The New Workforce / Field Notes

A Platform Playbook · FN-03

The CIO playbook
for
digital labor.

Platform leadership for the workforce of agents. Pick two of the four jobs you are being asked to do.

Document

FN-03 · Platform Playbook

Audience

CIO · VP Platform · FinOps

Read time

15 minutes

Author

Tushar Makhija

CEO, TeamOhana

Version

1.0 · April 2026

Begin reading

Executive summary

The CIO is being asked
to do four jobs.

The job description now spans HR, payroll, finance, and security, all for a workforce that is partly synthetic. No CIO function staffs all four. Own the platform and the security perimeter. Hand the workforce decision to the CHRO. Give the budget envelope to the CFO.

01
Platform leadership is the seat at the table.
An agent runtime with a published API surface, observability, and identity controls. The role is platform owner, not procurement officer.
02
Agent identity is where the perimeter moved.
Saviynt's 2026 CISO survey: 5% of security leaders feel confident they could contain a compromised agent. Static API keys older than 90 days are post-authentication failures waiting to happen.
03
AI FinOps is now part of the CIO role.
78% of FinOps functions report to the CIO. One developer used 55,000 tokens to generate $100,000 in cost in late 2025. Cost observability stopped being optional.
04
The build-vs-buy question is now an architecture question.
The platform layer is a buy. The agent itself, when it substitutes labor, is a workforce decision the CIO supports, not a procurement decision the CIO owns.
05
Twelve months from now is the wrong time to start.
IDC forecasts agent counts to grow 80× by end of 2026. Build the platform before the volume arrives, or replace the improvised version in 2028.

28.8

Agents deployed by enterprises in 2025

IDC's forecast multiplier for end of 2026

G1000 underestimate of AI infra cost by 2027

CISOs confident they could contain a compromised agent

Contents

A 15-minute read, in three parts.

Plus mistakes to avoid and what good looks like in 2026.

PT. I

Platform

The infrastructure layer for an agent workforce.

→

PT. II

Observability

AI FinOps and the metrics that matter.

→

PT. III

Partnership

Operating inside the joint motion.

→

§ 04

Common mistakes

Six failure modes specific to the CIO function.

→

§ 05

What good looks like

Five disciplines, in 2026.

Part One · Platform

Platform.
The infrastructure layer for an agent workforce.

An enterprise running 100 agents in 2026 will be running 8,000 by the end of 2027 if IDC's forecast holds. The infrastructure decisions made now compound for a decade.

1.1 — The agent runtime

Every agent deployment runs on a stack of infrastructure: the model, the orchestration framework, the tool and data access layer, observability, and identity. Most enterprises in 2026 have built or bought the first two and are improvising the rest.

The CIO's first responsibility is to define the agent runtime as a coherent platform, not a collection of vendor contracts. A platform with a versioned API surface, a published SLA, observability that works the same across every agent, and a deployment path any function can use. Without it, every agent deployment becomes a custom IT project, and the CIO becomes the bottleneck for the entire digital labor program.

1.2 — Build vs buy on the platform

Three layers, three answers.

The model layer

Buy.

Frontier models are a commodity input. Multi-vendor by default. Anthropic, OpenAI, Google, plus open-weight options through Bedrock or Azure AI. Model selection governance is where the CIO adds value, not model selection itself.

Orchestration & observability

Buy, then customize.

Frameworks like LangGraph, Autogen, CrewAI, and custom MCP-based systems are commoditizing fast. What matters is the integration with your identity, security, and FinOps stack. Pick what has a real production deployment story, not what demos best.

The agent itself

It depends.

Buy when the workflow is generic — customer service, IT helpdesk, sales assistance. Build when the workflow is core to your business and the agent encodes proprietary process knowledge. The buy is a procurement decision the CIO supports. The build is a workforce decision the CHRO owns.

1.3 — The four-layer reference architecture

What the CIO publishes internally as the agent platform should have four layers, each with a clear owner. Click a layer to expand its scope.

Reference · The Four-Layer Agent Platform

Each layer is a CIO responsibility. Each has a published interface.

Model gateway

Owner — Platform Eng

Single point of access to all foundation models. Logs every request. Enforces rate limits, content filters, model selection rules. Routes to the cheapest sufficient model.

