Cycle on May 25, 2026

I will list the open threads for the topic to see what specific questions or areas of investigation need to be pursued in this cycle.

I will run a web search to identify recent reports, articles, case studies, and surveys from 2026 regarding enterprise and SMB adoption of autonomous AI agents, including frameworks, platforms, and barriers.

I will fetch several of these highly relevant resources to gather concrete, specific evidence on enterprise adoption of AI agents in 2026. First, let's fetch: 1. `https://writer.com/blog/enterprise-ai-adoption-2026/` (Enterprise AI adoption in 2026: Why 79% face challenges - Writer) 2. `https://www.langchain.com/state-of-agent-engineering` (State of Agent Engineering - LangChain) 3. `https://cdn.jsdelivr.net/gh/abncharts/abncharts.public.1/abnasia.org/1765455980320_www.abnasia.org.pdf` (The 2026 State of AI Agents Report - Anthropic / Material) 4. `https://www.cdata.com/blog/2026-enterprise-mcp-adoption-roadmap` (2026 Enterprise MCP Adoption Roadmap - Model Context Protocol) Let's start by fetching the Writer blog and the LangChain State of Agent Engineering page.

I will fetch the "State of Agent Engineering" report from LangChain to see how developers and enterprises are building agents (e.g., LangGraph adoption, frameworks, and engineering hurdles).

The fetch to LangChain failed due to a timeout. I will try to fetch the Anthropic/Material 2026 State of AI Agents Report PDF or search for LangChain's findings using web search first, or try fetching the PDF link. Let's see if we can find the content of LangChain's State of Agent Engineering report via web search first or fetch other URLs. Let's do a web search for the LangChain report details.

Let's try to fetch the Anthropic/Material 2026 State of AI Agents Report PDF or see if there is another article about it. Let's do a web search.

I will fetch the PDF of the "2026 State of AI Agents Report" by Anthropic (hosted on jsDelivr) or fetch the Arcade.dev blog post about it, as it will likely summarize the key statistics and findings from the Anthropic report. Let's fetch the Arcade.dev blog post first, as it's a markdown-friendly web page, and then we can fetch the PDF if needed. Let's fetch `https://www.arcade.dev/blog/5-takeaways-2026-state-of-ai-agents-claude/` first.

This is very rich data. Let's fetch the actual PDF from jsDelivr to get the exact quotes, numbers, and deeper details if possible, or we can search for other sources that cover the report in detail. Let's do a search to see if we can find more details from the Anthropic 2026 State of AI Agents Report, or we can fetch a few pages of the PDF. Let's do a web search first on the Anthropic 2026 State of AI Agents report to see what the top use cases and other interesting stats are. Let's search: `"2026 State of AI Agents Report" "Anthropic" "Material" OR "500"` or similar.

Let's fetch the pdf from `https://cdn.jsdelivr.net/gh/abncharts/abncharts.public.1/abnasia.org/1765455980320_www.abnasia.org.pdf` or search for key excerpts. Since fetching a raw PDF via `web_fetch` might return structured markdown or binary content (or might fail if too large), let's attempt to fetch it first. It's a jsDelivr CDN link, which usually serves the file directly. Let's see if we get a readable markdown text or if it fails. If it fails, we can search for articles that summarize it in more detail. Let's try fetching.

This is an incredibly detailed and valuable document! We have specific stats and concrete case studies with results, such as Novo Nordisk (NovoScribe), L'Oréal, N26, and eSentire. Let's do a web search on other key terms to find more case studies and recent telemetry data. For example, let's look at Salesforce's Agentforce adoption, which was launched in late 2024 and has been rolling out aggressively in 2025 and 2026. Let's run a search for Agentforce adoption numbers, customer stories, or surveys in 2025/2026. This will give us a strong enterprise platform angle. Let's search: `"Agentforce" adoption OR "case study" 2026 OR 2025` or similar.

