Stop piloting AI.
Start Scaling It.

A strategic white paper on building an enterprise-grade Agentic AI platform with AWS AgentCore

/01 THE SCALING PROBLEM

Five Challenges Every CTO Recognises

There are five challenges that come up every time we talk to a CTO about scaling AI in a large organisation.

Governing the Ungoverned

You’re already accountable for AI initiatives running in your organisation that you don’t know about. Shadow AI is growing faster than any governance framework can keep up with.

The Department of ‘NO’

Setting up guardrails and policies can make the CTO look like the blocker. But without them, you have no visibility, no control, and no audit trail. You’re trapped either way.

Data Readiness

AI is only as good as the data it can access. Most organisations aren’t where they think they are. The gap between data ambition and data reality is where most AI projects quietly die.

The Skills Gap

This isn’t about data science skills. It’s about the skills to work with AI at scale, embedded into daily workflow across every team — not just the AI centre of excellence.

Board Expectations

Risk protection on one side. Competitive advantage on the other. You are stuck in the middle, accountable for both, with a board that doesn’t want to hear that they’re in tension.

The bottom line

Those challenges don’t go away by running more pilots. They go away by building the right platform. And that’s where our solution comes in.

ROI & Business Case

The cost of inaction is well-documented. McKinsey’s “Seizing the Agentic AI Advantage” (June 2025) identifies what it calls the “gen AI paradox”: nearly 78% of companies have deployed gen AI in some form, yet roughly the same percentage report no material impact on earnings. The root cause is consistent, high-impact, function-specific use cases rarely make it out of the pilot phase due to technical, organisational, data, and cultural barriers. McKinsey finds that 90% of vertical AI use cases remain stuck in pilot stages. Nearly two-thirds of enterprises have experimented with agents, but fewer than 10% have scaled them to deliver tangible value.

Forrester is equally direct: 60% of enterprise AI projects will fail to scale without proper governance frameworks, and 75% of firms that attempt to build agentic architectures on their own will fail (Forrester Predictions 2025: AI). McKinsey adds that 80% of companies cite data limitations as the single biggest roadblock to scaling, directly compounding governance risk. The platform addresses each of these failure modes by design: governance inherited at runtime, data boundaries enforced at the identity layer, and full observability from day one.

Sources: McKinsey, “Seizing the Agentic AI Advantage,” June 2025; McKinsey, “Building the Foundations for Agentic AI at Scale,” April 2026; Gartner press release, June 2025; Forrester Predictions 2025: Artificial Intelligence.

/02 THE PLATFORM APPROACH

Build Once. Every Agent Inherits Everything.

The traditional approach to AI deployment creates technical debt by design: each team builds its own guardrails, each agent needs its own monitoring, each use case requires its own security review. The result is a sprawling portfolio of fragile, ungoverned AI — exactly the shadow IT problem that governance teams fear.

The Brighting Agentic AI Platform, built on AWS AgentCore, inverts this model. Instead of each agent reinventing the wheel, a shared platform layer provides every capability every agent will ever need — governance, identity, tooling, observability, and infrastructure — inherited automatically at runtime.

The core principle

Deploy the platform once. Every agent you build — today, next quarter, and next year — automatically inherits current and future platform capabilities. Your governance investment compounds over time, not linearly per agent.

What the platform enables

Concretely, this means you can finally say yes where you previously had to say no:

Redeploy shadow IT

Give teams a legitimate, governed space to bring AI initiatives in from the cold. Instead of ‘no’, say ‘yes — and here’s where to build it’.

Enforce policy at runtime

Governance guidelines enforced on the platform — not just written in a document. Every agent, every interaction, every team.

Expose tools securely

Make agents and internal tools available to the organisation in a controlled, auditable way. No more ungoverned API sprawl.

Report on everything that matters

Usage and adoption by department, security posture, performance metrics, cost attribution. Full visibility, always on.

Three Types of Agents

The platform serves as a central orchestration layer through which all agent interactions are routed and governed. It supports three types of agents — each with different build complexity, maintenance requirements, and ownership models:

Tier 1

Low-Code Agents

Built using low-code tools such as Gleam. Designed for business users and teams with limited engineering support. The platform governs and monitors these agents without requiring the builder to implement security or compliance controls themselves.

Tier 2

Custom-Built Agents

More advanced agents that require stronger engineering capabilities to develop, run, and maintain. Built on frameworks such as LangGraph, Haystack, LangChain, CrewAI, or bespoke orchestration. Brighting can design, build, and operate these agents as part of an engagement.

