When software goes headless, who's watching the agents?

Aaron Levie says agents will use SaaS platforms 100 to 1,000 times more than humans. Software without a headless mode is at risk.

He's describing a pricing shift. I'm reading an accountability gap.

Enterprise compliance was built for human-operated interfaces. Access controls assume a person requests access. Audit logs assume a person initiates actions. DLP tools assume a person moves the file. Strip the person out and every assumption breaks.

Consumption pricing only works if you can verify what was consumed and why. A meter running on an unaudited process is not a business model — it's a liability.

When an agent pulls a contract, extracts terms, and triggers a payment with no human review, the platform records API calls. The agent records... what?

Platforms that get this right will require agents to declare intent before executing, build verification comparing declared versus actual actions, and expose agent activity to the same governance tools as human activity.

If your platform's agent integration story is "here's an API key," you're building a liability factory. The headless future needs headless governance.

100x more users means a 100x risk multiplier nobody is pricing for yet.