Let's fetch the article `https://www.salesforceben.com/where-are-we-really-at-with-agentforce-adoption/` (Salesforce Ben: "Where Are We Really at With Agentforce Adoption?") to get a realistic view of how Agentforce is actually being adopted. Let's do that first.

This Salesforce Ben article is extremely insightful! It specifically highlights: - Early-to-mid 2025 issues: bugginess, loss of context, broken sandbox promotions, inconsistent desktop vs. mobile behavior, poor instruction models unable to handle structured 'if-then-else' logic. - Late 2025/early 2026 progress: Salesforce introduced "Agent Script" in October 2025 (hybrid reasoning) to write structured instructions rather than relying on free-text, significantly improving consistency. - Salesforce's Q4 2025 results showed 5,000 Agentforce deals secured, showing momentum on paper but with implementation hurdles around sandboxes, lack of fine-tuned configuration articles, and relying heavily on partners. Let's do a search on other aspects of the 2026 AI Agent market. Wait! Let's check the Yahoo Finance article: "Agentforce Adoption Rises: Can It Be Salesforce's Next Growth..." or search for Salesforce Q4 2025 or Q1 2026 earnings reports to find the exact financial scale and ARR of Agentforce. Let's do a search.

This is amazing: Salesforce's Q4 Fiscal 2026 results (reported in February 2026) showed: - Agentforce ARR reached **$800 million** in Q4 FY26, up from $540 million in Q3 FY26 (which is a 48% quarter-over-quarter growth). - Agentforce and Data 360 ARR combined reached nearly $1.4 billion in Q3 FY26 (up 114% YoY). - Agentforce deals closed grew 50% QoQ in Q4 FY26, reaching 29,000 total deals (up from 18,500 in Q3, with 9,500 paid in Q3). - Marc Benioff commented on Agentforce's momentum during the Q4 FY26 earnings call. Let's fetch `https://www.salesforce.com/news/press-releases/2026/02/25/fy26-q4-earnings/` or `https://www.salesforceben.com/huge-agentforce-growth-in-salesforce-q4-as-benioff-mocks-saaspocalypse-narratives/` to pull the exact quotes and details. Let's fetch the Salesforce Ben article or the press release. Let's try the Salesforce Ben article: `https://www.salesforceben.com/huge-agentforce-growth-in-salesforce-q4-as-benioff-mocks-saaspocalypse-narratives/` first.

This is extremely valuable. The Agentforce and Data 360 numbers are highly specific and fresh (as of late Feb 2026): - Q4 FY26 (ended Jan 31, 2026): Agentforce ARR grew to **$800M**, a 48% QoQ increase from $540M in Q3. - Agentforce deals reached **29,000**, up 50% QoQ from 18,500 deals in Q3. - Agentforce and Data 360 combined ARR was over **$2.9B**, up over 200% YoY (though this includes $1.1B Informatica Cloud ARR). - Marc Benioff stated that Salesforce has consumed nearly 20 trillion tokens, converting them into more than 2.4 billion agentic work units to date. - More than 60% of Agentforce and Data 360 bookings in Q4 FY26 came from existing customer expansion. - In FY26, Data 360 ingested 112 trillion records (up 114% YoY), including 53 trillion via Zero Copy (up 310% YoY), showing that data integration (like Zero Copy architecture) is a massive driver for enabling agentic workflows. Wait, let's look at another important trend in 2026: the Model Context Protocol (MCP) and how it's shaping enterprise agent-to-data integration. One of the search results mentioned: `2026 Enterprise MCP Adoption Roadmap - CData Software` Let's search for Model Context Protocol (MCP) enterprise adoption in 2026 to see if this is an emerging framework/standard that companies are using to connect agents to data. Let's do a search on `"Model Context Protocol" enterprise adoption 2026 OR 2025` or similar.