Tier 3

External SaaS Agents

Agents from third-party SaaS providers, integrated and exposed within the platform. These inherit platform governance automatically, so even externally built agents are subject to your policies, audit trails, and access controls.

The core principle

Deploy the platform once. Every agent, regardless of tier, team, or builder, automatically inherits current and future platform capabilities. Your governance investment compounds over time, not linearly per agent.

Retail & Commerce Context

For retail and omnichannel organisations, the platform unlocks a category of AI use cases that cannot be safely operated in isolation: inventory and replenishment agents that act on live ERP data, personalisation agents with access to customer profiles, and order management agents that span OMS, WMS, and fulfilment systems. Each of these requires exactly the governance, identity scoping, and audit capability the platform provides — deployed once, inherited by every agent.

Brighting holds the AWS Retail Competency — one of a small number of firms globally to do so — and combines this with deep Composable Commerce and MACH architecture expertise. For retail and CPG enterprises already on a headless or composable journey, the Agentic AI Platform is a natural extension: agents that orchestrate across your commerce stack, governed by the same platform that governs everything else.

/03 PLATFORM ARCHITECTURE

Enterprise-Grade from Day One

The platform is deployed as Terraform Infrastructure as Code (IaC) into the customer’s own AWS account. It carries a perpetual license and is designed with zero vendor lock-in. The architecture provides eight core capabilities:

Agent Identity

Per-agent scoped tokens with IdP integration for enterprise identity providers (Azure AD, Okta, AWS IAM).

MCP Tool Gateway

All APIs and internal services exposed as governed MCP tools through a single shared catalog, approved by your AI governance board.

Serverless Runtime

Framework-agnostic execution supporting LangChain, CrewAI, custom agents, and more. Auto-scaling deployment on AWS Lambda and Fargate.

Failover & Routing

Automatic failover across LLM providers and regions. Model tier routing matched to task complexity, cost-optimised by default.

Cost & Allocation

Per-department and per-agent token spend tracking, budget alerts, and model cost attribution.

Full Observability

OTEL-compatible traces, tool call logs, quality metrics, and dashboards per agent. One control tower for everything.

Managed Guardrails

Bedrock-native content safety, PII detection, topic denial, custom rules, and quality guardrails.

Agent Portal

Discover, interact, manage, and govern agents through one role-scoped interface.

/04 FOUR PILLARS

What the Platform Delivers

Governance

One policy layer for every team, no team rebuilds guardrails from scratch. Policy is enforced at runtime, not in a document. MCP governance is inherited by constraint. Every tool has been approved by your AI governance board.

Access Control

The platform is deployed in your own AWS account. Agent identities and data boundaries travel with the workload. Native IAM integration and scoped access to your data platform ensure security by design.

Infrastructure

Compute that scales with demand. Regional failover, never blocked by a single provider outage. Centralised routing, rate limiting, and response caching. A two-tier architecture democratises agent development across teams.

Observability

One view across every running agent. Performance monitoring and alerting. Cost and drift anomalies tracked live. Output quality measured at runtime, not discovered after the fact.

/05 IMPLEMENTATION

From Assessment to Production in 10 Weeks

Brighting’s implementation methodology de-risks the path to production through a structured four-phase approach before the implementation sprint begins:

Phase 1

Value Assessment

A rapid diagnostic to identify your highest-value AI use cases, map your current data and cloud landscape, and confirm organisational readiness. Output: prioritised AI opportunity map.

Phase 2

Architecture Deep Dive

A thorough review of your current code, integrations, and infrastructure. We identify scalability constraints and security requirements. Output: architecture decision record.

Phase 3

Platform Design

Joint sessions to agree on the target platform architecture, agent patterns, governance model, and integration points. Output: signed-off technical blueprint.

Phase 4

Core Team Alignment

Confirm the delivery team on both sides, define communication cadences, and agree on acceptance criteria. Output: project charter and kickoff readiness.

Timeline

Following sign-off on the platform architecture and confirmation of the core team, full platform implementation takes 10 weeks. You receive a production-ready, monitored, governed Agentic AI platform with your first agent deployed and validated.

