- MCP Connectivity and Skills: AI That Acts Securely

An agent that reasons is helpful; an agent that acts becomes a transformation lever. 

To execute actions, our agents rely on the Model Context Protocol (MCP) standard or on specific Skills implemented through Command Line Interfaces (CLIs). These mechanisms allow AI to run secure commands across core business systems. 

Unlike generic service accounts—which often introduce security risks—our agents inherit the user’s actual permissions. 

• Google BigQuery (Data): The agent queries data using the user’s real identity, automatically respecting Row-Level Security policies. 
• SAP (ERP – ECC, S/4HANA): Through an MCP connector based on OAuth, the agent operates strictly within the user’s SAP roles (inventory lookup, order validation), without excess privileges. 

This orchestration runs on a serverless architecture (Google Cloud Run), ensuring strict isolation of each execution and immediate scalability.

4- The Agent Factory: A DevOps-First Approach

Scalability requires automation. We treat agents as high-criticality software products.

• Robust CI/CD pipelines for every update
• Terraform orchestration for reproducible infrastructure
• Continuous observability to monitor model drift and token consumption 

Why the Architect Is the Key Player 

Anyone can produce a prompt that works once. A prompt does not manage regulatory compliance, access security, or uncontrolled cost growth. 

oXya bridges the gap between cloud infrastructure and business strategy to address critical questions: 

• Governance: how do you enforce the principle of least privilege?
• FinOps: how do you optimize the architecture to significantly reduce token costs?
• Sovereignty: how do you retain ownership of your software intelligence?

Adopting agentic AI is not a single project. It is a journey that requires operational rigor and a clear architectural vision. 

At oXya, we adapt our involvement to your level of maturity: 

1. Advisory & Architecture – defining foundations and governance
2. Implementation (Build) – connecting agents to critical systems (SAP, Data)
3. Managed Services (Run) – operating, monitoring, and maintaining agents over time.