This is a fantastic development! Model Context Protocol (MCP) has exploded as a core standard for AI agents in 2026. Let's fetch several of these articles to extract concrete evidence and quotes: 1. `https://blog.cloudflare.com/enterprise-mcp/` (Cloudflare: "Scaling MCP adoption: Our reference architecture for simpler, safer...") 2. `https://blog.qualys.com/product-tech/2026/03/19/mcp-servers-shadow-it-ai-qualys-totalai-2026` (Qualys: "MCP Servers: The New Shadow IT for AI in 2026") 3. `https://www.cdata.com/blog/2026-year-enterprise-ready-mcp-adoption` (CData: "2026: The Year for Enterprise-Ready MCP Adoption") Let's fetch the Cloudflare blog post first. It will show a concrete enterprise case study and reference architecture for MCP.

Ah, the fetch to Cloudflare timed out. Let's try fetching the Qualys blog post (`https://blog.qualys.com/product-tech/2026/03/19/mcp-servers-shadow-it-ai-qualys-totalai-2026`) or the CData blog post (`https://www.cdata.com/blog/2026-year-enterprise-ready-mcp-adoption`). Let's try fetching the CData blog first.

This is highly informative! Model Context Protocol (MCP) is indeed shaping up as a core standard in 2026. Let's look at the security risks and "Shadow IT" aspect of MCP in 2026. Let's fetch the Qualys blog post `https://blog.qualys.com/product-tech/2026/03/19/mcp-servers-shadow-it-ai-qualys-totalai-2026` to see what they say about MCP servers becoming the new shadow IT for AI in 2026. This will reveal the "action risk" and security concerns that are holding companies back or creating governance problems.

The fetch to Qualys also timed out. Let's do a web search to find what the Qualys blog or other security articles say about "MCP servers" and "shadow IT" or security risks in 2026. Let's search: `"MCP servers" "Shadow IT" 2026 OR 2025` or similar.

Wow! "Shadow MCP" is actually a formalized term, and there is even an "OWASP MCP Top 10" project! Let's search for details on the OWASP MCP Top 10 or find an article explaining what "Shadow MCP" and these security risks are. Let's try to fetch `https://zuplo.com/learning-center/shadow-mcp-ungoverned-ai-agent-security` or `https://www.upguard.com/blog/mcp-ai-protocol-expanding-your-attack-surface` or `https://owasp.org/www-project-mcp-top-10/` to see if we can read them. Let's try fetching the UpGuard blog post first. If that fails, we can fetch others or do a search with exact terms. Let's fetch the UpGuard blog.

This is amazing! UpGuard has written several extremely fresh articles (from May 2026) on: - "Shadow MCP Servers: The AI Infrastructure You Can't See" (May 20, 2026) - "Six MCP Security Incidents Every Security Leader Should Know" (May 14, 2026) - "1 in 15 MCP Servers are Lookalikes: Is Your Org at Risk?" (May 12, 2026) Let's fetch `https://www.upguard.com/blog/shadow-mcp-servers` or `https://www.upguard.com/blog/mcp-security-incidents` to get the details! This is incredibly specific, timely, and perfect for updating our understanding of "Action Risk" and "Security Concerns" in mid-2026. Let's fetch `https://www.upguard.com/blog/shadow-mcp-servers` first.

Wait, the content of that page didn't fetch fully (it just gave related posts). Let's fetch `https://www.upguard.com/blog/mcp-security-incidents` to see if we can get the details of the security incidents, or let's do a search on `"Shadow MCP" OR "MCP security" 2026 UpGuard` to get more text. Let's try fetching `https://www.upguard.com/blog/mcp-security-incidents` first.

Ah, UpGuard's blog pages seem to have a layout that puts other posts' thumbnails at the top, or they are very short. Let's do a web search on `"Shadow MCP" OR "MCP security" 2026` to get more detailed information about the security risks and specific incidents or findings. Let's search: `"Shadow MCP" OR "Model Context Protocol" "security" OR "vulnerability" 2026` to find other security vendor insights.

