At VB Transform 2026 last week, Meta's VP of Engineering for Data Infrastructure delivered a warning that every enterprise leader should have heard. Barak Yagour told the audience that agentic queries hitting Meta's internal data systems grew 30x in a single half — and the infrastructure built to handle human traffic is breaking under the load.
"Enterprise infrastructure was built for humans, not agents — and it's already breaking," Yagour said. He gave the industry a timeline: roughly 20 months to rebuild before the gap between agent demand and enterprise infrastructure capacity becomes unmanageable.
That's not a distant problem. It's this budget cycle, this planning year, this architecture review.
Here's what happened at Meta, why it matters for your organization, and — critically — what you need to do about it.
The 30x Problem Nobody Planned For
When Meta's engineering teams started adopting agentic AI internally, nobody modeled what the load curve would look like. Within months it became clear: the old assumptions were broken.
"One engineer used to mean one unit of load," Yagour said. "Now one engineer spawns 10 agents, each spawning subagents. Your 1,000-person org can generate the load of 100,000 users practically overnight."
That's not a theoretical risk. Meta measured it. Agentic queries grew 30x in a single half. When Meta shipped agentic data apps in February, within three months 63% of all dashboards published across the company were built using that tooling.
This isn't Meta's problem alone. Automated traffic already overtook human traffic on the internet — bots and agents accounted for 51% of total web traffic in 2025, according to Imperva's Bad Bot Report. HUMAN Security's 2026 State of AI Traffic report found that AI-driven traffic is growing roughly eight times faster than human traffic. The inflection point didn't happen in some distant future. It happened last year.
For CIOs and CTOs: Your traffic modeling, capacity plans, and scaling assumptions were built for human users. If you haven't revisited them since your organization began adopting AI agents, they're already wrong. The question isn't whether this will affect you — it's whether you'll catch it before it catches you.
Three Infrastructure Assumptions Breaking Simultaneously
Yagour identified three pillars of enterprise infrastructure that agents are breaking at once. Understanding each one matters for how you prioritize your response.
1. Capacity
Traditional capacity planning assumes a predictable ratio between headcount and system load. You hire 200 engineers, you model 200 units of concurrent load. You scale infrastructure to match.
That model is dead.
A single engineer using an agentic coding tool doesn't generate one unit of load — they generate cascading load from tool-calling agents, subagents, retrieval operations, code generation, testing, and iteration loops, all running in parallel. GitHub Copilot, according to company-reported figures, now writes 46% of the average user's code. When nearly half your engineers' output comes from AI-generated code, the inference and retrieval load behind that code doesn't show up in your headcount models.
The answer isn't to block agent traffic. Yagour was explicit about that. The answer is to make infrastructure agent-aware — with dynamic controls that understand agent hierarchies, cost attribution that traces consumption back to the use case that generated it, and throttling mechanisms that adapt based on business priority rather than raw traffic volume.
For CFOs: Your AI tool licensing line items aren't the only cost exposure. The infrastructure compute required to support agents that your engineering teams are now running — retrievals, model calls, indexing — will show up in cloud bills before it shows up in any approved budget. Model this now.
2. Identity
Every access control system in enterprise IT was designed around two categories: human users and deployed services. A human has a badge, a role, an employment status. A service has an API key and a defined scope.
An AI agent is neither.
An agent acts on behalf of a human but makes autonomous decisions. It may spawn child agents. It accesses data systems with varying levels of trust depending on what it was asked to do. It may escalate its own permissions based on the task. Your existing identity and access management systems don't have a category for this.
At Meta, this required rethinking how access controls are evaluated — not just at the time a credential is provisioned, but in real time, evaluated against what the agent is actually trying to reach, why it's trying to reach it, and whether that access is appropriate for the specific task at hand.
For CISOs and security teams: If your identity governance framework treats agents as service accounts, you have a visibility gap. Agents are making decisions, not just executing predefined operations. Your access audit trail needs to reflect that distinction.
3. Velocity
This one is counterintuitive. You'd expect faster code generation to accelerate delivery. It doesn't automatically.
Yagour cited the same GitHub Copilot figure — 46% of code now AI-generated — and then noted what doesn't change: "That code still needs to be built, tested, deployed, monitored. The agent writes the code in seconds, but your CI/CD pipeline doesn't get faster just because the machine is the author."
Agent-generated code volume is accelerating the input to pipelines that weren't built to handle that volume. Testing queues back up. Build systems bottleneck. deployment coordination becomes a constraint. The speed gain from the agent is absorbed by the slowness of everything downstream.
Organizations that haven't scaled their DevOps infrastructure to match agentic code generation velocity will find the bottleneck migrates from writing code to shipping it.
Data: Where Agents Create the Most Pressure
The infrastructure story isn't just about compute capacity or identity management. The deepest disruption, according to Yagour, is at the data layer.
