Agent AI Sprawl Nobody Owns

150,000 agents per enterprise by 2028 — and almost nobody can name who owns them.

Agent AI Sprawl Nobody Owns
created by Gemini

Your company has 37 AI agents right now. You can name maybe six of them.

In April 2026, Gartner analyst Max Goss stood in front of a room of CIOs in London and delivered a number most of them didn’t want to hear: by 2028, the average global Fortune 500 enterprise will be running more than 150,000 AI agents. In 2025, that number was under 15.

That’s not a typo, and it’s not a decade-out prediction from a hype cycle. It’s a three-year jump from “a handful of pilots” to “six figures of autonomous software making decisions inside your business.” And almost nobody is tracking the agents they already have, let alone the ones coming.

This is agent sprawl, and it’s quietly becoming the defining infrastructure problem of the agentic AI era — not because agents don’t work, but because they work well enough that every team builds its own, and nobody was put in charge of counting.

In this article:

  • What “agent sprawl” actually means
  • The numbers, lined up
  • Why this isn’t just “shadow IT, again”
  • The real-world pattern, at enterprise scale
  • What actually reduces sprawl (not just documents it)
  • The role nobody’s hired for yet

What “agent sprawl” actually means

Agent sprawl is the uncontrolled proliferation of autonomous AI agents across an organization, deployed without centralized inventory, ownership, or governance. Okta’s security research frames it as the root cause of a broader shadow AI problem — the moment a hidden chatbot becomes a hidden agent with write access to company systems, the risk profile changes entirely.

The distinction matters. A chatbot that gives a wrong answer is an inconvenience. An agent with production credentials that takes the wrong action is an incident.

It doesn’t start as a decision. It starts as convenience, repeated across every department at once:

  • Marketing spins up a content research agent.
  • Sales builds an account research agent.
  • Customer success stands up its own customer research agent.
  • Operations automates reporting with a fourth agent nobody else knows about.

Four teams, four owners, four prompt sets, four permission structures, four slightly different answers to the same underlying question — and an estimated 70% overlap in what these agents actually do, according to enterprise automation analysts tracking this pattern through 2026. Nobody checks, because nobody’s job is to check.

The numbers, lined up

Different research groups are measuring this from different angles — security, IT governance, SaaS spend — and they’re converging on the same shape: adoption is outrunning oversight by a wide and growing margin.

MetricFigureSourceFortune 500 agents in use, 2025 → 2028 (projected)<15 → 150,000+Gartner, Apr 2026Large-enterprise agent count by end of 2026~1,600IBM, Think 2026Organizations with a current, complete agent inventory18%IBM, Think 2026Orgs with a centralized platform to manage sprawl12%IBM, Think 2026AI agents currently operating inside corporations3M+Gravitee, State of AI Agent Security 2026Of those, actively monitored or secured47.1%Gravitee, 2026Enterprise apps with embedded task-specific agents by end of 202640% (up from <5% in 2025)GartnerOrgs confirming or suspecting an AI agent security incident in the past year88%Gravitee (919 orgs surveyed)CIOs who say current AI governance isn’t fit for purpose70%IBM, Think 2026

Read that last row again. This isn’t a story about organizations that haven’t started governing AI agents. It’s a story about organizations that tried and concluded their current approach doesn’t hold up.

Here’s the growth curve Gartner is projecting, plotted out:

javascript

// Chart.js — paste into a CodePen/JSFiddle embed
new Chart(ctx, {
type: 'line',
data: {
labels: ['2025', '2026', '2027', '2028'],
datasets: [{
label: 'Avg. AI agents per Fortune 500 enterprise',
data: [15, 1600, 40000, 150000],
borderColor: '#2E6FF2',
backgroundColor: 'rgba(46, 111, 242, 0.1)',
borderWidth: 3,
tension: 0.3,
fill: true,
pointBackgroundColor: '#FF6F59',
pointRadius: 6
}]
},
options: {
scales: {
y: {
type: 'logarithmic',
title: { display: true, text: 'Agents in use (log scale)' }
}
},
plugins: {
title: { display: true, text: 'The Agent Sprawl Curve: 2025–2028' }
}
}
});

The logarithmic scale isn’t a stylistic choice — it’s the only way to fit 15 and 150,000 on the same chart. That compression is the whole story.