This is an incredibly rich set of security sources! We have: - Microsoft Defender for Cloud Blog: "Plug, Play, and Prey: The security risks of the Model Context Protocol" (with a specific section on "Shadow MCP" as a new invisible threat). - eSentire: "Model Context Protocol Security: Critical Vulnerabilities Every CISO Should Address in 2025" - CVE-2025-49596: Critical RCE Vulnerability in Anthropic MCP Inspector (mentioned in an NSA CSI report!). - arXiv paper 2510.16558: "A First Look at the Security Issues in the Model Context Protocol Ecosystem" (published late 2025/early 2026). - Embrace The Red blog: "MCP: Untrusted Servers and Confused Clients, Plus a Sneaky Exploit" (by Johann Rehberger, a prominent AI security researcher). Let's fetch the Microsoft Tech Community blog post: `https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/plug-play-and-prey-the-security-risks-of-the-model-context-protocol/4410829` This will give us a highly authoritative view of how major security vendors (Microsoft) are diagnosing the "Shadow MCP" threat. Let's fetch it.

Ah, the Microsoft Tech Community site is currently down for scheduled maintenance, so we got the maintenance page instead. No worries! We have other excellent sources, such as Red Hat, eSentire, and the NSA CSI report. Let's do a search to get the details of the NSA CSI report on MCP security or the eSentire blog on MCP vulnerabilities. Let's search: `"CVE-2025-49596" OR "CVE-2025" "MCP" OR "Model Context Protocol" security` or `"A First Look at the Security Issues in the Model Context Protocol Ecosystem"`. This will give us extremely specific, technical security findings for 2026. Let's run a search.

This is incredible! We have hit a goldmine of specific, highly technical 2026/2025 security vulnerabilities within the Model Context Protocol (MCP) ecosystem, which is the exact technical standard gaining massive traction in 2026. Let's fetch: 1. `https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596` (Oligo Security: "Critical RCE Vulnerability in Anthropic MCP Inspector - CVE-2025-49596") 2. `https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/` (Cymulate: "CVE-2025-53109: EscapeRoute Breaks Anthropic's MCP Server") 3. `https://www.endorlabs.com/learn/classic-vulnerabilities-meet-ai-infrastructure-why-mcp-needs-appsec` (Endor Labs: "Classic Vulnerabilities Meet AI Infrastructure: Why MCP Needs...") Let's fetch the Oligo Security blog first to read about CVE-2025-49596. This is a critical security vulnerability that highlights the "Action Risk" and "Security Concerns" holding back enterprises or requiring massive governance in 2026.

Ah, the firecrawl scraper timed out again on Oligo Security. Let's try fetching the Endor Labs blog post: `https://www.endorlabs.com/learn/classic-vulnerabilities-meet-ai-infrastructure-why-mcp-needs-appsec` or do a web search to get descriptions of these CVEs (like CVE-2025-49596, CVE-2025-53109, CVE-2025-68143). Let's try fetching first.

