ServiceNow, SAP, and Workday Just Put a Meter on Your AI Agents

Between April 28 and May 12, 2026, three of the largest enterprise SaaS vendors on the planet shipped restrictions on how AI agents can access their platforms. ServiceNow announced Action Fabric at Knowledge 2026. SAP's updated API policy went live with a Section 2.2.2 that bars third-party agents from autonomous call sequences. Workday's CEO told analysts that AI is "bigger than SaaS itself" and framed agent access as the next monetization surface.

Three vendors. Three different mechanisms. One conclusion: open API access for agents is over.

The Revenue Case

The financials explain the urgency.

ServiceNow's Now Assist customers spending more than $1M annually grew 130% year-over-year. More than 50% of net-new licenses now come from non-seat-based models, according to COO Amit Zavery at Knowledge 2026. The consumption meter isn't supplementing seat revenue. It's replacing it.

Workday processed 1.7 billion AI actions in fiscal year 2026 and added more than $100M in new annual contract value from AI products in Q4 alone. AI expansion deals are running roughly 50% larger than seat-only renewals. The company paid $1.1 billion to acquire Sana and build an agent layer it didn't have six months prior. When CEO Aneel Bhusri tells analysts "AI is bigger than SaaS," he's reading the revenue split. Not philosophizing.

None of these numbers are secret. They're in earnings calls and keynote slides. The vendors are telling Wall Street that agent metering is the growth engine while telling customers that the restrictions are about governance. Both narratives can be true. But the sequencing matters: the revenue case existed before the governance framing did.

Three AI Agent Policies, One Pattern

ServiceNow's approach is architectural. Action Fabric is a mandatory MCP Server intermediary that sits between external AI agents and ServiceNow's workflow engine. "Others let agents read or write data," said Nenshad Bardoliwalla, VP of AI Products. "We let agents execute governed work." Every agent action routes through it. Every action gets metered. Every action gets billed. The governance layer and the billing surface are the same object.

SAP's approach is contractual. Section 2.2.2 of the updated API usage policy bars third-party AI agents from making autonomous multi-step API call sequences. Joule (SAP's own AI) is endorsed. Microsoft Copilot and Salesforce Einstein are explicitly named as non-endorsed for agentic workflows. The policy doesn't ban AI integration wholesale. It bans autonomy. An agent that chains API calls without human approval at each step is in violation.

SAP CEO Christian Klein publicly assured customers there was "no intent to limit" integrations. Jens Hungershausen, chairman of DSAG (the German-speaking SAP User Group representing thousands of enterprise customers), pushed back directly. He cited a "lack of transparency" in the new terms and called out the risk to investments already running in production. The gap between what leadership says in earnings calls and what the policy text actually enforces is where enterprise trust fractures. You can't tell customers their integrations are safe while the legal team writes terms that make those same integrations non-compliant.

Workday took the pricing route. Gerrit Kazmaier, President of Product and Technology, warned against "lawless agents" operating without governance controls. The mechanism is Flex Credits: a tiered consumption model where standard API calls sit at the base rate, Data Cloud access costs more, and agent API calls cost the most. The more autonomous the behavior, the higher the per-operation price. Workday has 11,500+ customers. Every one of them running AI agents just inherited a variable cost they didn't budget for.

What I've Seen at Smaller Scale

I run agents against APIs daily on a self-hosted agent pipeline. Two weeks ago I removed Zapier from my publishing system because integration-tier dependencies introduce failure modes I don't control. Replaced it with a self-hosted scraper, then a direct API client four days later. Different scale, same structural problem. When the intermediary changes the terms, you own nothing.

What Nobody Is Adding Up

The headline cost is the per-operation fee. The real cost is the unpredictability.

A single AI agent prompt triggers an average of 14 LLM round-trips, costing roughly $0.47 at current API pricing on the model side alone. Stack the platform's per-operation fee on top. An agent running 200 workflows per day on ServiceNow isn't a flat line item anymore. It's model costs plus whatever Action Fabric charges per operation. And that number can shift quarterly without notice. The original promise of SaaS was predictable spend. Per-operation billing for agents breaks that promise at the foundation.

The pattern is already visible in public markets. Monday.com signaled a similar agent-platform strategy and lost 19% of its market cap in a single trading session. Investors aren't punishing the ambition. They're pricing the revenue uncertainty that per-operation billing creates when you can't predict how many agent actions your customers will run. Scott Bickley of Info-Tech Research Group noted the convergence toward this model across all three vendors and flagged the core question: will enterprises accept variable costs for AI-assisted workflows that were previously running at flat rates?

The gap between advertised and actual AI costs is already well-documented elsewhere. GitHub Copilot lists at $10-20 per month per seat. Real-world enterprise cost analyses consistently land between $200 and $600 per month when you account for the compute. ServiceNow, SAP, and Workday are just being more explicit about the meter. Whether that honesty helps or hurts depends on how much sticker shock enterprises can absorb.

And the deepest cost is retroactive. Teams that built AI agent integrations against these platforms in 2024 and 2025 may already be in technical breach of updated terms. SAP's policy doesn't grandfather existing agent workflows. ServiceNow's Action Fabric has no legacy pass-through for agents that were hitting APIs before May 2026. If your agents were calling SAP endpoints autonomously, they're now non-compliant. Nobody sent a grace period memo.

When the Meter Makes Sense

The governance case is real. Alisdair Bach of Dragon ERP makes the security argument directly: unrestricted agent API access creates data exfiltration vectors, PII exposure paths, and audit trail gaps that no enterprise security team should accept. Agents that chain API calls across multiple data stores without human checkpoints are a compliance problem in any SOC 2 or GDPR environment. SAP mapping 30 billion fine-grained permissions through Veza isn't theater. It's the minimum required to let agents operate where regulated data lives.

Consumption billing isn't inherently exploitative either. Agents genuinely consume more resources than human users. A single agent workflow generates more API calls in an hour than a human operator generates in a month. Pricing that reflects actual resource usage is economically honest. The hard part isn't the principle. It's the transition. Enterprise teams built annual budgets around flat-rate access. CFOs approved headcount-based SaaS spend because it was predictable. Swapping that for consumption-based agent pricing mid-contract, with no migration path, turns every renewal conversation into a renegotiation.

When Agent Metering Becomes Lock-In

"Endorsed architecture" is vendor lock-in dressed as governance. SAP approving Joule while explicitly naming Copilot and Einstein as non-endorsed isn't a security decision. It's a competitive one. ServiceNow building the billing surface into the governance layer means you can't adopt the controls without accepting the meter. And the gap between Klein's public "no intent to limit" and Section 2.2.2's actual restrictions erodes the trust that enterprise contracts depend on.

The pattern across all three is identical. Create a governance narrative. Anchor it in real security concerns. Use the governance layer as the billing surface. The governance is necessary. The billing riding on top of it is the question: does the meter reflect actual costs, or does it capture artificial scarcity?

There's a version of this story where these vendors are protecting their customers from rogue agents. There's another version where they're protecting their revenue from agents that do exactly what users want without paying per-seat. Both are true simultaneously. Which one drives the policy depends on which executive you ask and whether analysts are listening.

Every enterprise team running AI agents against these platforms now faces two problems at once. The technical problem of complying with policies that changed under their feet. And the economic problem of budgeting for costs that scale with agent behavior instead of headcount. Both landed in the same two-week window. No transition period. No grandfather clause.

SaaS was supposed to make software costs predictable. AI agents just made them variable, and the vendors are the ones who changed the terms.