KPMG Didn't Buy AI for 276,000 People. It Bought a Control Plane.
hatch
KPMG didn’t buy AI for 276,000 people. It bought a control plane — and threw in a quarter-million seats to keep you looking the other way.
Read the June 9 announcement again. Everyone fixated on the headcount: more than 276,000 professionals getting Copilot. That’s the press release. The load-bearing noun is one clause down — Agent 365, the system KPMG adopts to “manage how AI agents are deployed, managed, monitored and updated,” giving it “centralized governance and control of AI agents operating across systems, data and business processes.”
Translation: KPMG bought the layer that governs, secures, registers, polices, meters, and pays for every agent it will ever run. The seats are the wrapping paper. The control plane is the gift.
I’ve spent most of my career on the supply side of this. I ran orgs at hyperscaler scale that inherited decades of integration debt — the exact mess I’m about to describe. I lead the building of sovereign frontier AI infrastructure, the kind that lets enterprises own their stack instead of leasing it. So I’m not writing this from the cheap seats. I’ve watched a vendor’s API contract quietly become a company’s internal data contract, and I’ve lived the cleanup.
Here’s the one question that survives the hype cycle: do you own your control plane, or do you rent it from the same vendor that sells you the agents?
Quick roadmap:
- What KPMG actually bought — and why “control plane” is suddenly a SKU
- The six surfaces of a control plane you should own
- The lock-in nobody prices: when the vendor’s API becomes your data contract
- The escape hatch you build on day one — standard interfaces and a Context Layer
- Own the plane, rent the engines
What KPMG actually bought
A control plane is not a feature. It’s the layer every agent has to pass through to do anything — request access, prove identity, get checked against policy, emit a trace, run up a bill. The agents are the planes. The control plane is the airspace.
KPMG just standardized its airspace on Microsoft. Same month, AWS shipped pieces of the same category at Summit New York: AgentCore Gateway as the tool boundary between agents and systems, and AWS Context as the knowledge layer underneath them. Two of the biggest enterprise vendors on earth started selling the control plane as product in the same thirty days.
That convergence tells you the category is real and the land grab is on. It does not tell you whose plane you should be standing in.
Here’s the trap. If your governance, your registry, your policy, your telemetry, and your billing all live inside the vendor that also sells you the agents, then the one layer that was supposed to give you control is the layer that owns you. You can’t swap the agent without re-platforming the governance. You can’t change models without renegotiating the cage.
That’s not control. That’s a beautifully instrumented cage with a great dashboard.
The six surfaces of a control plane you should own
When I say “own your control plane,” I don’t mean own a logo. I mean own the contract for six concrete surfaces, regardless of who builds them underneath.
Governance. Who and what is allowed to act, on what, with whose approval. “This agent may touch payroll, that one may not” has to be expressible in your terms, not buried in a vendor’s role model you can’t export.
Security. Identity for agents, not just humans. Agents need credentials, scopes, secrets, and blast-radius limits the same way employees need badges. The day your agent identity model lives only in one vendor’s directory is the day your security posture is leased.
Registry. The catalog of every agent and tool: what exists, who owns it, what it’s allowed to touch. If you can’t produce that list yourself, in a format you control, you don’t have a registry. You have a vendor’s database you happen to query.
Policy. The runtime rules every action gets checked against — guardrails, redaction, rate limits. This should be policy-as-code that you author and version, not a checkbox someone set in a console two quarters ago and forgot.
Telemetry. Traces, intent, trajectory, the SLO surface. You can’t run what you can’t see, and you can’t leave a vendor whose telemetry you can’t take with you. Own the trace format or be owned by it.
FinOps. Per-agent, per-task cost attribution and budget enforcement. Agents spend money on their own now. If the only entity that can tell you what each agent cost is the entity sending you the bill, you’ve outsourced your own P&L.
Governance, security, registry, policy, telemetry, FinOps. The vendor will happily implement all six for you. The question is whether you own the contract for each, or just the convenience.
The lock-in nobody prices
I’ve seen this movie before, and it had nothing to do with AI.
Picture the classic enterprise integration project. A big SaaS or ERP vendor lands, and over eighteen months it wires into hundreds of your internal APIs. Quietly, it starts shaping how those APIs behave — what fields they expose, what order things transact in, what assumptions they bake in. Vendor-specific coupling leaks out of the vendor’s product and into systems the vendor doesn’t even own.