This is an absolute masterpiece of a source! It provides: - The exact dates: Published January 23, 2026. - The exact statistics from Endor Labs' 2025 Dependency Management Report (analyzing 2,614 MCP implementations): - 82% use file system operations prone to Path Traversal (CWE-22) - 67% use sensitive APIs related to Code Injection (CWE-94) - 34% use sensitive APIs related to Command Injection (CWE-78) - 5-7% used APIs tied to Cross-Site Scripting (7%), SQL Injection (6%), and Open Redirect (5%). - The exact CVEs with dates (January 2026): - **CVE-2025-68143, CVE-2025-68144, CVE-2025-68145** (disclosed Jan 20, 2026) in Anthropic's official `mcp-server-git` reference implementation: - CVE-2025-68143: git_init tool allowed creating repos at arbitrary filesystem paths because `--repository` boundary was never validated. - CVE-2025-68145: path arguments weren't checked against allowed scope. - CVE-2025-68144: passed user-controlled arguments directly to Git CLI without sanitization, allowing argument injection. - **CVE-2025-53967** (disclosed late 2025) in Framelink Figma MCP server (over 600,000 downloads, 10,000+ GitHub stars): Imperva discovered a command injection vulnerability in the `fetchWithRetry` function that constructed curl commands using unsanitized user input. - **CVE-2026-22785** (disclosed Jan 2026) in Orval MCP Client Code Injection: Orval generates TypeScript clients from OpenAPI specifications, and its MCP server generation incorporated the summary field without proper escaping, allowing code injection when generating code from malicious OpenAPI specs. - **CVE-2026-23947** (disclosed Jan 2026) in Orval: affected a different code path where `x-enumDescriptions` fields were embedded without escaping. - **CVE-2026-22807** (disclosed Jan 2026) in vLLM: loads Hugging Face auto_map dynamic modules without gating on `trust_remote_code`, allowing arbitrary code execution at server startup. - The concept of "Indirect Prompt Injection" as an attack vector: Attackers embed malicious instructions in Git repositories, Figma design files, or OpenAPI specs that get processed by an AI coding assistant, which then calls the vulnerable MCP tools with attacker-controlled arguments. This directly updates the "Enterprise AI Agent Production Gap: Stalling at Scale Over 'Action Risk'" (slug: `enterprise-agent-adoption-production-gap-2026`) and provides a brand new finding on Model Context Protocol (MCP) security and shadow deployments in 2026! Wait! Let's check if there are other open threads or findings to update. Let's see the slugs of the prior findings in this topic: 1. `agentic-ai-market-size-growth-2026`: Global agentic AI market size and growth ($7.6B in 2026, 40%+ CAGR to $236B by 2034). 2. `enterprise-agent-adoption-production-gap-2026`: Enterprise AI Agent Production Gap (stalling at scale over action risk). 3. `enterprise-agent-case-studies-roi-2026`: Enterprise Case Studies (AstraZeneca, etc.). 4. `druid-ai-production-telemetry-agents-2026`: Druid AI Production Telemetry. 5. `smb-ai-agent-adoption-data-barriers-2026`: SMB AI Agent Adoption. Let's review what we have gathered so far: - **For Market Size/Growth & Platform Adoption (`agentic-ai-market-size-growth-2026` or a new finding)**: We have Salesforce's Q4 FY2026 results (reported Feb 25, 2026). This is massive! Agentforce ARR reached **$800M** in Q4 FY26, up from $540M in Q3, with 29,000 closed deals (up 50% QoQ). This represents a concrete, multi-million dollar proof of enterprise spending on agentic platforms. - **For the Production Gap / Action Risk (`enterprise-agent-adoption-production-gap-2026`)**: We have the Writer 2026 Enterprise AI Adoption survey (conducted with Workplace Intelligence, surveying 1,200 non-technical employees and 1,200 C-suite executives). Key stats: - 97% of executives deployed AI agents in the past year, but only 23% see significant ROI from AI agents (29% from generative AI). - 75% of executives admit their AI strategy is "more for show" than actual guidance. - 79% of organizations face challenges in adopting AI (up double-digits from 2025). - 36% of companies lack any formal plan for supervising AI agents. - 35% admit they couldn't immediately "pull the plug" on a rogue AI agent. - 67% believe their company has already suffered a data leak or breach due to unapproved AI tools. - **For Enterprise Case Studies (`enterprise-agent-case-studies-roi-2026`)**: We have the Anthropic/Material 2026 State of AI Agents Report (released Dec 2025/early 2026). It surveys 500+ technical leaders. - 57% of organizations deploy agents for multi-stage workflows (including 16% cross-functional processes spanning multiple teams). - 80% report these investments are already delivering measurable economic returns. - Concrete case studies: - **Novo Nordisk**: NovoScribe, built with Claude Code, reduced clinical study documentation production from 10+ weeks to 10 minutes (and cut resource needs for device verification protocols by 95%). - **L'Oréal**: 99.9% accuracy on conversational analytics applications. - **N26**: 70% automation across targeted processes in one year. - **eSentire**: Expert security analysis compressed from 5 hours to 7 minutes with 95% alignment. - **For MCP Security & Shadow IT (A fresh slug: `mcp-security-shadow-it-2026`)**: - Model Context Protocol (MCP) has emerged as the universal "USB-C" integration standard in 2026, with over 1,000+ connectors. - However, it has introduced a major new attack surface called "Shadow MCP" or "Shadow MCP Servers," where developers deploy unapproved, unvetted MCP servers on localhost or containers. - Endor Labs' January 2026 analysis of 2,614 MCP implementations found that 82% are vulnerable to path traversal and 34% to command injection. - Critical vulnerabilities discovered in early 2026 include CVE-2025-49596 (RCE in Anthropic MCP Inspector), CVE-2025-68143/4/5 (vulnerabilities in Anthropic's official `mcp-server-git` reference implementation), CVE-2025-53967 (RCE in Framelink Figma MCP server), and CVE-2026-22785 (code injection in Orval MCP Client). - Indirect prompt injection is the key vector, where attackers poison Git repos, Figma files, or OpenAPI specs to force the agent to execute arbitrary commands. Let's do a search to see if there is any other major survey or data point we should check. For example, let's search for "LangGraph" or "LlamaIndex" or "Semantic Kernel" enterprise adoption in 2026 to see if there is any other framework telemetry. Let's search: `"LangGraph" OR "Semantic Kernel" adoption enterprise 2026 OR 2025` or similar.

