5 vendor commitments your Series C board should require before signing an agentic AI contract this quarter

The headline your board saw

This week three vendors quietly redrew what an agentic AI contract should look like.

On Thursday, AWS shipped Bedrock AgentCore Payments in preview, the first managed payment capability built for autonomous agents. Per-session spending caps. Transaction signing that keeps private keys away from the agent. Identity, gateway, and observability native to the platform. The same Thursday, Anthropic added Dreaming, Outcomes, and Multi-agent Orchestration to Claude Managed Agents, pulling memory, evaluation rubrics, and orchestration logic deeper inside its own runtime, with Netflix already running the multi-agent piece in production according to 9to5Mac’s May 7 coverage. The same Thursday, Cognizant launched Secure AI Services, naming more than 250 regulated-industry enterprises already in operationalization programs and pivoting the system-integrator sales motion from “assumed trust” to “provable trust.”

By Friday, a ProgressiveRobot analysis of Anthropic’s stack alone inventoried nine concrete enterprise lock-in surfaces. Memory. Evaluations. MCP connectors. Orchestration. Telemetry. Each one is a contract clause that did not exist a year ago.

The CFO will walk into the next finance meeting with at least one Q3 agentic-platform renewal on the agenda. Here is what the board should require before that signature.

The five commitments

1. Per-session spending caps with transaction signing

   AWS just shipped this as a default for AgentCore Payments. End-user authorization before a wallet is touched. Private keys held off the agent. Every transaction observable through the same logs and traces as every other agent action. A vendor that cannot match this in contract language is selling a category that just leveled up without them. Boards should require explicit per-session caps, signed authorization for any autonomous transaction above a board-set threshold, and a default kill of the wallet on threshold breach.

2. Memory and orchestration export rights with format guarantees

   ProgressiveRobot put it cleanly on May 8: "If that memory cannot be exported, reviewed, mapped, and reused elsewhere, it becomes a switching cost." Anthropic's Dreaming and Multi-agent Orchestration features now persist agent state, curated memory, and execution graphs inside the vendor runtime. The contract needs a named export format, a 90-day retrieval window after termination, and a clause that says the vendor cannot use customer interaction data to train the next model the same vendor sells to a competitor. Procurement should treat agent memory the same way they treat the customer database. Because operationally, that is what it is.

3. Runtime kill-switch and identity-graph integration

   A team cannot kill what it cannot see. The contract should require a single-action pause/redirect/stop capability that integrates with the existing enterprise identity provider and produces a P1 incident with a full audit trail every time it fires. ServiceNow, Okta, Cisco, CrowdStrike, and Microsoft are all shipping agent-identity products into this gap right now. If the vendor's answer is "there is a console for that," the answer needs to be in the contract instead. Named integration. Named SLA on agent shutdown time. Named identity graph the kill-switch reads from.

4. Build-time and runtime audit evidence delivered to enterprise telemetry

   Cognizant's Secure AI Services launch on May 7 put a specific phrase on the table: "provable trust." That is a build-time plus runtime evidence model, with logs flowing into the customer's audit pipeline, not just the vendor's console. ProgressiveRobot listed telemetry ownership as one of nine lock-in surfaces. The fix lives in writing. Every agent decision, tool call, identity check, and policy evaluation flows to the company SIEM in a documented schema. Not screenshots. Not dashboards. Telemetry an auditor can ingest without a vendor login.

5. Bundled-services scope discipline

   MarketingProfs' May 8 roundup flagged Anthropic's $1.5 billion joint venture with Blackstone, Goldman Sachs, Hellman & Friedman, Apollo, and General Atlantic, which embeds Anthropic engineers inside midsized companies, alongside reports that both Anthropic and OpenAI are exploring acquisitions of engineering-services firms. Bundled implementation services are now part of the vendor offering, not a separate procurement decision. The contract needs explicit scope language on what vendor engineers do versus what the internal team owns. Otherwise the line between "vendor support" and "vendor architects writing the roadmap" gets very thin by month four.

Three questions your board will ask

“What is the exit cost in 18 months?” This is the renewal question, and the answer is no longer just license fees. It is memory, evaluation rubrics, orchestration graphs, and telemetry coupling. The five commitments above are the answer. If even one of them is missing from the contract, the exit cost is the renewal price plus rework.

“Who owns the agent’s behavior when it does something expensive?” California’s AB 316 took effect on January 1 and removed the autonomous-operation defense for AI liability. Vendor contracts that cap liability at the monthly subscription fee are still the norm in 2026. Boards should require named indemnification for autonomous actions and hallucinations causing financial loss, not just IP infringement. The CFO will write this question on the budget memo whether the CEO raises it first or not.

“How do we know it is working?” Outcomes-based grading is now inside Anthropic’s platform, but the rubric is portable only when the contract says so. The board does not need a new dashboard. The board needs the evaluation rubric to live in the company’s eval pipeline, not the vendor’s. Same answer as commitment two. Same architecture.

Procurement should treat agent memory the same way they treat the customer database. Because operationally, that is what it is.

The 60-second brief

Three vendors shipped three new product categories in 72 hours. Each one moved a piece of the agentic stack closer to the vendor and farther from the customer. Per-session spending caps. Memory export with format guarantees. Kill-switch with identity-graph integration. Build-time and runtime audit evidence in customer telemetry. Bundled-services scope discipline. Five commitments. Each one becomes contract language before signature. None of them are exotic. All of them are absent from most vendor templates today. The board does not need to understand the technology. The board needs to know whether the renewal in 18 months will cost more than it should.

What to watch

Microsoft Agent 365 reached general availability on May 1, which means every Series C operator now has an in-house Microsoft baseline to price the agentic platform on the desk against. The next agentic AI contract that lands for signature is also the first one a CFO can benchmark in dollar terms against a known bundle. The five commitments work either way. Use them as the reference, not the vendor’s template. The vendors had a busy week. The board can have a calmer one if the contract is written to last.