Orchestration & tool access

Owner — Platform Eng

Agent framework, MCP server registry, tool catalog with scoped permissions. The thing every agent in the company runs on.

Observability & evaluation

Owner — Platform + FinOps

Trace every agent run. Cost per run, latency, tool calls, output quality scoring. Feeds the FinOps system and the production reliability dashboards.

Identity & access control

Owner — CISO

Agent identity provisioning, just-in-time credentials, scoped tokens, audit logs. The non-human identity layer the CISO governs.

The architecture matters because it makes the CIO's role specific. The CIO owns these four layers. The CIO does not own the agents that run on top of them. That separation is what FN-02 calls the joint motion.

Part Two · Observability

Observability.
AI FinOps and the metrics that matter.

78% of FinOps functions report into the CIO. Cost-per-outcome economics are now part of the platform's job, not an afterthought.

2.1 — Why FinOps moved to the CIO

Inference cost is variable, agent-driven, and can spike fast. One real example from late 2025: a single developer used 55,000 tokens in an automated loop to generate $100,000 in cost.

Observability stopped being optional. Without it, a budget surprise lands in front of the CFO before the platform team has even seen the spike.

2.2 — The metric that matters

Primary metric

Cost per business outcome

Total agent cost (run)

Successful outcomes delivered

The single metric that translates engineering economics into business language. A SOC triage agent that costs $0.04 per ticket triaged is comparable to the human alternative. The same agent costing $0.40 per ticket consumes the savings the deployment was supposed to create, which is fine if you measure it and a problem if you don't. Track this per agent, not per platform.

Cost per inference call

Model layer unit economics.

Cost per agent run

Orchestration unit economics.

Forecast variance

Above 20% → investigate. Above 50% → the workflow changed; supersede the displacement case.

2.3 — Rate limits, credit budgets, and the FinOps gate

The platform layer needs hard caps, not just dashboards. A model gateway with per-agent and per-team rate limits stops a runaway script before it becomes a P&L event. A credit budget (agent X gets Y dollars per month before approval is required for more) gives the CFO predictability and the CHRO a workforce-style envelope to manage to.

The FinOps Foundation's 2025 State of FinOps survey ranks pre-deployment architecture costing as the most-requested capability for AI workloads.

The reason: by the time the bill arrives, the architectural choice that drove the cost is already in production. Costing the architecture before deployment is where the spend gets controlled.

2.4 — What the CIO brings to the joint review

FN-02 proposed a quarterly review attended by CFO, CHRO, and CIO together. The CIO arrives with three artifacts: spend by agent and by function, cost per outcome trends, and the forward request — what the platform needs to support the workforce plan the CHRO is building for the next two quarters. That third item shifts the conversation from

how much are we spending

where does the spend create value, and what does the platform need next.

Part Three · Partnership

Partnership.
Operating inside the joint motion.

The CIO who tries to own everything ends up owning nothing. The seat that compounds is platform leadership. Workforce decisions go to the CHRO. Budget envelopes go to the CFO.

3.1 — Agent identity is the new perimeter

The most consequential part of the CIO's role in 2026 is the one most underbuilt today. Agent identity is unlike any prior security problem. Agents authenticate continuously, delegate to other agents, accumulate standing access, and operate at machine speed. Legacy IAM was built for humans logging in once a day.

The identity gap · what the CISO data actually says

5% of security leaders feel confident they could contain a compromised agent.

Saviynt's 2026 CISO AI Risk Report (n=235) found that 47% of security leaders have already observed AI agents exhibiting unintended or unauthorized behavior, and only 5% feel confident they could contain a compromised agent.

The Cloud Security Alliance and Oasis Security survey (n=383) framed the same gap from the IAM side: 79% have moderate or low confidence preventing non-human identity attacks, 92% lack confidence that legacy IAM tools can manage AI risks specifically, and 78% have no documented policies for creating or removing AI identities.

Static API keys older than 90 days are post-authentication failures waiting to happen
The MCP specification forbids token passthrough; developers do it anyway
No major security vendor ships mutual agent-to-agent authentication as a production product
The confused-deputy threat class is now named in OWASP's February 2026 MCP guide
10

What the CIO function actually owns here is concrete. An inventory of every agent and every MCP server connection. A lifecycle policy for agent identities covering creation, scope, rotation, retirement. Just-in-time credentials with TTLs and purpose binding. Runtime enforcement that validates what an agent does, not just whether it authenticated. None of this is theoretical.