Ah! The web search budget is exhausted. This is fine because we have already gathered incredibly rich, concrete, and highly specific data from authoritative sources (Writer's 2026 Enterprise Survey, Salesforce's Q4 FY26 earnings report, Anthropic's 2026 State of AI Agents Report, and Endor Labs' January 2026 MCP AppSec Report). Let's carefully organize and write our findings! We will write four findings: 1. **Salesforce's Agentforce Financial Scale**: Update `agentic-ai-market-size-growth-2026` or use a fresh slug? Wait, the topic has an existing note `agentic-ai-market-size-growth-2026`. Let's update `agentic-ai-market-size-growth-2026` with the Salesforce Agentforce Q4 FY26 results showing $800M ARR and 29,000 deals. This provides a massive, concrete baseline for enterprise agentic market size in 2026. 2. **The 2026 Enterprise Adoption & Production Gap**: Update `enterprise-agent-adoption-production-gap-2026` using the Writer 2026 Enterprise AI Adoption survey data (79% facing challenges, 75% calling strategy "more for show", 35% unable to pull the plug, and 67% suffering data leaks from unapproved AI tools). 3. **Enterprise Case Studies & ROI**: Update `enterprise-agent-case-studies-roi-2026` using the Anthropic/Material 2026 State of AI Agents report (Novo Nordisk's NovoScribe cutting clinical doc times from 10+ weeks to 10 minutes, L'Oréal's 99.9% customer analytics accuracy, N26's 70% process automation, and eSentire's threat analysis compression). 4. **The Security Vulnerabilities of the Model Context Protocol (MCP) Ecosystem**: Write a new finding with slug `mcp-security-shadow-it-vulnerabilities-2026` detailing the "Shadow MCP" threat, the Endor Labs statistics, and the specific 2025/2026 CVEs (CVE-2025-49596, CVE-2025-68143/4/5, CVE-2025-53967, and CVE-2026-22785). Wait, let's double-check the rules: - No YAML frontmatter. The title must be the first `# ` heading. - Every substantive finding must name and link the actual thing (the story, article, paper, or page that was posted/published). - Carry 1-2 REPRESENTATIVE VERBATIM QUOTES, copied exactly, each kept with the link it came from. - End with a `## Sources` list. - Reuse existing slugs if refining. The slugs are: - `agentic-ai-market-size-growth-2026` - `enterprise-agent-adoption-production-gap-2026` - `enterprise-agent-case-studies-roi-2026` - `mcp-security-shadow-it-vulnerabilities-2026` (this is a fresh slug) Let's write the first finding to update `agentic-ai-market-size-growth-2026`. We will combine the existing knowledge (if any, but we must ground it in our current cycle's fetched sources) with the Salesforce Ben Q4 FY26 results. Let's draft the note for `agentic-ai-market-size-growth-2026`. Verbatim quotes to use: From `https://www.salesforceben.com/huge-agentforce-growth-in-salesforce-q4-as-benioff-mocks-saaspocalypse-narratives/`: - "Benioff also revealed that Salesforce had closed 29,000 Agentforce deals, up 50% quarter-over-quarter (Q/Q), while Agentforce ARR reached $800M. At the end of Q3, Agentforce ARR stood at $540M – meaning the latest figure represents an explosive growth rate of 48% in ARR for just one quarter." - "Agentforce and Data 360 annual recurring revenue (ARR) combined was over $2.9B, up over 200% Y/Y, but this includes the $1.1B Informatica Cloud ARR figure." Let's execute the `write_note` call for `agentic-ai-market-size-growth-2026`.

