Enterprises run on legacy systems. SAP, Oracle, mainframes, SFTP drops, SOAP APIs, on-prem databases with stored procedures written in 2004. These systems are not going anywhere. They process payroll, manage inventory, handle billing, route shipments, and keep the lights on. They are the operational backbone of every Fortune 500 company and most of the mid-market.
AI agents are modern. They speak REST and JSON. They expect webhooks and streaming responses. They assume the world runs on APIs with OpenAPI specs and OAuth flows.
The gap between these two worlds is where 80% of enterprise agent projects die. Not because the AI doesn't work — it does. Not because the use case isn't real — it is. They die because the agent can't reach the systems that matter. And if an agent can't read from SAP or write to Oracle, it's a demo, not a deployment.
The integration tax
Every enterprise agent project follows the same pattern. The team picks a framework, builds a prototype in two weeks, demos it to leadership, and gets approval to move forward. Then the real work starts.
The ERP exposes a SOAP interface from 2011 with 900-field XML payloads. The warehouse management system communicates through flat files dropped on an SFTP server every 15 minutes. The finance system has a stored procedure API that requires a VPN connection and Windows authentication. The CRM has a REST API, but it's rate-limited to 100 requests per hour and returns paginated results in a proprietary format.
Before the agent can do anything useful, someone has to wrap the SOAP service in a REST facade. Someone has to build a polling daemon for the SFTP drops. Someone has to write an adapter for the stored procedures. Someone has to handle the CRM pagination and rate limiting. This is months of work, and none of it is AI work. It's plumbing.
This is the integration tax — the real cost of enterprise AI adoption. Not the model. Not the framework. Not the prompt engineering. The cost is bridging the gap between what agents expect and what legacy systems provide. Teams that underestimate this tax burn through their budget before the agent ever touches a real workflow.
The Legacy Bridge architecture
The solution isn't to replace legacy systems. That's a multi-year, multi-million-dollar project with a high failure rate of its own. The solution is to build a bridge — dedicated infrastructure that translates between the agent world and the legacy world, with governance built in from the start.
The Legacy Bridge architecture has five modules, each solving a distinct problem in the enterprise integration stack.
1. API Gateway. A single entry point for all agent-to-legacy communication. Authentication, rate limiting, request routing, and payload transformation happen here. The agent makes a clean REST call. The gateway handles the translation to whatever protocol the target system requires. One interface in, many protocols out.
2. Adapter Runtime. Protocol-specific connectors that know how to speak legacy. SOAP with WS-Security headers. JDBC and ODBC for direct database access. SFTP polling with file-change detection. CSV and fixed-width file parsing. Message queue consumers for IBM MQ, MSMQ, and JMS. Terminal automation for green-screen mainframe interfaces. Each adapter is isolated, versioned, and independently deployable. When the ERP vendor ships a breaking change, you update one adapter — not the entire system.
3. Event Bus Layer. Legacy systems are rarely event-driven. They batch-process overnight, they poll directories, they run on schedules. The event bus converts these patterns into something agents can consume. File drops become webhook events. Database changes become published messages. Batch completions trigger notifications. Kafka, RabbitMQ, or a simple webhook relay — the bus normalizes every legacy signal into a stream that agents can subscribe to and react in real time.
4. Data Mapping Studio. The most insidious problem in enterprise integration isn't connectivity — it's semantics. SAP calls it a "material number." Oracle calls it a "product ID." The warehouse system calls it an "SKU." They all mean the same thing, but they're stored in different formats with different validation rules. The mapping studio defines canonical business objects — customer, order, invoice, ticket — with field-level mappings to each source system. When schemas drift (and they will), the studio raises alerts before data corruption reaches your agents.
5. Policy & Replay Engine. Enterprise workflows are not fire-and-forget. An agent that submits a purchase order needs approval routing. An agent that updates a customer record needs rollback capability. An agent that processes a batch of invoices needs retry logic for partial failures. The policy engine enforces approval rules, triggers rollbacks when thresholds are exceeded, routes failed operations to dead-letter queues, and manages automatic retries with exponential backoff. Every execution is recorded in an immutable audit trail — who requested it, what was changed, who approved it, and what the system state was before and after.
Phase 1 is live
The full Legacy Bridge architecture is a multi-phase initiative. Phase 1 shipped today in Oceum's governance API, covering the foundational capabilities that every enterprise integration requires.
Connections. Register legacy endpoints with protocol metadata, authentication credentials (stored in the zero-knowledge vault), and health-check configurations. Each connection is a named, versioned reference that agents use instead of raw connection strings.
Adapters. Protocol handlers that translate between REST and legacy interfaces. The initial release includes HTTP/REST, SOAP, and webhook adapters. JDBC, SFTP, and message queue adapters are in development.
Governed Executions. When an agent needs to interact with a legacy system, it doesn't call the system directly. It submits a governed execution — a structured request that passes through the policy engine before reaching the target. Approval workflows, budget checks, rate limits, and scope constraints are evaluated before the action proceeds. This is the same graduated autonomy model that governs agent behavior across the rest of the platform: start supervised, earn trust, graduate to autonomous.
Replay. When a workflow fails mid-execution, you don't start over. The replay engine records checkpoints at each stage. Failed workflows can be retried from the last successful checkpoint, with updated parameters if needed. This is critical for long-running enterprise processes where re-executing from the beginning would cause duplicate transactions or data inconsistencies.
Immutable Audit Trails. Every connection, execution, approval, rejection, retry, and rollback is recorded in an append-only log. Compliance teams can trace any agent action back to its origin, see the full approval chain, and verify the system state at any point in time. This isn't optional for regulated industries. It's table stakes.
What this means for enterprise teams
You don't need to replace SAP. You connect it. You don't need to rewrite Oracle stored procedures. You wrap them. You don't need to modernize the SFTP-based warehouse integration. You bridge it.
The agent submits a governed execution through the bridge. The policy engine evaluates whether the action is permitted based on the agent's autonomy tier, the target system's sensitivity classification, and any org-level approval rules. Humans approve sensitive actions. Everything is audited.
The deployment model is deliberate: start supervised, earn trust, graduate to autonomous. An agent that just connected to the ERP doesn't get to submit purchase orders unsupervised on day one. It starts in supervised mode, where every action requires human approval. As it demonstrates consistent, correct behavior, its autonomy tier increases. After a track record of reliable executions, it can operate autonomously within defined guardrails.
The practical advice for enterprise teams evaluating this approach: pick one ugly but important workflow. The one that involves manual data entry between two systems. The one where someone copies values from an email into an ERP screen. The one that breaks every quarter-end. Connect that workflow through the bridge. Prove value in 30 days. Then expand.
The teams that succeed with AI agents in the enterprise won't be the ones with the most sophisticated models. They'll be the ones that solved the last-mile problem — connecting modern intelligence to the systems that actually run the business.
The Legacy Bridge is how enterprises stop treating AI agents as isolated prototypes and start treating them as governed participants in real business operations. Phase 1 is live. The gap between your agents and your systems just got a lot smaller.