Human analysts have traditionally sat between raw data and business decisions. They curate data, catch anomalies, validate quality, and serve as an informal check before conclusions reach decision-makers. When agents take on that work autonomously, that human check disappears — unless you explicitly engineer it back in.
Meta built what it calls "trusted data environments" — isolated spaces where agents can explore data freely, but every output is traced back to its source and scrutinized before it's shared externally. Sensitive fields are masked before agents can reach them. Every access request is evaluated in real time.
The philosophy Yagour described: explore broadly, release narrowly. Agents can range wide inside guardrails. What exits those guardrails has been traced, validated, and approved.
"Autonomy without governance is nothing but chaos," he said.
This principle applies directly to how enterprises are building agentic workflows. If your agents can query business data, generate reports, or make recommendations without a provenance trail, you've removed the audit capability that regulators, auditors, and executives depend on.
For compliance and legal teams: AI agent activity in your data environment is a governance gap right now for most enterprises. Every output an agent produces — a report, a recommendation, a data extract — should have a traceable lineage. If you can't answer "what data did the agent access to produce this output," you have an audit exposure.
The Reasoning Models Are Making It Worse (In a Good Way)
There's an additional layer of data infrastructure pressure that Yagour addressed: the shift from pattern-matching models to reasoning models.
Pattern-matching AI can work on sparse, summarized data. It looks for correlations in aggregates. Reasoning AI — the category of models now entering enterprise deployments — demands full behavioral history. It needs every interaction, every surface, every time dimension, to reason about intent rather than match on keywords.
Meta is building toward 500 million queries per second and a petabyte per second of throughput for training data reads. Most enterprises aren't anywhere near that scale — but the directional challenge applies even at 1/1000th of that volume. If your data architecture assumes AI models work on batch ETL snapshots, you'll find those snapshots are already stale by the time an agent uses them.
Yagour described a shift already underway at Meta: real-time streaming is replacing batch ETL for ranking and recommendation pipelines. A 24-hour batch pipeline simply can't support a system that reasons about current user intent.
For data engineering and architecture teams: The move to agentic AI inside your organization creates pressure to modernize your data infrastructure well ahead of any formal AI strategy rollout. Agents that operate on stale data produce stale outputs. If you're planning agent-powered workflows for 2027, your data infrastructure investment needs to start now.
What 20 Months Actually Means
Yagour's 20-month window isn't a prediction about when the world ends if you don't act. It's a realistic estimate of how long it takes to rebuild infrastructure at enterprise scale when you're doing it deliberately, not in a crisis.
Infrastructure rewrites under crisis pressure — when agents have already broken something visible — cost more, take longer, and produce lower-quality results than planned rebuilds. The organizations that start this work now will have agent-ready infrastructure in place before the pressure becomes unmanageable. The ones that wait for something to break will be fixing it under load.
The good news: you don't have to rebuild everything at once.
The minimum viable enterprise response looks like this:
-
Audit your capacity assumptions. Where did your infrastructure models assume one-human-to-one-unit-of-load? Those assumptions need updating now, before agent adoption scales further.
-
Create an agent identity category in your IAM framework. Agents aren't users and aren't services. Your access controls need a third category with appropriate monitoring and real-time evaluation.
-
Instrument agent activity. You can't govern what you can't see. Every agent operating in your data environment should be generating a provenance trail — what it accessed, what it produced, what chain of instructions led to that action.
-
Stress-test your CI/CD pipeline against agentic code volumes. If your development teams are using AI coding tools, measure how much code they're generating and whether your build-test-deploy pipeline can handle 2x or 5x more pull requests without becoming the constraint.
-
Evaluate your data architecture for real-time readiness. Batch ETL is a bottleneck for agentic workflows. Even if you're not moving to full real-time streaming today, understand where the gaps are before you need to close them quickly.
The Flywheel You Can't Ignore
Yagour described agents, data, and reasoning models as a self-reinforcing system: "Agents make data more accessible. Better data makes reasoning better. Better reasoning creates new demands that push agents and infrastructure forward. This isn't linear — it's a flywheel."
That flywheel is already spinning at Meta. It's spinning at the largest tech companies. It will reach your organization on a timeline you don't control.
The enterprise leaders who are having infrastructure conversations now — who are bringing their data engineers, architects, security teams, and finance partners into a shared view of what agent adoption actually demands — are building the runway to scale without crisis.
The ones who treat this as a future problem will find it becomes a present one faster than their planning cycles allow for.
Meta's 30x growth in agentic queries happened in one half. Your organization's curve will be different. But the direction is the same.
Twenty months is not a lot of time to rebuild infrastructure at enterprise scale. It's enough time to start.
What's your organization's current posture on agent-aware infrastructure? Are you modeling this now, or waiting for the first production incident? I'd like to hear where enterprise teams are in this conversation.
Follow the conversation on LinkedIn or X.