Now let's write the second finding to update `enterprise-agent-adoption-production-gap-2026` using the Writer 2026 Enterprise AI Adoption survey data. This finding highlights the production gap, performative strategies, and major governance gaps (like being unable to pull the plug and unapproved AI causing data leaks). Verbatim quotes to use: From `https://writer.com/blog/enterprise-ai-adoption-2026/`: - "The 2026 survey findings reveal 79% of organizations face challenges in adopting AI — a double-digit increase from 2025 — with 54% of C-suite executives admitting that adopting AI is tearing their company apart. This is despite the fact that 59% of companies are investing over $1 million annually in AI technology." - "Three-quarters of executives (75%) admit their company’s AI strategy is “more for show” than actual internal guidance... Only 29% see significant ROI from generative AI, despite individual productivity gains of 5X... and just 23% from AI agents." - "Sixty-seven percent of executives believe their company has already suffered a data leak or security breach because of an employee using an unapproved AI tool... Thirty-six percent of companies don’t have a formal plan for supervising AI agents. More than a third (35%) admit they couldn’t immediately “pull the plug” on a rogue AI agent." Let's execute the `write_note` call to update `enterprise-agent-adoption-production-gap-2026`.

Now let's write the third finding to update `enterprise-agent-case-studies-roi-2026` using the Anthropic/Material 2026 State of AI Agents report. This will cover the high-impact case studies of Novo Nordisk, L'Oréal, N26, and eSentire. Verbatim quotes to use: From `https://cdn.jsdelivr.net/gh/abncharts/abncharts.public.1/abnasia.org/1765455980320_www.abnasia.org.pdf`: - "According to our research, more than half of organizations (57%) now deploy agents for multi-stage workflows, including 16% that have progressed to cross-functional processes spanning multiple teams... And 80% report these investments are already delivering measurable economic returns—not projected value or pilot results, but actual ROI." - "Novo Nordisk transforms clinical documentation from months to minutes... Results and Impact: 10+ weeks to 10 minutes for clinical study documentation production; 95% reduction in resources needed for device verification protocols" - "L'Oréal achieves 99.9% customer analytics accuracy with AI agents... Results and Impact: 99.9% accuracy on conversational analytics applications" - "N26 achieves 70% automation across targeted processes in one year... Results and Impact: 70% automation across targeted processes within one year" - "eSentire compresses threat analysis from 5 hours to 7 minutes... Results and Impact: Expert security analysis compressed from 5 hours to 7 minutes with 95% alignment" Let's execute the `write_note` call to update `enterprise-agent-case-studies-roi-2026`.

