
Oracle has launched a builder experience that lets enterprises run AI agent teams directly inside Fusion Cloud Applications, without a separate runtime or external orchestration layer. The company calls the output “Fusion Agentic Applications” — agents that execute against real Fusion business objects, workflows and approvals, with an audit trail attached.
The agentic AI built where ERP, HCM, SCM and CX data already reside, governed by the same security model Oracle uses internally. Chris Leone, Executive Vice President of Applications Development at Oracle, described this as a shift from software that records work to software that executes it.
The release bundles three elements. A no-code Agentic Applications Builder lets business users describe an outcome in natural language. A new AI Studio Skill lets developers build with VS Code, standard CLIs, Git and AI coding assistants including Claude Code and Codex. A public GitHub repository adds templates and reference architectures. Oracle is also expanding its AI Agent Marketplace to sell packaged agentic applications and says over 80,000 professionals are now certified on the platform.
Underneath the builder story still sits harder questions: If an agent team reads a policy document and acts on it, who is accountable when the agent gets it wrong? Where exactly is the data going?
Where the data goes
Oracle’s governance case rests on keeping execution inside the Fusion security perimeter, even when the reasoning step touches an outside model. When asked about where data processing happens, Kaushal Kurapati, Group Vice President, Applications Development, Oracle said orchestration between the system of record and any external system stays within Oracle’s Secure Enterprise layer. An LLM enters the picture only when an agent needs to generate, summarize or extract information — and at that point, what leaves Fusion is the prompt, not the underlying business record.
He drew a clear line between two scenarios. Where Oracle hosts the model, data does not leave Oracle’s systems at all. Where a third-party LLM is used, Oracle relies on zero data retention agreements: the vendor cannot store, retain or train on the prompt. The response returns, and the rest of the execution happens inside Fusion.
Who owns the mistake
Fusion Agentic Applications are designed to select and coordinate agents automatically. Policies change; an agent reading an outdated or misread version could act on bad information before anyone notices. Asked whether accountability then sits with Oracle or with the third-party tools involved, Kurapati moved the focus to design.
The governance model, he said, is meant to prevent errors, constrain what agents can do, and contain failures when they occur. For high-impact actions, the system is built to require a manual oversight node: a human at the appropriate level must approve the agent’s recommendation before it executes. The approval, not the agent’s output, becomes the accountable action in the audit trail.
If a human approves an action that turns out wrong, Kurapati said, the system falls back on existing reversal mechanisms in the system of record. The platform can show what happened and who approved it. It does not undo the transaction itself.
The takeaway for CIOs
For enterprises already running on Oracle Fusion, this removes a real barrier that has slowed AI adoption elsewhere: agents can now act directly on business data and workflows without a separate integration layer to build and maintain. That native fit — shared security model, shared audit trail, no external orchestration to reconcile — is a genuine advantage for organizations looking to move agentic AI from pilot to production faster.
While for the CIOs evaluating this new upgrade can treat the platform’s governance controls as a starting configuration. Before rollout, an enterprise should have a clarity of their own processes and how “high-impact” actions can be classified for their own organisation. Enterprises can also consider keeping the manual approval step intact for anything touching financial, compliance, or workforce decisions, and build that into the implementation contract rather than assuming it by default. Used this way, Fusion Agentic Applications can meaningfully cut execution time without asking the enterprise to give up oversight.