We Let an AI Agent Open and Close Real Work in Our CMMS. The Hard Part Wasn't the AI.
A couple of months ago I wrote about the SaaSpocalypse - the Wall Street panic that AI agents are going to kill business software, and Marc Benioff's counter that agents are only as good as the data they sit on. I landed where I always land: you can't shove AI at chaos and expect it to make things better. The system of record is the foundation. The AI is the layer on top.
That was the argument. This is the proof.
Because in the time since, two things happened. The platforms shipped the plumbing that lets an AI agent actually reach into your operational data and do work. And I spent a morning in an AI workshop for facilities teams watching what happens when the foundation isn't there.
Let me start with the morning, because it tells you everything.
Data Missing . . .
The workshop was good. Genuinely. Polished demos, a room full of facilities people who wanted this to work, and a set of exercises designed to show what an AI agent could do for a building operation. Triage incoming work. Draft a preventive maintenance schedule. Summarize an asset's whole history in a sentence. The kind of thing that, five years ago, would have looked like science fiction.
And then, over and over, the same words kept landing on the screen.
Data Missing - Phone Number.
Data Missing - Historical Service Records.
Data Missing - Asset Owner.
The agent was ready. The questions were good. The answers kept coming back incomplete, because the information they needed had never made it into a system. It was in a spreadsheet on someone's desktop. It was in a Slack thread. It was in the head of a facilities manager who wasn't in the room.
I've been saying for two years that AI augments facility management knowledge, it doesn't replace it. That morning was the live demonstration. Not because the AI was weak. Because the data underneath it was full of holes.
That's the backdrop you have to hold in your head for the rest of this, because the technical breakthrough I'm about to describe is real - and it's also completely useless without the boring part the workshop was tripping over.
So we tested the thing everyone's circling around
Here's the question the whole industry is dancing around right now: can an AI agent actually reach into a real facilities system of record and do the work? Not a chatbot bolted onto a help page. Not a demo that falls over the second you ask it something specific to your building. The real thing - reading your data, and acting on it.
So Fawn Perazzo and I tested it. We connected Claude and ChatGPT to our CMMS through Salesforce's hosted version of something called MCP.
Quick translation, because the acronyms are piling up faster than anyone can track. MCP - Model Context Protocol - is just an agreed-upon way for an AI agent to plug into your data and your tools. Think of it as the cable fitting that finally works on every device. Before it, connecting an agent to a system meant a custom integration project every single time. With it, there's a standard. Salesforce made a hosted version of it generally available a couple of months ago, which means it's not a science project anymore - it's a setting.
Here's what worked.
The agent could read our Assets, Locations, Work Orders, Inspections, and Permits - straight out of the system of record. Not a copy. Not a stale export. The live data, with the live relationships between records intact.
And then the part that actually matters. An authenticated user could tell the agent to open a work order, and it opened one. A real work order, in the real system. They could tell it to close out an inspection item, and it closed it - with that user's permissions, inside that user's role, audit trail intact. The agent didn't get god-mode. It got exactly what the person driving it was allowed to do, and nothing more.
So it works. A facilities manager can stand in a mechanical room, talk to an agent in plain English, and have it open and close real work in the system that the CFO, the auditor, and OSHA all trust. That's not a mockup. We did it.
I'll be honest - the first time I watched ChatGPT close an inspection item and saw the record update with the right user stamped on it, I sat back in my chair. This is the thing we've been arguing was coming. It's here.
Now the honest part
I'm not interested in adding to the pile of AI theater, so here's the catch. Two of them, actually, and they're more important than the demo.
The first catch is the one the workshop screamed at me all morning. It only worked because there was a clean system of record underneath. The agent was useful because the data was there - structured, current, governed. The same test run against a desktop full of spreadsheets and a Slack channel would have produced exactly what the workshop produced: missing data, missing data, missing data. The breakthrough isn't the agent. The breakthrough is having something worth pointing it at.
The second catch is about control, and I think it's the more interesting one. None of this happens unless the customer's own Salesforce admin turns on hosted MCP and decides - deliberately - what to expose and what to keep locked down. The skills the agent can use, the prompts it can run, the data it can touch. That's a choice the customer makes about their own data and their own governance.
Which means there's nothing here for me to package and sell you. I can't ship you a button labeled "AI agent." The capability lives in the platform you already own, and the decision to switch it on lives with your admin.
And honestly? That's how it should be. Nobody should be able to sell you a button that hands an outside agent the keys to your buildings' data. The fact that this requires a deliberate, governed, admin-controlled decision isn't a limitation. It's the whole point. It's the difference between an agent that's accountable and an agent that's a really expensive intern making stuff up with no supervision.
The part nobody can sell you
So here's where I've landed, and it's a refinement of the bet I made in that earlier piece.
The MCP part is the easy part now. The standard exists. The platforms shipped it. Wiring an agent to your data is no longer the hard problem - it's a configuration, not a construction project. Everybody is about to announce that their software "supports AI agents," and most of them will be telling the truth about the plumbing.
The hard part is the one nobody can put a price tag on: having data worth exposing, and the governance to expose it safely. Permissions. Authentication. Audit trails. A clean asset register. An inspection that was actually filled out. A vendor record that knows the vendor's insurance expired last month, so the agent doesn't cheerfully dispatch someone who isn't covered.
I keep coming back to the leak sensor story from a previous life. We had IoT sensors in the bathrooms, AI-driven alerting, the works. And they fired constantly - because the cleaning crew was mopping. The response team would sprint to the alert and find a guy with a mop. Every time. The missing data point was the cleaning schedule, and no amount of machine learning was going to discover it, because cleaning schedules aren't in the training data. They're in the building.
That's what MCP changes and doesn't change at the same time. It finally gives the agent a clean, governed way to reach the cleaning schedule - if someone put the cleaning schedule in the system. The protocol solves the connection. It does nothing about whether there's anything good on the other end of it.
Why this lands differently for a Salesforce shop
If your company already runs on Salesforce, this is where it gets interesting, and I'll be transparent about my bias because I always am.
When your CMMS lives natively on the Salesforce platform - not bolted on from the outside with a connector that drifts by day ninety, but built on Service Cloud itself - then all of this comes for free, in the sense that you don't have to build or secure any of it. The hosted MCP is the platform's. The permissions model is the one your admin already manages. The audit posture is the one IT already signed off on. The governance that makes an agent trustworthy isn't something a facilities vendor is asking you to take on faith. It's the same governance protecting the rest of your business.
Compare that to the alternative. A standalone CMMS - one of the behemoth legacy systems, or what I've long called the Imaginary Workplace Management Systems - bolting its own agent access onto its own separate data model, asking your IT team to security-review and trust a whole new surface. That's a harder yes. It should be a harder yes.
This is the bet Fawn and I made when we built sonpito on Service Cloud, and it's the bet I feel better about every month: the future of facilities operations isn't a clever AI layer floating above your systems. It's agents working inside the system of record, with the governance already built in, doing what the person driving them is allowed to do.
The boring question that decides everything
If you take one thing from this, take this. The agents are ready. The protocol is ready. The platforms are ready. The question that decides whether any of it works for you is older and far less exciting than the AI conversation we're all having: is your data any good, and who gets to touch it?
That's not an AI problem. It never was. It's a system-of-record problem wearing an AI costume. And the teams that win the next decade won't be the ones with the flashiest agent. They'll be the ones who did the unglamorous work first - clean records, defined processes, clear accountability - so that when the agent finally shows up, there's something real for it to do.
Don't be afraid of the agents. Get curious about your data. That's where the work is. That's where it always was.