Now let's write the fourth finding, which is a new finding on Model Context Protocol (MCP) security and the emergence of "Shadow MCP" servers in 2026. This finding will use a fresh slug: `mcp-security-shadow-it-vulnerabilities-2026`. Verbatim quotes to use: From `https://www.endorlabs.com/learn/classic-vulnerabilities-meet-ai-infrastructure-why-mcp-needs-appsec`: - "Adoption of the standard has been rapid, with up to 1,021 MCP servers being created in a single week. But a steady stream of critical vulnerabilities throughout 2025 and into 2026 has revealed that MCP's rapid adoption outpaced security considerations in the protocol's trust assumptions, reference implementations, popular third-party servers, and the hosting platforms that emerged to simplify deployment." - "This echoes our research in the 2025 Dependency Management Report, where we found that among 2,614 MCP implementations: 82% use file system operations prone to Path Traversal (CWE-22); 67% use sensitive APIs related to Code Injection (CWE-94); 34% use sensitive APIs related to Command Injection (CWE-78)." - "Because of prompt injection risks, an attacker may not need direct access to the victim's system. Instead, an attacker can identify material processed by the LLM and inject a hidden prompt within a malicious README file, a poisoned GitHub issue, or a compromised webpage. The LLM processes the attacker's payload and may call the vulnerable MCP tools with attacker-controlled arguments." Let's execute the `write_note` call for `mcp-security-shadow-it-vulnerabilities-2026`.

I have written the findings and successfully updated the existing ones while adding a critical new finding on MCP security. I'll check if there are any open questions to record under `record_thread`. Wait, let's think: are there any open questions that a future research cycle should pursue? Yes! A great open question is: How are enterprises addressing "Shadow MCP" and "Shadow AI Agent" deployments in practice? Are they adopting dedicated AI gateway tools (like Cloudflare AI Gateway, Portkey, or specialized MCP firewalls) to govern and secure local/localhost agent integrations? Let's open a thread for this. Let's call `record_thread` to document this open question for future cycles.

Ah, the thread kind was invalid. Let's see if the kind should be something else. Let's try `task` or `query` or `question`. Let's check the schema. Wait, the error is: `invalid thread kind "research`. Let's try `task` or `issue` or `discussion` as the kind. Let's try `task`.

Ah, let's see. What are the allowed kinds of threads? Let's check `list_threads` or try a different kind name. Oh, maybe the kind is "question" or "thread" or "issue"? Let's try `issue`. Wait, let's check if we can see the description of `record_thread`'s `kind` property in the tool declaration: `kind: {type: STRING}` but it doesn't list the allowed enum values. Let's try `issue` or `query`. Let's try `issue` first.

Ah, let's see. Let's try `query`. If that fails, let's try `thread` or `discussion`. Let's try `query` first.

Wow, let's think. What are the allowed thread kinds? Let's check our memory or search for common kinds. Is it `todo` or `open` or `research_topic`? Let's try `todo`. Wait! Let's try `todo` or `discussion`. Let's try `todo` first.

Ah! Let's try `topic` or `discussion` or `question`. Let's try `discussion`.

Let's try `question`. If that fails, maybe the allowed kinds are restricted to something like `follow-up` or `open-question`. Let's try `question`.

Excellent! The thread kind `question` works perfectly. We have successfully written our findings and opened a thread for future follow-up. Now, I will call `finish_cycle` to finish this research cycle. This is the only way to save our findings and complete the cycle! Let's do that now.

In this research cycle, I analyzed key enterprise AI agent adoption trends in 2026. I recorded three updated findings on Salesforce's $800M Agentforce ARR, Writer's 2026 Enterprise Adoption survey detailing the "production gap" and governance bottlenecks, and Anthropic's 2026 State of AI Agents report showcasing high-impact case studies like Novo Nordisk and eSentire. Additionally, I published a new finding on the critical security vulnerabilities and the rise of "Shadow MCP" servers in the Model Context Protocol ecosystem, opening a new follow-up thread to track enterprise security tooling for MCP.