Cross-Organizational Agents: When AI Collaboration Crosses the Enterprise Boundary
This is the seventh article in Arion Research's "Future Enterprise" series, exploring how AI agents are restructuring enterprise technology. The series examines the architectural layers, competitive dynamics, and strategic decisions that will define the next era of enterprise software.
Everything we have discussed in this series so far has been, in one critical respect, the easy version of the problem. Enterprise Platforms, Agentic Platforms, Agent Service Buses, identity frameworks, governance architectures, and pricing models are all challenging to build. But they share one simplifying assumption: they operate within a single organization's boundary, under one set of policies, one identity provider, one governance framework, and one chain of accountability.
That assumption is about to break.
The next phase of enterprise AI is not agents working inside your organization. It is agents working across organizations: your procurement agent negotiating with your supplier's fulfillment agent, your compliance agent coordinating with your auditor's review agent, your customer's service agent interacting with your support agent, your logistics agent synchronizing with your carrier's routing agent. Every one of these scenarios crosses an organizational boundary, and every architectural layer we have discussed in this series gets harder at that boundary.
Cross-organizational agent collaboration is where the full Future Enterprise architecture gets stress-tested. Identity, governance, the Agent Service Bus, the native-versus-external debate, and even pricing models all need to work not just within your enterprise but between enterprises that do not share infrastructure, do not share policies, and may not share interests. This article examines what happens when agents leave the building, using three concrete scenarios to illustrate how each layer of the architecture adapts (or fails to adapt) at the organizational boundary.
Scenario 1: Supply Chain Negotiation
Consider a scenario that is already emerging in pilot deployments: a manufacturer's procurement agent needs to negotiate delivery terms with a supplier's fulfillment agent. The manufacturer wants to accelerate delivery of a critical component. The supplier has limited capacity. Both sides have agents authorized to negotiate within defined parameters.
In an intra-enterprise scenario, this is a workflow problem. The procurement agent and the fulfillment agent share the same identity provider, the same governance framework, and the same data model. The Agent Service Bus can route messages, resolve intent, and arbitrate conflicts because all participants are known entities operating under common rules.
Across the organizational boundary, every one of those assumptions fails.
Identity at the Boundary
The manufacturer's procurement agent needs to verify that it is actually communicating with the supplier's authorized fulfillment agent, and not a spoofed endpoint, a test instance, or an agent that lacks the authority to commit to delivery terms. As I discussed in Article 4, this requires federated agentic identity: the ability for Organization A's agent to present verifiable credentials that Organization B can validate without sharing a common identity provider.
Neither organization controls the other's identity infrastructure. The supplier has issued an identity to its fulfillment agent. The manufacturer needs to trust that identity. This requires a trust framework that spans the boundary: mutual recognition of identity providers, verifiable credential exchange, and a mechanism for revoking trust if either party's agent behaves outside agreed parameters. The emerging OIDC-A (OpenID Connect for Agents) proposal and SPIFFE-based workload identity offer pieces of this puzzle, but the federated layer that connects them across organizations is still nascent.
Governance Across Boundaries
The manufacturer's governance framework says the procurement agent can commit to a maximum 15% delivery premium without human approval. The supplier's governance framework says the fulfillment agent can accept rush orders up to a certain capacity threshold. These governance rules are internal to each organization. Neither side has visibility into the other's constraints.
Cross-organizational governance requires a negotiated layer of shared rules that sits above each organization's internal governance. This is not about one organization imposing its governance on the other. It is about establishing a bilateral (or multilateral) governance contract: agreed decision boundaries, escalation protocols, and dispute resolution mechanisms. Think of it as a machine-readable version of the terms and conditions that govern human business relationships, except that agents need to evaluate and enforce these terms in real time, at machine speed.
The Agent Service Bus Across Boundaries
Inside the enterprise, the Agent Service Bus (as I described in Article 2) handles capability discovery, intent resolution, contract negotiation, conflict arbitration, and message routing. Across organizations, each of these functions needs to work across separate infrastructure.
Capability discovery is the most tractable: the A2A protocol's Agent Cards already provide a mechanism for agents to advertise their capabilities to external parties. Intent resolution is harder because each organization may express the same business intent differently. Contract negotiation becomes genuinely complex when the agents have different authority levels, different governance constraints, and different optimization objectives. And conflict arbitration requires a neutral mechanism that neither party controls, or at minimum, a pre-agreed escalation path when the agents reach an impasse.
