← All issues

The Agentic Index Brief

June 26 to July 3, 2026 · Published July 4, 2026

The week in one line

Seven vendors shipped agent governance and security features in seven days. If you needed proof that enterprise buyers are now asking "how do I control this thing" before "what can it do," this was the week.

Theme 1: The governance wave

Agentic Index logged more security and governance releases this week than any other category, and they came from every layer of the stack.

At the infrastructure layer, Daytona released a SecretService API that injects credentials as opaque placeholders, substituting real plaintext only at network egress and only for allowed hosts. Untrusted generated code inside the sandbox can never read the underlying key. This closes one of the most common exfiltration paths in agent execution, and we expect competing sandbox providers to match it.

At the platform layer, GitHub opened a public preview of Copilot agent session streaming: prompts, responses, and tool calls across all Copilot clients can now stream into SIEM platforms like Microsoft Purview. This is the feature compliance teams have been waiting for before approving autonomous agents at scale. monday.com shipped AI permissions assigned by role, plus a central directory for monitoring and deactivating every agent on an account. Sprinklr went further and added a global kill switch that bulk disables generative AI features, with new AI capabilities now defaulting to off. A global kill switch is not exactly glamorous, but neither is explaining to legal why the robot improvised.

At the application layer, Cognition launched Devin Security Swarm, a system of coordinated agents that scans codebases, reproduces vulnerabilities in isolated sandboxes to prove exploitability, and opens patch PRs. Factory released Droid Shield 2.0 with models trained specifically for secret detection during autonomous commits. And Tavily picked up ISO 27001 certification, which matters less as a technical change and more as a procurement unblock. Sometimes the most important product feature is the PDF that lets the deal survive security review. Tragic, but useful.

Our read: governance features have crossed from differentiator to table stakes. If a platform you are evaluating cannot answer "show me what the agent did" and "let me shut it off centrally," it is now behind the market, not ahead of your requirements.

Buyer question this week: can your vendor show what its agents did, cap what they spend, revoke their access centrally, and prove what happened after the fact? Any "no" in that list is now a gap against the market, not a roadmap item.

Theme 2: Agents are outgrowing the vector index

Two releases this week, from vendors that do not compete, point at the same architectural conclusion.

Qodo 2.4 removed most of its RAG indexing layer for code review. The agent now rediscovers code context itself using git and grep, with retrieval reserved for review decisions and conventions specific to a team, which cannot be recovered from the working tree. Qodo reports the leaner architecture leads on its review benchmarks with a fraction of the indexing infrastructure.

Two days later, LlamaIndex, a company named after the index, announced Retrieval Harness: filesystem primitives like grep, file read, and directory listing that let agents navigate document collections on demand rather than relying solely on a prebuilt vector index. When a company with "Index" in the name starts making room for less indexing, the market is trying to tell us something. Subtle as a fire alarm, but still.

Our read: modern agents are strong enough to fetch what they need step by step, and vendors are concluding that heavy vector indexing infrastructure is a cost center, not a moat. For buyers, the practical question to ask any retrieval heavy platform this quarter is simple: what happens to my total cost of ownership if the vector index shrinks or disappears?

Theme 3: Copilot shipped five releases in five days

GitHub shipped five material Copilot changes in this window: Vision reached general availability on every tier, so users can attach images and PDFs by default; browser tools for agents in VS Code went GA, allowing agents to navigate, click, and screenshot inside the editor; Kimi K2.7 Code joined the model picker as an open weights option; AI credit session limits landed in the CLI and SDK; and the SIEM streaming preview covered above rounded out the week.

Our read: the session limits release is the sleeper. A hard spend cap per session is the difference between "we let the agent run overnight" and "we got a surprise invoice." Expect every agent platform that bills on usage to copy this.

Action item: E2B auth cutover, August 1

E2B deprecated access token authentication in favor of API keys. This is a breaking change with a fixed deadline: legacy tokens stop working August 1, 2026, and every SDK and API call must migrate before then. If your team runs E2B sandboxes in production, this belongs on your maintenance list this month, not in the traditional engineering graveyard labeled "after launch."

Also notable

  • Web agents: Browserbase launched fully managed web agents invoked with a single API call, shifting from infrastructure provider to turnkey agent option.
  • Legal AI: Harvey made Claude Sonnet 5 available platform wide and published a 91.3% score on BigLaw Bench, giving legal buyers a rare benchmark at the task level for comparing platforms across model upgrades.
  • Code agents: Sourcegraph opened a public beta of Agentic Batch Changes, an agent harness for applying code changes across thousands of repositories. Thousands of repositories is exactly where auditability stops being a feature and starts being oxygen.
  • EU sovereignty: NICE became a launch partner for the AWS European Sovereign Cloud, and IBM expanded watsonx Orchestrate to Paris. Both moves target EU data sovereignty mandates.
  • Enterprise memory: Kore.ai added persistent memory for each employee to AI for Work, so its agents retain individual context across sessions.
  • Open weights models: Poolside released Laguna XS 2.1, a 33B open weights model for agentic coding under a permissive license, aimed at teams with data residency requirements.

The Agentic Index Brief is published weekly by Agentic Index, the verified directory of 371 agentic AI vendors. Compare platforms by capability at agenticindex.io/compare. Methodology at agenticindex.io/methodology.

Contact us

Found a vendor we missed? Have feedback on the index? We'd love to hear from you.