Enterprise architects face a deceptively simple question: which of our applications can we augment with AI agents, and which will fight us every step of the way? The answer is rarely obvious from looking at the business function alone. A 15-year-old claims-processing system built on a service-oriented architecture may be a better candidate than a three-year-old monolith packaged as a SaaS product.
After evaluating dozens of application portfolios across IT services firms, five structural signals consistently predict success — or failure — when grafting agentic capabilities onto legacy code.
1. The application already exposes a stable API surface
Agentic AI operates by calling tools — discrete, versioned, predictable actions. If your application already has a REST, GraphQL, or gRPC API that third-party systems call reliably, you have a significant head start. The agent runtime can treat your existing API as its tool set without requiring you to build a new integration layer.
Applications that have only UI-driven workflows — where the only way to trigger a business process is through a browser session — require a screen-scraping or RPA shim that introduces fragility at every UI refresh.
2. Data is owned, not borrowed
Agents need to read, reason over, and write back data. Applications that own a clean, normalised data store with clear entity ownership are far easier to augment than applications that are downstream consumers of a shared data lake or that duplicate records across multiple upstream systems.
The specific risk with borrowed data is write-back conflicts. An agent that optimises a price must write to the authoritative source, not a downstream copy. If your application cannot trace every field to a single owner, agent-driven writes will create data integrity issues within weeks of deployment.
3. Business logic is separated from presentation
In a well-layered application, the rules that govern a business decision — eligibility checks, approval thresholds, routing logic — live in a service or domain layer that can be called independently of the UI. Agents invoke this layer directly. In applications where business logic is embedded in JSP scriptlets, Razor pages, or thick-client event handlers, the agent has no clean call target.
This is the dimension where Java EE applications from 2005 often outperform modern React SPAs. The older systems frequently had a genuine service tier. Many contemporary frontends collapsed the layers entirely in pursuit of developer velocity.
4. The team has observable deployment pipelines
Deploying agentic features safely requires the ability to release frequently and roll back quickly. Teams that ship quarterly from a manual release process cannot iterate fast enough to tune agent behaviour in production. The cadence of the team is as important as the architecture of the application.
Look specifically for automated integration tests and feature flags. Without them, the first agentic action that produces an unexpected output in production becomes a crisis rather than a learning signal.
5. There is a defined human escalation path
AI agents operating in enterprise systems will encounter edge cases they cannot resolve. Applications that already model approval workflows, exception queues, or human-in-the-loop checkpoints are structurally ready to place an agent in front of that queue. Applications where all processing is fully automated with no defined exception path present a harder challenge: the agent has nowhere to escalate, so it will either fail silently or take unauthorised action.
The Migration Readiness Score (MRS) produced by the NextAI Foundry assessment quantifies each of these five dimensions — Architecture, Data, Integration, Team, and Process — on a 0-100 scale. Applications scoring above 70 on all five dimensions are classified as Ready and are candidates for immediate agentic augmentation.
For a precise explanation of how each dimension is weighted and how Claude Sonnet scores your answers, see the full MRS methodology.
Understanding the Migration Readiness Score: How We Calculate MRS →What to do with a low-scoring application
A low score is not a verdict to abandon the application. It is a prioritised remediation list. An application that scores 45 on Architecture but 80 on Data and Team has a clear path: invest in API surface and layer separation before introducing agents. The data and team readiness will make that investment productive.
Applications that score below 40 across all five dimensions — the Not Ready tier — typically need a modernisation programme to run in parallel with, not as a prerequisite to, the agentic AI initiative. Waiting for full modernisation before any AI adoption is a three-to-five-year delay that most organisations cannot afford.
Not sure which level of agentic capability your organisation can realistically target? The five-level maturity model maps directly to MRS tier thresholds and tells you exactly what each level requires.
The Agentic AI Maturity Model: Five Levels from Automation to Autonomous Enterprise →