The supply chain scenario illustrates a critical point: cross-organizational agent collaboration does not require building a single, unified Agent Service Bus that spans all participants. It requires an interoperability layer that lets each organization's Agent Service Bus communicate with others. This is the federated model: each enterprise operates its own orchestration infrastructure, and a protocol layer bridges them.
Scenario 2: Partner Ecosystem Orchestration
The supply chain scenario involves two organizations with a direct commercial relationship. Partner ecosystem orchestration is more complex: multiple organizations, each with their own agents, coordinating on shared workflows where the relationships are multilateral rather than bilateral.
Consider a commercial real estate transaction. The buyer's agent, the seller's agent, the lender's agent, the title company's agent, the insurance company's agent, and the regulatory filing agent all need to coordinate a complex, multi-step process with dependencies, approvals, and compliance requirements that span every participant. No single organization controls the workflow. No single platform runs all the agents. Each participant has different identity infrastructure, different governance rules, and different risk tolerances.
Or consider a healthcare scenario: a provider's clinical agent recommending a treatment plan that requires prior authorization from a payer's authorization agent, verification of drug interactions from a pharmacy benefits agent, and coordination with a specialist referral agent at another provider. Patient data is involved, with HIPAA constraints, consent requirements, and data minimization rules that differ by participant.
These multi-party scenarios expose limitations that bilateral cross-org collaboration does not:
Multilateral trust. In a bilateral relationship, two organizations establish a trust agreement. In a partner ecosystem, every participant needs to trust every other participant's agents, or at minimum, trust the agents they interact with directly. The number of trust relationships grows combinatorially with the number of participants. Without a shared trust framework (such as a consortium-operated identity federation), the trust management overhead becomes unmanageable.
Workflow coordination without a central orchestrator. Intra-enterprise workflows have a clear orchestrator: the enterprise's Agent Service Bus or process engine. In a multi-party ecosystem, no single participant can be the orchestrator without creating a power asymmetry that other participants resist. The workflow needs to be coordinated through consensus or through a neutral intermediary that all parties trust.
Data sovereignty. Every participant in a multi-party workflow has data that it needs to share selectively and protect absolutely. The healthcare scenario makes this vivid: patient data flows through the workflow, but each participant has different access rights, different retention rules, and different compliance obligations. The agents need to collaborate on the workflow while respecting data boundaries that are not just technical but legal.
Accountability in multi-hop chains. When a workflow spans five organizations and one agent's action produces a bad outcome, the accountability chain (which I discussed in Article 5) becomes a multi-party problem. The delegation chain crosses organizational boundaries. Provenance records are distributed across participants. Determining responsibility requires a shared accountability framework that no participant has built.
“Know Your Agent: The KYA Framework
An emerging concept in cross-organizational agent trust is the Know Your Agent (KYA) framework, modeled on the Know Your Customer (KYC) principles that have governed financial services for decades. Just as financial institutions verify the identity and risk profile of customers before transacting with them, KYA proposes that organizations verify the identity, capabilities, governance posture, and accountability chain of external agents before allowing them to interact with internal systems.
A KYA assessment would include: verifying the agent’s organizational affiliation and authorization level, confirming the governance framework the agent operates under, assessing the agent’s track record (reliability, error rates, dispute history), validating the agent’s identity credentials and the trust chain behind them, and establishing the liability framework for the agent’s actions.
KYA is not a standard yet. But the underlying principle, that organizations should conduct due diligence on the agents they interact with, is likely to become a baseline requirement for cross-organizational agent collaboration. The organizations that establish KYA processes early will have an advantage in building trusted agent ecosystems.”
Scenario 3: Customer-Vendor Agent Interactions
The third cross-org scenario is perhaps the most immediate: agents acting on behalf of customers interacting with agents acting on behalf of vendors. This is already happening in customer service, where AI agents handle the majority of support volume for some vendors. But the next phase extends far beyond support tickets.
Consider a customer's purchasing agent evaluating products from multiple vendors. The customer's agent queries each vendor's sales agent for pricing, availability, and configuration options. It compares responses, negotiates terms, and ultimately commits to a purchase. The vendor's agent responds to inquiries, adjusts pricing within authorized parameters, and fulfills the order.
This interaction is routine for human buyers and sellers. For agents, it raises distinctive challenges.
Asymmetric information and adversarial optimization. The customer's agent is optimizing for the buyer (lowest cost, best terms, fastest delivery). The vendor's agent is optimizing for the seller (highest margin, longest commitment, maximum volume). Both are acting rationally within their mandates. But unlike human negotiations, where social dynamics, relationship considerations, and imprecise communication introduce useful friction, agent-to-agent negotiation can devolve into rapid algorithmic optimization that produces outcomes neither party intended. Financial markets have seen this pattern with algorithmic trading: individually rational agents producing collectively irrational results.
