A hybrid approach to enterprise transformation

Insights

• Agentic systems use natural language to reason across tools and data, then execute complex, multistep workflows.
• Enterprises face a choice between commercial platforms and custom-built agents to achieve business outcomes.
• A practical middle path is a hybrid, outcome-driven strategy that combines COTS platforms with custom solutions to balance agility with governance.
• COTS platforms are suited for low‑risk and high‑friction workflows, while custom agents are ideal for strategic and data‑sensitive use cases.
• A unified orchestration layer enables shared context, policy enforcement, and auditability across COTS and custom agents.

Over the last five years, AI has evolved from simple search tools and chatbots to autonomous agents capable of supporting decision-making and streamlining complex workflows.

While first movers are already unlocking new levels of personalization, efficiency, and growth across information-intensive business processes, others are playing catchup. Infosys Business Value Radar reflects this shift, where agentic AI emerges as a successful and widely adopted use case, often delivering transformational value at comparatively low cost across industries.

Agentic AI, a gamechanger for enterprises

Enterprises face a defining decision in adopting agentic AI: whether to leverage COTS platforms for speed and scalability or to invest in custom-built solutions to maintain full control over data, logic, and competitive differentiation. While COTS platforms offer rapid deployment and proven governance frameworks, they often come with vendor lock-in, limited customization and data residency concerns — critical issues for regulated or data-sensitive industries. Conversely, custom solutions provide superior data sovereignty and strategic flexibility, but at the cost of higher upfront investment and longer time-to-value.

The real challenge arises when different enterprise functions, such as IT, HR, finance, and compliance pull in opposing directions; some demanding speed and ease, favoring COTS, others insisting on control and security, pushing for custom.

COTS versus custom

While some functions prioritize rapid deployment, others demand strict data control. A successful enterprise AI strategy must reconcile both, by optimizing speed where possible and sovereignty where crucial.

Deciding factors: speed, control, and beyond

Deciding between COTS and custom solutions is easier said than done. Several strategic, technical, and operational parameters need to be assessed to make an informed decision.

1. Data sensitivity and regulatory requirements

• Highly regulated industries, such as healthcare, finance, and government, typically favor on-premises or private-cloud custom solutions to maintain full control over data and ensure compliance with regulations, such as US’s Health Insurance Portability and Accountability Act, Federal Risk and Authorization Management Program, and the European Union’s General Data Protection Regulation (GDPR).
• COTS can be appropriate for nonsensitive workflows, such as HR inquiries, IT helpdesk, or knowledge retrieval, provided they offer robust enterprise controls, such as the US Systems and Organization Control (SOC) 2 framework, GDPR alignment, encryption, and role-based access controls.

2. Speed vs. control trade-off

• COTS platforms, such as Microsoft Copilot Studio, ServiceNow, and UiPath are preferred for quick wins in HR, IT service management, or customer service.
• Custom agents are ideal when AI becomes a core differentiator, such as for proprietary trading algorithms, due diligence for mergers and acquisitions, or supply chain optimization.

3. Integration complexity

• COTS excel with standard software-as-a-service integrations, such as Salesforce, SAP, and Workday.
• Custom agents with APIs, robotic process automation, or vision-based interaction (such as Adept AI) are useful for legacy systems or niche workflows.

4. Governance and auditability

• COTS platforms offer standard audit logs but may lack granular traceability into agent reasoning.
• Custom solutions can embed complete transparency, human-in-the-loop checkpoints, and model context protocol (MCP) for context sharing across agents — critical for high-stakes decisions. However, deploying MCP presents cybersecurity challenges, as it enables AI assistants to access enterprise systems and external services. This calls for embedding security best practices in a platform along with other guardrails like security scanning, security scoring, MCP registry, audit logging and alerting, and real-time monitoring.

5. Total cost of ownership

• COTS platforms are cost-effective for short-term projects (one to two years) due to subscription-based pricing.
• Custom solutions are economical for long-term projects (three to five years), especially for high user counts or transaction-intensive volumes.

The hybrid sweet spot

The optimal strategy for most enterprises is not an either/or choice but finding a middle ground between COTS and custom solutions.

1. Start with COTS for low-risk, high-friction use cases: Deploy off-the-shelf agents in HR, IT, and customer service to build trust, showcase return on investment, and upskill teams. COTS platforms, such as ServiceNow, Microsoft AutoGen, and LivePerson offer strong governance and rapid deployment.
2. Build custom agents for strategic, data-sensitive workflows: Several departments like finance, legal, or research and development require full data control, embedded compliance, and domain-specific logic. Frameworks such as CrewAI can accelerate custom agent development while ensuring data control and sovereignty.
3. Orchestrate across both with a unified layer: Implement an agent orchestration platform, such as Atomicwork, Latenode, and Ema, to coordinate COTS and custom agents. This ensures shared context, audit trails, and policy enforcement across the ecosystem.
4. Adopt a mission owner model: As recommended by Harvard Business Review, appoint mission owners who define outcomes rather than tasks and oversee both human and AI agents. This aligns disparate functions around shared goals, reducing friction between teams favoring COTS versus custom.
5. Enforce governance by design: Whether COTS or custom, ensure all agents follow enterprise-wide guardrails. This includes role-based access controls, data masking for sensitive personal data, human-in-the-loop oversight for critical actions, and real-time monitoring with anomaly detection to ensure accountability, compliance, and risk mitigation.

Hybrid in practice

While companies are taking their time deciding between commercial systems and custom logic, Walmart, Hitachi Digital, and Infosys BPM have moved ahead with a hybrid approach — overcoming the challenges set out in this article.

The world’s largest retailer, Walmart, set out to drive e-commerce growth by unifying dozens of fragmented AI tools into four super-agents. These AI-powered agents combine COTS integrations with custom logic to simplify experiences for its customers, employees, suppliers, and developers. Built on a standards-based context protocol, the agents orchestrate specialized capabilities behind a single, intuitive interface. This approach reduces user-facing complexity while maintaining the flexibility to integrate new agents and systems over time.

To tackle HR inefficiencies, Hitachi Digital introduced Skye, an AI-powered HR agent that personalizes responses, automates tasks, and integrates with enterprise tools like ServiceNow and Jira. Rather than centralizing data, Hitachi used a COTS-like orchestration platform with layered custom logic and integrations to navigate more than 20 systems, proving that agentic AI can work across silos. The initiative is already delivering results: HR ticket volumes are down 30%, resolution times have dropped from days to hours, and the platform is projected to automate more than 30 HR use cases.

Infosys BPM, through Infosys Topaz, offers ready-to-deploy generative AI solutions to transform manual and time-consuming procurement processes, such as contract creation, request for proposal and statement of work, and compliance checks. It enhances compliance, mitigates risk, and delivers actionable insights for spend analysis and forecasting.

What’s next for enterprises

The future of enterprise AI will not belong exclusively to commercial platforms or custom solutions, but to a hybrid approach. COTS platforms will continue to dominate low-risk, high-friction workflows, offering speed, scalability, and strong governance, with constraints like vendor lock-in and limited customization. Custom-built solutions will remain essential for data-sensitive, high-value workflows where sovereignty and strategic differentiation matter.

Over time, hybrid architecture will become the norm, combining COTS for quick wins and custom agents for competitive advantage, unified through orchestration layers for shared context and compliance. Governance and interoperability standards will define success, ensure flexibility, and reduce risk. Enterprises that balance speed with control and treat agentic AI as a digital workforce layer will lead the next wave of transformation.