AEO Score Improvement Roadmap 2026: A 90-Day Strategic Guide for SaaS Vendors
KanseiLink's AEO grade runs nine levels from CCC to AAA. If you're a product manager or SaaS vendor staring at your current grade and wondering where to start, this is your guide. Over 90 days, across three focused phases, you can make measurable progress. This is not a coding tutorial — it is a strategic decision guide: what to do, in what order, and who should own it.
1. Understand the Grade System: Where Are You Right Now?
Before you can improve, you need to know your starting point. KanseiLink's grade system organizes agent-readiness into three broad zones, each representing a fundamentally different relationship between your SaaS and AI agents.
– C
Either no public REST API exists, or one exists but is poorly documented and inconsistently structured. AI agents must rely on web scraping to interact with your service, which is fragile and unreliable. Common among SMB-focused Japanese SaaS products. The immediate priority is publishing a REST API with an OpenAPI 3.0 specification.
– B
A REST API exists and core functions are exposed as endpoints. However, no MCP server is available, meaning agents cannot use standardized tool-calling to interact with your service. The majority of enterprise SaaS products sit in this zone. Implementing an MCP server is the defining next step.
– AAA
An MCP server is live and agents can interact with your service through standardized tool calls. The difference between A and AAA is quality: tool coverage, error handling depth, documentation completeness, Server Card implementation, and operational stability. Continuous improvement is what drives the grade upward within this zone.
Cloudflare published isitagentready.com (source: blog.cloudflare.com/agent-readiness/) on April 17, 2026. It scans five categories — Discoverability, Content, Bot Access Control, API/Auth/MCP Discovery, and Commerce — as a free self-serve tool. Use it for a quick technical baseline before pursuing a KanseiLink audit. The two tools are complementary: Cloudflare gives you instant technical feedback; KanseiLink provides a third-party grade that carries external credibility with enterprise customers and AI agent platform partners.
2. Grade Requirements at a Glance
Drawn from KanseiLink's analysis of 225+ service audits, here is what each grade transition actually requires. Use this as your checklist.
| Grade Transition | Required Actions | Core Focus |
|---|---|---|
| C → BBB | Publish REST API, OpenAPI 3.0 spec, API key authentication, documented primary endpoints | Make your service "readable" by agents |
| BBB → B | Standardize error codes (RFC 7807), configure robots.txt for agent user-agents, publish Markdown content pages, document rate limits explicitly | Improve discoverability and reliability signals |
| B → A | Implement MCP server, add OAuth 2.1 support, publish MCP Server Card at /.well-known/mcp/server-card.json, publish Agent Skills Index at /.well-known/agent-skills/index.json |
Make your service "usable" by agents via tool calls |
| A → AA | Full MCP tool coverage for primary use cases, bilingual error messages (EN/JP for Japanese SaaS), public SLA and uptime page, Webhook support for event-driven agents | Make your service "reliably usable" by agents at scale |
| AA → AAA | Full feature MCP coverage, sandbox/test environment for agents, Agent Voice data contribution, EU AI Act compliance documentation (effective August 2026) | Top-tier standard for the agent economy |
3. The 90-Day Roadmap: Phase by Phase
Regardless of your current grade zone, the following three-phase structure gives you an actionable sequence. Each phase builds on the previous one.
| Phase | Key Actions | Expected AEO Impact |
|---|---|---|
| Month 1 Foundation |
API documentation: Publish or update your OpenAPI 3.0 spec for all primary endpoints. Make it browsable via Swagger UI or Redoc — agents and developers should be able to discover your full API surface without contacting sales. Error code standardization: Audit your current HTTP response codes. Ensure consistent use of 200, 400, 401, 403, 404, 429, and 500 with RFC 7807-format error bodies that explain what went wrong and how to recover. robots.txt for agents: Add explicit agent user-agent directives — claude-web, gpt-bot, anthropic-ai — and whitelist your API endpoints. This tells agents what they are allowed to access without guessing. Markdown content pages: Publish your key use cases, integration guides, and limitations in Markdown format. Agents can ingest plain Markdown far more reliably than formatted HTML, which reduces token overhead and parsing errors. |
CCC/CC/C → BBB/BB Existing BBB services can advance to B within the API-only zone |
| Month 2 MCP Setup |
MCP server implementation: Expose your most-used CRUD operations as MCP tools. Start with 5–10 high-value tools rather than full coverage — quality matters more than breadth at this stage. The PM's role here is writing clear requirements; implementation belongs to engineering. OAuth 2.1 authentication: Implement the OAuth 2.1 flow that MCP clients expect. Require PKCE. Define granular scopes so agents can request only the permissions they need — broad scopes are a red flag in KanseiLink audits. MCP Server Card: Place a JSON file at /.well-known/mcp/server-card.json describing your service, available tools, authentication method, and terms of use URL. This is currently a draft proposal from Cloudflare but is already recognized as a positive signal in KanseiLink's A-range evaluation.Agent Skills Index: Publish /.well-known/agent-skills/index.json listing the agent-executable skills your service supports, enabling agent orchestrators to discover your capabilities before connecting.