The trust asymmetry. In most customer-vendor relationships, there is a power imbalance. The vendor controls the product, the pricing, and the service infrastructure. The customer's agent has limited ability to verify the vendor agent's claims independently. If the vendor's agent asserts that a product is in stock when it is not, or quotes a delivery timeline it cannot meet, the customer's agent may lack the context to challenge the assertion. Trust verification in customer-vendor agent interactions needs to account for this asymmetry.
Consent and transparency. When a customer's agent and a vendor's agent negotiate a contract, does the customer understand what their agent committed to? Does the vendor understand what their agent offered? The accountability governance layer needs to ensure that both principals (the customer and the vendor) have visibility into what their agents did on their behalf, and that neither agent exceeded its authority. This is not just good practice. Under emerging regulations like the EU AI Act, it is likely to become a legal requirement.
Customer-vendor agent interactions will likely become the most common form of cross-organizational agent collaboration simply because every enterprise is both a customer and a vendor. The governance, identity, and trust frameworks you build for one side of the relationship will need to work for the other side as well.
Platforms, Protocols, or Both?
Every cross-organizational scenario raises the same strategic question: will cross-org agent collaboration be mediated by dominant platforms or by open protocols? The answer, I believe, is both, but in different ways for different contexts.
The Platform Case
Dominant platforms have real advantages in cross-organizational scenarios. They can enforce common identity standards, common governance rules, and common data formats across all participants. A supply chain platform that hosts both buyer and supplier agents can mediate negotiations, enforce compliance, and maintain audit trails within a single environment. The trust problem is simplified because both parties trust the platform, even if they do not trust each other.
This is why industry-specific platforms are well-positioned to anchor cross-org agent collaboration in their verticals. A healthcare interoperability platform, a trade finance platform, a logistics orchestration platform: each of these can provide the shared infrastructure that makes cross-org collaboration tractable within a specific industry context. The platform becomes the trust anchor, the governance enforcer, and the interoperability layer for its vertical.
The Protocol Case
Open protocols have different advantages. They prevent any single platform from becoming a gatekeeper for cross-organizational collaboration. They allow organizations to maintain their own infrastructure while participating in shared workflows. They enable cross-industry scenarios that no single vertical platform covers.
The Agentic AI Foundation (AAIF), launched under the Linux Foundation in late 2025 with founding members from multiple major AI companies, is working to establish exactly this kind of open protocol infrastructure. A2A handles agent-to-agent communication. MCP handles agent-to-tool connections. Emerging protocols like AP2 handle agent payment transactions. Together, these protocols could provide the connective tissue for cross-org collaboration without requiring a central platform.
NIST's AI Agent Standards Initiative, announced in February 2026, reinforces this direction by fostering industry-led standards for interoperable and secure agent ecosystems. The initiative explicitly calls out open-source protocol development to prevent vendor lock-in.
The Hybrid Reality
The likely outcome is neither pure platform nor pure protocol. Dominant platforms will anchor specific industry verticals, providing the shared infrastructure, trust frameworks, and governance mechanisms that make cross-org collaboration practical for their ecosystems. Open protocols will connect across those verticals, enabling cross-industry scenarios and preventing any single platform from controlling the entire agent economy.
Think of it as analogous to how electronic commerce evolved. Industry-specific marketplaces (platforms) emerged for procurement, logistics, and financial services. But the internet protocols (HTTP, TCP/IP, SSL) connected across those marketplaces, and open standards for data exchange (EDI, XML, APIs) enabled interoperability that no single marketplace controlled. Agent ecosystems will likely follow a similar pattern: vertical platforms for depth, horizontal protocols for breadth.
The strategic implication for enterprises is to participate in both. Engage with the industry-specific platforms relevant to your business (they will provide the fastest path to cross-org agent collaboration in your vertical). But also demand open protocol support from every platform and agent you deploy (it will protect your ability to collaborate across industry boundaries and prevent platform lock-in).
| Architectural Layer | Intra-Enterprise | Cross-Organizational Challenge |
|---|---|---|
| Identity | Single identity provider; unified directory | Federated identity across providers; mutual credential verification; trust revocation |
| Governance | One policy framework; centralized enforcement | Bilateral/multilateral governance contracts; shared decision boundaries; no centralized authority |
| Agent Service Bus | Single orchestrator; common message routing | Federated orchestration; cross-infrastructure capability discovery; neutral conflict arbitration |
| Data Access | Common data model; unified access controls | Data sovereignty; selective sharing; different retention and compliance rules per participant |
| Accountability | Single audit trail; clear chain of responsibility | Distributed provenance; multi-party delegation chains; cross-boundary liability attribution |
| Pricing/Metering | Internal cost allocation | Cross-organizational metering; settlement between parties; consumption attribution across boundaries |
The Role of Industry Consortia
Cross-organizational agent collaboration will not emerge spontaneously. It requires coordinated action on standards, trust frameworks, and governance models that no single vendor or enterprise can establish alone. This is where industry consortia play a critical role.