3.2 — Vendor governance and the agent SLA

The vendor relationship for agent platforms is different from the SaaS relationship the CIO function knows well. SaaS contracts price seats and uptime. Agent contracts price outcomes, tokens, and retries. Most procurement templates handle none of this correctly.

Three contract terms that need to change for agent vendors:

per-outcome pricing with a defined success metric

(not per-seat or per-token, where the vendor controls cost);

retry economics

(who pays when an agent fails and retries — the customer or the vendor); and

data and decision logs as customer property

(the agent's traces are training data and audit evidence, not vendor IP).

3.3 — The decision rights matrix, from the platform side

FN-02 introduced the decision rights matrix from the workforce side. Same matrix, viewed from the CIO function:

Decision

Owner

CIO's role

Should we deploy an agent for this workflow?

CHRO

Inform the CHRO of platform capabilities and constraints.

What is the budget envelope?

CFO

Provide cost-per-outcome data and architecture options.

Which platform or vendor?

CIO

Lead the architectural decision, security review, vendor selection.

Who manages the agent in production?

Function lead

Input on operational governance, runtime observability, escalation paths.

The platform decision is the CIO's. Everything else is a partnership where the CIO is a consultant, not a commander. That discipline is what gets the CIO invited to

decisions, not fewer.

3.4 — The shared metric

The cultural mechanism that makes the joint motion work is a single number all three executives optimize for. If the CFO is targeting budget reduction, the CHRO is targeting headcount growth, and the CIO is targeting platform reliability, the motion fragments into three competing scorecards.

The shared number is

total workforce capacity per dollar

: revenue divided by the sum of employee, contractor, and agent spend. It rises when humans get more productive with copilot AI. It rises when agents substitute for the right work. It falls when agent spend grows without producing outcomes, or when headcount grows without revenue. All three executives can read it and act on it.

3.5 — Build vs buy on the agent itself

The CIO supports the build-vs-buy decision on agents but does not own it. The owner is the CHRO and the function lead. The CIO's contribution is the architectural read:

can our platform run a custom agent of this complexity, and what does the cost-per-outcome look like across the build and buy options?

The default in 2026 should be buy. Build only when (a) the workflow is core to the business, (b) the agent encodes proprietary process knowledge, and (c) the company has the engineering capacity to maintain it for at least three years. Most build cases fail the third test.

Section 04

Common mistakes
to avoid.

Six failure modes specific to the CIO function in 2026.

M-01 · Scope

Owning the workforce decision

Procuring the platform, deploying the agent, and effectively making the headcount decision. The CHRO finds out from the org chart. Hiring plans then conflict with deployments already live.

M-02 · Gateway

No model gateway

Every team uses the SDK directly. No central logging, no rate limits, no model-selection governance. Cost surprises are guaranteed. Audit trail is impossible to assemble.

M-03 · Identity

Treating agent identity as a SaaS problem

Provisioning agents like service accounts. Long-lived API keys, no scope limits, no rotation policy. The first compromised agent becomes the perimeter breach the board hears about.

M-04 · FinOps

FinOps as a dashboard

Cost reporting without enforcement. The dashboard shows the spike after it happened. The CFO asks why the limit wasn't enforced. The platform team scrambles to add caps post-incident.

M-05 · Contracts

Per-seat agent contracts

Signing agent vendors on SaaS terms. Per-seat pricing on a function that scales with volume. The vendor captures the upside; the customer carries the variance. Re-papering takes 18 months.

M-06 · Costing

No architectural costing

Letting teams ship agents to production without a cost-per-outcome model. Six months later, three agents are profitable, seven are losing money, and nobody can tell which is which.

Section 05

What good looks like
in 2026.

Five disciplines. The CIO function that runs all five compounds. The function that defers any of them accumulates debt that gets expensive to repay in 2027.

The four-layer platform is published.
Internal documentation describes the model gateway, orchestration, observability, and identity layer with versioned APIs. Every team uses the platform. Nothing ships to production around it.
Agent identity has a lifecycle.
Provisioning, scope, rotation, retirement. Just-in-time credentials are the default. No agent in production runs on an API key older than 90 days.
Cost per outcome is the dashboard.
Every agent has an owner, a business outcome, a monthly spend, and a per-outcome cost trend. Variance above 20% triggers a review. Above 50% triggers supersession.
The CIO arrives at the joint review with three artifacts.
Spend by agent. Cost-per-outcome trends. The forward platform request tied to the CHRO's workforce plan. The artifact that proves the CIO is the platform leader, not the cost center.
Vendor contracts price outcomes.
Per-outcome pricing where possible. Decision logs as customer property. Retry economics defined. The procurement template is rebuilt for agents, not patched from SaaS.

