An agent completes a task correctly, and the organization has no way to receive it.
The output is fine. The action just arrives without the institutional metadata that lets an organization treat it as something that happened on its behalf. No delegation chain, no scoped authority, no evidence trail shaped to answer the questions an auditor or compliance officer would actually ask. The action is technically successful and institutionally illegible.
This keeps happening, and the aggregate numbers reflect it. McKinsey's 2025 survey shows eighty-eight percent of enterprises reporting regular AI use, twenty-three percent scaling agents, and no single function above ten percent deployment. The usual explanations involve model reliability, hallucination, prompt engineering. Those account for why individual runs break. The scaling problem is something else entirely: successful runs that organizations still can't absorb.
I've started calling the missing piece standing.
In U.S. legal usage, standing is the recognized capacity to bring a claim before a court. Your argument might be perfect. Without standing, the system won't process it. Something structurally similar happens when agents act inside enterprises. The agent's work might be flawless. But if the institution can't recognize the action as delegated from a specific authority, can't bind it to a scope, can't preserve evidence that answers institutional questions rather than technical ones, and can't recover when things go wrong, then the action doesn't have standing. The organization can't process it as its own.
This becomes concrete fast. A joint evaluation by the Singapore and Korea AI Safety Institutes tested agents on realistic enterprise tasks. One scenario: an executive-assistant agent schedules a meeting and summarizes prior notes, separating internal legal strategy from material appropriate for an external partner. The agent could complete the task. The harder question was whether anyone could verify, after the fact, what information went where and whether the internal/external boundary held. "Meeting scheduled" is a technical outcome. "Meeting scheduled within delegated authority, with appropriate information scoping, and a reviewable record" is an institutional one. Standing is the distance between those two sentences.
Payments show this most sharply, because disputes have teeth. When a customer challenges an agent-mediated transaction, the institution needs to answer specific questions: who authorized this amount? Was the agent acting within the scope the customer actually granted? Did the delegation hold through the full chain of actions, or did something drift? A success code answers none of those. Payment networks figured out decades ago that the operation and the authorization are different things. Agent infrastructure is catching up.
This weekend the country celebrates delegated authority in its most foundational form. Constitutions, checks, balances, the boring institutional infrastructure that makes self-governance legible and accountable. The systems we're building now face the same structural requirement.
When standing becomes a design target, the questions move earlier. Before an agent acts, you have to answer: delegated by whom, scoped to what, with what evidence surviving the action, and reviewable by whom after the fact. These are the conditions under which an institution can treat an agent's output as something it's willing to own. Get those right and you're building actions organizations can actually receive.
-
Task success vs. safety: The Singapore-Korea AI Safety Institute evaluation found that none of the tested agents achieved fully correct and fully safe execution across all scenarios, even when individual tasks were completed successfully.
-
Payment networks move first: Visa's June 2026 ChatGPT integration introduced spending limits, approval steps, and merchant restrictions, with Visa explicitly acknowledging that agent-mediated disputes may involve failures "in the middle" that neither buyer nor seller caused.
-
Protocols encoding delegation: The Model Context Protocol's June 2025 authorization spec now requires resource indicators and audience validation for OAuth-based agent access, turning "on behalf of the user" into enforceable credential scopes.
-
Capability outpacing readiness: Stanford HAI's 2026 AI Index reports that agent task success on OSWorld rose from 12% to roughly 66% in a year, while documented AI incidents also rose sharply, suggesting capability gains alone don't resolve the institutional gap.