|
BB/B → A High-quality MCP with broad coverage can push directly to AA territory |
| Month 3 Measure & Optimize |
KanseiLink audit: After 90 days of improvement, submit for a formal KanseiLink audit. Use the resulting gap analysis to plan your next improvement cycle — most services find two or three specific areas that are holding their grade back. Cloudflare self-check: Run a scan on isitagentready.com across all five categories. Track scores over time to catch regressions before they affect your KanseiLink grade. MCP error log analysis: Aggregate tool-call errors from agent clients. Prioritize the most frequent errors first. Target an error rate below 5% for primary tools — this is a key quality metric in A-to-AA transitions. EU AI Act preparation: Major provisions of the EU AI Act take effect from August 2026. If your service handles HR, finance, or legal workflows for EU customers, begin preparing data processing transparency documentation now — this contributes to AAA-level compliance signals. |
Stable A grade maintained Clear path to AA/AAA established |
4. Who Owns What: Splitting Responsibility Across Your Team
AEO improvement is not an engineering-only project. The product manager's coordination role is what keeps the initiative moving. Here is how to split ownership cleanly:
- Product Manager: Sets grade targets and timeline, writes requirements documents for engineering, coordinates audit submissions with KanseiLink, owns the stakeholder communication
- Backend Engineers: Implements the OpenAPI spec, standardizes error codes, builds the MCP server and its tools, implements OAuth 2.1 flows
- Infrastructure / DevOps: Updates robots.txt and
/.well-known/endpoints, configures access controls for agent user-agents, sets up monitoring alerts for MCP error rates - Technical Writers / Documentation: Authors the Markdown content pages, enriches OpenAPI description fields, drafts the MCP Server Card content
- Legal / Compliance: Updates API terms of service to explicitly address agent usage, prepares EU AI Act data processing documentation for high-risk workflow categories
The most common Month 1 failure mode is spending the entire month polishing an OpenAPI spec before publishing it. KanseiLink audits evaluate what is live, not what is in a draft PR. Publish your top 20 endpoints at 80% quality, then iterate. The same principle applies to MCP: five well-implemented, well-documented tools will outscore thirty poorly-described ones in every audit category. Set a weekly ship cadence and treat the grade improvement as a continuous process, not a single milestone.
5. Common Failure Patterns — and How to Avoid Them
Based on observations from 225+ KanseiLink service audits, here are the pitfalls that repeatedly prevent services from advancing to the next grade level.
| Failure Pattern | Root Cause | Fix |
|---|---|---|
| OpenAPI spec diverges from actual API behavior | Spec is updated manually and falls out of sync when code changes | Adopt a code-first OpenAPI generator (FastAPI, Swagger annotations, etc.) so the spec is always derived from the implementation |
| MCP tool error messages are opaque | Engineers return internal debug strings rather than agent-facing error descriptions | PM writes an error message specification: each error must tell the agent what went wrong, why, and what it should try next |
| robots.txt update not propagating | CDN caches the old file after an update | Set a short Cache-Control max-age on robots.txt (3600 seconds is typical); purge the CDN cache explicitly after any update |
| Server Card content is stale | Created at MCP launch and never updated as tools were added or changed | Add "update server-card.json" as a line item on every MCP release checklist |
| OAuth scopes are too broad | Engineers default to a single all-access scope for simplicity | Define resource-level scopes (e.g., invoices:read, invoices:write) — KanseiLink auditors specifically check scope granularity for A-grade requirements |
6. Key Events in H2 2026: What to Prepare for Now
AEO grade improvement is an ongoing process, not a one-time project. Two significant external events in the second half of 2026 will affect grade criteria for AA and AAA services.
- EU AI Act major provisions (effective August 2026): Services that facilitate AI agent actions in high-risk categories — HR decision support, financial advice, legal document processing — will face transparency and audit trail requirements for EU customers. Japanese SaaS vendors with EU presence should begin compliance preparation immediately. This is a positive signal in AAA-level KanseiLink evaluations.
- MCP Server Card specification formalization: The
/.well-known/mcp/server-card.jsonformat is currently at draft stage per Cloudflare's proposal. A formal specification is expected to emerge from the broader MCP ecosystem in H2 2026. Implementing now gives you a head start and positions you to update quickly when the standard finalizes. - KanseiLink Q3 audit cycle: The Q3 batch audit is scheduled for July 2026. Services aiming for an upgraded grade in Q3 should complete their MCP implementation and quality improvements by end of June to allow time for documentation review before submission.
/.well-known/mcp/server-card.json) is a draft proposal from Cloudflare as of April 2026 and has not been formally standardized. EU AI Act applicability and compliance requirements should be verified with qualified legal counsel. KanseiLink's grade criteria are subject to revision as the agent ecosystem evolves.
Get Your AEO Grade Audited
KanseiLink's analysts will assess your current grade, identify the exact gaps holding you back, and co-design a 90-day improvement roadmap tailored to your team's capacity.
Request an AEO Audit