→ The takeaway

Own the platform.

Govern the perimeter.

Run FinOps. The other two jobs belong to the CHRO and the CFO. Hand them over and stay invited.

FN-03 · Field Note 03 · 2026

TeamOhana

About TeamOhana

The decision and intelligence layer for workforce capital allocation.

TeamOhana is the platform 64 enterprise customers, including CoreWeave, Scale AI, Pure Storage, and Vercel, use to govern workforce capital decisions before they reach Workday, Greenhouse, or the FP&A model. The platform brings the hiring manager, Finance, HR, Talent, and Leadership into one decision surface, and stores every workforce decision with its evidence and approvals.

The Digital Labor extension applies the same governance model to agents. The Digital Labor Registry tracks deployments. The Companion Model extends the requisition workflow to human-plus-agent and standalone-agent configurations. The metric introduced in FN-02 (Digital Labor Mix) is reported natively. The platform feeds the CIO's quarterly pack referenced in this playbook.

Agent Labor Governance

Join the waitlist.

We're building the governance layer for agent labor — registry, FinOps gate, Companion Model, Digital Labor Mix reporting. Get early access, design-partner invites, and the next iteration of this playbook.

Work email

Request access →

We'll reach out when a slot opens for your org.

Sources & citations

Primary sources only.

Ben Murray (The SaaS CFO), "Digital Labor Mix and the New Cost Structure of AI" (2025)
The original formulation referenced across the Field Notes series.
thesaascfo.com/digital-labor-mix
Saviynt, 2026 CISO AI Risk Report (n=235)
5% confidence figure on containing a compromised agent. 47% observation of unintended agent behavior.
saviynt.com/research/ciso-ai-risk-2026
The Pragmatic Engineer / public incident reports (late 2025)
The 55,000-token / $100,000 cost incident referenced in section 2.1.
newsletter.pragmaticengineer.com
IDC, "Worldwide Agent Forecast" (2025)
28.8M agents deployed in 2025; 80× growth multiplier through end of 2026.
idc.com
Gartner, "Top Predictions for IT Organizations" (October 2025)
30% of G1000 underestimate of AI infrastructure cost forecast.
gartner.com
FN-02: The CFO and CHRO Playbook for Digital Labor (TeamOhana, 2026)
Joint quarterly review structure and the Digital Labor Mix metric definition.
teamohana.com/playbook/cfo-chro
FinOps Foundation, "State of FinOps 2025"
78% of FinOps functions reporting to CIO. Pre-deployment architecture costing as top-requested AI capability.
finops.org/insights/state-of-finops-2025
FinOps Foundation AI working group (2025)
The pre-deployment architecture costing requirement specifically.
finops.org/projects/ai-finops
Cloud Security Alliance + Oasis Security, "State of Non-Human Identity 2025" (n=383)
The 79%, 92%, and 78% figures cited in section 3.1.
cloudsecurityalliance.org
OWASP, MCP Security Guide (February 2026)
The confused-deputy threat class formal naming and the token passthrough prohibition.
owasp.org/mcp-security-guide-2026
Salesforce Press Release, "Flex Credits" (May 2025)
The shift to outcome-based agent pricing referenced in section 3.2.
salesforce.com/news/agentforce-flex-credits
Anthropic Engineering Blog (2025)
Public guidance on MCP architecture and agent identity scoping.
anthropic.com/engineering/mcp-identity
Redpoint Ventures, 2026 Market Update — CIO Survey (March 2026)
N=141 CIO survey. Vendor consolidation and AI budget sourcing data.
redpoint.com/2026-market-update

"The CIO seat in 2027 belongs to whoever can already answer three questions:

what is running, what does it cost, and who is keeping it safe.

Everything else gets reorganized around the answer."

TeamOhana · The New Workforce

FN-03 · 2026

↑

The CIO playbookfordigital labor.

The CIO is being askedto do four jobs.