Several initiatives are already underway. The NIST AI Agent Standards Initiative is working on interoperability and security standards. The Agentic AI Foundation under the Linux Foundation is developing open protocol infrastructure. The OpenID Foundation's AI Identity Management Community Group is tackling federated agent identity. Singapore's IMDA has published the first government governance framework for agentic AI.
But what is missing is industry-specific consortium activity focused on the operational details of cross-org agent collaboration. The broad standards initiatives establish the protocol foundations. Industry consortia need to build on those foundations with sector-specific governance models, trust frameworks, data sharing agreements, and liability allocation mechanisms.
Financial services needs agent collaboration standards for trade settlement, KYC verification, and regulatory reporting. Healthcare needs standards for cross-provider agent coordination that respect HIPAA and patient consent. Manufacturing needs standards for supply chain agent negotiation that account for industrial safety and quality requirements. These are not problems that horizontal protocol bodies can solve because they require deep domain expertise and industry-specific regulatory knowledge.
The enterprises that participate in shaping these industry standards will have a structural advantage: they will understand the cross-org collaboration framework before it becomes mandatory, and they will influence the rules that their competitors will also have to follow.
Preparing for the Cross-Org Future
Cross-organizational agent collaboration is not a distant scenario. Supply chain agent pilots are running now. Customer-vendor agent interactions are already in production for support and service workflows. The pace is accelerating as agent capabilities improve and organizational confidence grows. Here is how to prepare:
Build your architecture with the boundary in mind. Every architectural decision you make today about agent identity, governance, and orchestration will either support or obstruct cross-org collaboration tomorrow. Ask yourself: can my identity framework verify external agents? Can my governance layer enforce rules for cross-boundary interactions? Can my Agent Service Bus communicate with an external orchestrator? If the answer is no, you are building for a world that is already passing.
Start with your most strategic external relationship. Do not try to enable cross-org agent collaboration with every partner simultaneously. Identify your most strategic bilateral relationship (your largest supplier, your most important customer, your critical logistics partner) and pilot cross-org agent collaboration there. The lessons from one well-structured pilot will inform your broader architecture more effectively than any theoretical planning exercise.
Engage with standards bodies now. The NIST AI Agent Standards Initiative, the Agentic AI Foundation, and the OpenID Foundation's AI Identity group are all in their formative stages. Enterprise participation in these processes matters. The standards they produce will shape how cross-org agent collaboration works for the next decade. If you wait until the standards are published to engage, you will be implementing rules you had no role in defining.
Develop your KYA process. Begin defining what you would need to know about an external agent before allowing it to interact with your systems. What identity credentials do you require? What governance framework must the agent operate under? What accountability chain must be demonstrable? What liability allocation is acceptable? Answering these questions now will accelerate your readiness when cross-org collaboration becomes a commercial requirement.
Assume the hybrid model. Plan for a world where industry-specific platforms anchor your primary vertical collaborations and open protocols connect you across verticals. Avoid committing exclusively to a single platform for all cross-org collaboration. Invest in open protocol support for your agent infrastructure to preserve optionality as the ecosystem evolves.
Throughout this series, I have argued that the Future Enterprise is not just a new technology stack. It is a new operating model where AI agents handle increasingly autonomous, consequential work. Cross-organizational collaboration is where that operating model meets its hardest test. Every layer of the architecture, from identity to governance to orchestration to pricing, must work not just within the controlled environment of a single enterprise but across the messy, adversarial, trust-deficient space between enterprises.
The organizations that solve this will not just have better technology. They will have access to a new category of business capability: agent-mediated collaboration that operates at machine speed across every significant business relationship. The organizations that do not solve it will find their agents powerful within their walls and useless beyond them.
The enterprise boundary has always been where coordination gets hard. In the age of agents, it is where coordination gets transformative.
Next in the series: "Where Does the Center of Gravity Land?" the concluding article that synthesizes the entire Future Enterprise framework and examines whether data, intelligence, or business logic will ultimately determine who controls the enterprise stack.