By the time someone asks “what would it take to migrate off this?”, the answer is brutal. The vendor’s API contract has become your internal data contract. Hundreds of your own services now speak the vendor’s dialect. Migration isn’t a project anymore. It’s a hostage negotiation, and you’re not the one holding the leverage.
Now run that forward with agents. An agent control plane integrates deeper than any ERP ever did — identity, policy, data, and billing, all at once. Let a single vendor’s plane colonize all six surfaces the way that ERP colonized your APIs, and the migration cost doesn’t grow in a line. It compounds.
And here’s the timing that makes this urgent instead of academic: the thing you’d be migrating to turns over every quarter. New frontier model. New open-weights release. New agent framework. The asset depreciates on a quarterly clock while the lock-in accrues on a multi-year one. That’s the worst trade in the building.
The escape hatch you build on day one
The fix is unglamorous, and it’s the whole game: never let a vendor touch your APIs directly. Put a standard, vendor-agnostic interface between every agent and every backend.
In practice that’s an OpenAPI interface, or a domain-specific MCP service that exposes your systems as clean tool calls. The agent calls the standard interface. The backend behind it is swappable. The vendor calls the same interface everyone else does, which means it can never reach in and colonize your internal contracts — because it never sees them. It sees the boundary you drew.
Let me be honest about MCP, because the protocol has a fan club and a death cult. The skeptics aren’t wrong about everything. “MCP is dead, long live MCP.” “Forget MCP, Bash is all you need.” There’s truth in both — for a lot of agent work, raw shell access and native SDKs are faster and simpler, and protocol maximalism is its own religion. So don’t adopt MCP because it’s holy. The point was never the protocol’s purity. The point is that you enforce a standard tool boundary you own, instead of wiring agents straight into a vendor’s native SDK. OpenAPI does this. A domain MCP service does this. Pick whatever seam you like, as long as the seam is yours.
Above that boundary, build a Context Layer. Below your agents and above your scattered data sources, run tools and servers that serve agents governed relationships, business rules, and domain knowledge at runtime. This abstracts your agent use cases away from tight coupling to raw data. The database can move, get re-sharded, get replaced — the agents don’t care, because they were never talking to the database. They were talking to the context.
This isn’t theoretical anymore. AWS just shipped it by name: AWS Context “automatically maps the relationships across your existing data into a knowledge graph… so AI agents can access governed data relationships, business rules, and domain knowledge at runtime.” The Context Layer, productized. When the hyperscaler ships your architecture as a service, that’s confirmation the architecture is right. It’s not permission to outsource the contract for it.
Now the honest objection, because I can hear it and it’s a good one.
Owning your control plane does not mean building it from scratch. That would be insane. Buy AgentCore. Buy Agent 365. Let a vendor do the heavy lifting — the dashboards, the runtime, the silicon. What you keep is the contract: the registry you can export, the policy-as-code you wrote, the standard tool interfaces every agent flows through. Own the seam, not necessarily the silicon.
And steel-man the single-vendor bet, because it isn’t stupid. One vendor is faster. One throat to choke when things break. One bill, one support contract, one integration story your board actually understands. For a year, the all-in bet genuinely outperforms the disciplined one.
Then the bill comes due. Not the monthly invoice — the migration invoice. And in 2026 it arrives on a schedule no ERP ever imposed, because AI migration cycles are measured in quarters, not decades. The single-vendor bet optimizes for the demo and pays for it at the swap. The seam you drew on day one is what makes the swap a Tuesday instead of a hostage negotiation.
Own the plane, rent the engines
Models are engines. They commoditize, they leapfrog each other, they get cheaper, and the best one this quarter is rarely the best one next quarter. Renting engines is correct. Swap them constantly. May the best model win, every ninety days.
The control plane is the airframe. It’s the part that should still be yours in five years, after you’ve burned through a dozen models and three agent frameworks. So rent the engines hard, and own the plane harder.
Read the headline correctly. KPMG didn’t buy intelligence for 276,000 people — intelligence is the cheap, depreciating part. It bought airspace. The thing worth arguing about now isn’t whether your enterprise needs a control plane; both hyperscalers just settled that for you in the same month. It’s whose plane you’re standing in, and on whose interfaces.
Own the seam. Rent the engines. Keep the leverage.