/06 MANAGED SERVICES

Run It Yourself — or Let Us Manage It

Once implemented, you have a choice: manage the platform with your own team, or retain Brighting for ongoing optimisation, monitoring, and incident response. All managed service packages include the same foundation:

Platform updates and improvements
Platform monitoring — cost, uptime, performance, anomalies
SLA on incident response time
Incident triage and escalation management

Support Tiers

	BASIC	PRO	ENTERPRISE	INCLUDED IN ALL
Coverage	8/5 9:00–17:00 CET	15/7 7:00–23:00 CET	24/7 / 365	Platform updates
Response Time	90 min	60 min	60 min	Monitoring
Agents Included	0 (BYO)	5	10	SLA + Incident triage
Best For	Controlled rollout	Production workloads	Mission-critical AI	Escalation management

The Basic tier is designed for organisations rolling out cautiously with daytime coverage. Pro suits production-grade workloads with extended-hours support. Enterprise provides mission-critical 24/7/365 coverage for organisations where AI agents are core to operations.

Why Managed Services Matter for Agentic AI

Agentic AI introduces operational challenges that traditional software managed services do not address. LLM providers release new model versions on cycles of weeks, not years — each requiring regression testing against your agents’ behaviour before adoption. Prompt drift is a real phenomenon: agent performance can degrade silently as underlying model behaviour shifts without any change to your own code. And a new MCP tool misconfiguration can expose internal systems to unintended agent access within a single deployment.

Brighting’s managed service is built for this: continuous monitoring of agent output quality and cost efficiency, proactive model version management, and a team that understands your platform architecture from day one because we built it. For organisations where AI agents are becoming operationally critical, managed services are not optional infrastructure, they are the difference between a platform that compounds in value and one that quietly degrades.

Commercial Model

The commercial model mirrors the platform logic. There are two components: a fixed monthly platform fee covering platform updates and improvements, platform monitoring (cost, uptime, performance, anomalies), SLA on incident response time, incident triage and escalaltion — and a variable per-agent fee that decreases as your agent portfolio grows. The more agents you run on the platform, the lower the cost per agent. The platform becomes more valuable and more economical at the same time.
This structure directly addresses the cost compounding problem McKinsey identifies in ungoverned AI portfolios. Rather than each new agent carrying its own governance, security, and monitoring overhead, those costs are absorbed by the platform layer and shared across every agent that runs on it. The per-agent fee covers operational oversight only — not rebuilding the foundation each time. Detailed pricing is available on request.

/07 PRICING & PACKAGING

Transparent, Modular, No Lock-In

The platform is structured in three components, each independently scoped:

Setup

One-off setup and configuration — delivered fixed-price:

Managed Service

12-month managed service contract:

License terms

License terms The Brighting Agentic AI Platform carries a perpetual license. You own the infrastructure. There is no ongoing SaaS fee and no vendor lock-in. The platform is deployed into your AWS account and governed by your IAM policies.

/08 WHY BRIGHTING

Senior Engineers. AWS Expertise. No Overhead.

Brighting is a cloud-native software development firm headquartered in Amsterdam, with a senior engineering hub in Novi Sad, Serbia. We are an AWS Advanced Partner with Lambda Service Delivery designation and one of a very small number of firms globally to hold the AWS Retail Competency.

What sets us apart for Agentic AI engagements:

HEMA & ASICS – We are currently deploying the Agentic AI Platform for leading Dutch and Global retailers enabling governed AI agents across merchandising, customer service, and supply chain.
AWS AgentCore specialists — We have built our platform natively on AWS AgentCore — not retrofitted on top of it.
Senior engineers only — Our Novi Sad team is 35 senior engineers (backend, frontend, data, AI) — all AWS and/or Azure certified.
Boutique speed, enterprise rigour — We move at scale-up pace with enterprise-grade security and compliance built in from day one.
No lock-in by design — Terraform IaC, perpetual license, your AWS account. You own everything we build.
Proven with enterprise clients — Current clients include HEMA, ASICS, ANWB, Royal FloraHolland, and MS Mode, plus scale-ups including Milence, Treatwell, and Quatt.

For the Head of Data & AI

This whitepaper is written for you as much as your CTO. The platform directly addresses your three core problems: getting AI initiatives into production faster, proving ROI to the board with attribution data, and maintaining technical control over a growing portfolio of agents built by teams across the organisation.

Where many AI leaders are spending 60–70% of their time on governance, compliance reviews, and firefighting fragmented pilots, the platform shifts that ratio. Governance is handled at the platform layer. You spend your time on use case delivery, not infrastructure and policy. The 30-minute value assessment starts with your AI portfolio, not an architecture blueprint!

Ready to scale?

Once implemented, you can either manage the platform internally or choose for us to provide ongoing support, optimisations and monitoring. This includes: