Your procurement team renewed six SaaS contracts last quarter. They checked the usual boxes: seat count, storage limits, SOC 2 cert, maybe an uptime SLA if someone was feeling thorough. They signed. Life went on.
Here's what wasn't on the checklist: whether the vendor quietly bundled an autonomous AI agent into the same tier you were already paying for. Spoiler — at least one of them did.
The pricing page is the product launch
On April 9, ServiceNow did something more radical than any keynote demo: it killed its separate AI licenses entirely. AI agents aren't an add-on anymore. They're default — baked into Foundation, Advanced, and Prime tiers. You don't buy agents. You already bought them. Your CFO approved the budget months ago without knowing what it now includes.
This isn't a ServiceNow quirk. It's the playbook. On April 8, Anthropic launched Claude Managed Agents — and Notion, Asana, Sentry, and Atlassian embedded them as invisible infrastructure. No separate SKU. No procurement approval. Just a feature toggle deep in an admin panel that may already be flipped to "on." Today, April 22, Google opened Cloud Next by calling Workspace "a surface for interacting with agents". Gemini isn't an add-on to your Google bill. It is your Google bill.
Three major vendors. Fourteen days. Same move: stop selling agents as a product and start burying them in the contract you already signed.
Three vendors, three brains, zero inventory
Here's where it gets genuinely stupid. These agents don't share a common anything. Notion runs on Claude. Google runs on Gemini. Microsoft runs on GPT. Each model has different data retention rules, different training-on-your-data policies, different ways of hallucinating confidently. And each one inherits permissions from that OAuth popup your marketing intern clicked in 2023 — not from a security review, from a reflex.
Because they arrived bundled into existing contracts, they bypassed every gate your org built for new software. No vendor risk assessment. No data flow mapping. No "does this thing have access to our customer records" conversation. The agent slipped in as a changelog bullet point, not a procurement request. Your vendor assessment process was designed to catch new tools. Nobody designed it to catch new capabilities inside old tools.
The renewal is now a liability document
Your SaaS renewal checklist assumes software does what you tell it. That assumption died quietly, sometime between April 8 and April 22, while your procurement team was negotiating a 3% volume discount.
No cross-vendor agent registry exists. Each agent answers to the vendor's Terms of Service — which your legal team last reviewed when the tool was onboarded, back when "AI" meant autocomplete in the search bar. You can't centrally disable them. You audit each admin panel one by one, assuming you even know which panels to check. The beautiful irony: this is exactly the kind of tedious, repetitive, manual work that AI agents were supposed to eliminate.
What the renewal checklist needs now
Three new line items, before anyone signs anything: which tools activated agents and when, whether agents are opt-in or opt-out under your current tier, and what data flows to which models under your existing permissions. If your security team can't answer all three in under an hour, the agents have been running unsupervised since the last renewal cycle.
The agent era didn't arrive through a CISO's threat model or a CTO's architecture review. It arrived through a pricing restructure on page four of a vendor's April release notes — the page procurement skipped because the per-seat cost didn't change.
Your per-seat cost didn't change. Everything the seat has access to did.