Why this isn’t just “shadow IT, again”

Every engineer who lived through the SaaS sprawl era of the 2010s is having déjà vu right now, and the comparison is useful — up to a point. Dropbox showed up on laptops before IT knew it existed. Slack channels multiplied faster than anyone could map them. It took the better part of a decade to build the enterprise architecture practices that cleaned that up.

Agent sprawl rhymes with that, but it isn’t the same shape of problem, for one structural reason: a SaaS tool is an application. An agent is both the application and the user.

A rogue Dropbox folder just sits there. A rogue agent acts. It inherits permissions, moves laterally across systems, and — increasingly — adapts around the obstacles put in its way. Security researchers have started describing this as “self-healing shadow IT”: agents that navigate around UI changes or blocked paths without any human noticing the workaround happened.

Traditional identity and access management assumes relatively stable roles and a human to hold accountable when something breaks. Agents don’t fit that model on any of the three axes that matter:

HUMAN EMPLOYEE                    AI AGENT
───────────────── ─────────
Stable role over time → Ephemeral — spins up, finishes, disappears
Predictable behavior → Dynamic — reasons in real time about access
One identity, one owner → Inherited permissions, unclear ownership
Manager to notify → ??? (this is the whole problem)

Two incidents from the past year make the abstract version concrete. A well-documented AI coding agent, granted legitimate write access to a production database, deleted it — not through malice, but because nobody had scoped what “legitimate write access” should actually mean for an autonomous system. Separately, a customer-facing chatbot with standing access to an applicant database exposed millions of job-applicant records, because its original, narrower use case had quietly expanded without anyone re-reviewing what it could touch.

Neither of these was a sophisticated attack. Both were governance gaps wearing a production incident as a costume.

The real-world pattern, at enterprise scale

This isn’t confined to startups moving fast and breaking things. The Wall Street Journal reported in mid-2026 that established companies — including Lyft, DaVita, GitLab, and FICO — are actively working through duplicated agent functions, conflicting outputs, rising compute costs, and strained IT budgets caused by exactly this dynamic: independently developed agents, built by different teams, solving overlapping problems in incompatible ways.

Salesforce’s 2026 Connectivity Benchmark, surveying over a thousand IT leaders, puts a finer point on the isolation problem specifically: the average enterprise runs about 12 AI agents today, projected to reach 20 within two years, and half of all deployed agents operate in silos with no shared context and no unified governance. Nearly a third of the API connections between agents are completely ungoverned — meaning the handoffs, not just the agents themselves, are a blind spot.

And this is happening while standards fragment rather than converge. In roughly a single year, the industry produced four competing agent-communication protocols — Google’s A2A, the Agent Network Protocol, Agent Communication Protocol, and Model Context Protocol — with adoption split across all four. Protocols solve how agents talk to each other. They don’t solve who’s allowed to build one, what it’s allowed to touch, or who retires it when it’s obsolete.

What actually reduces sprawl (not just documents it)

Gartner’s six-step framework, presented alongside its 150,000-agent projection, is the closest thing to an emerging standard, and it’s worth taking seriously precisely because it doesn’t ask organizations to slow down agent adoption — a strategy Gartner explicitly warns backfires by pushing usage further into the shadows.

  1. Establish governance and policy first — who can build an agent, what connectors are permitted, before the building starts.
  2. Build a centralized agent inventory — you cannot govern what you haven’t counted. Only 18% of large enterprises can currently do this.
  3. Define identity, permissions, and a lifecycle — including a retirement path. Agents that outlive their purpose are exactly the ones nobody’s watching.
  4. Govern the information layer — what data an agent can reach, and a process to keep that current instead of accumulating permissions indefinitely.
  5. Monitor and remediate behavior continuously — not a quarterly audit, because agents act at machine speed.
  6. Consolidate duplicate agents — the four-departments-one-problem pattern is the single most common and most fixable source of sprawl.

IBM’s Think 2026 data adds a useful data point for anyone skeptical that governance and speed trade off against each other: organizations that adopted a centralized orchestration layer for their agents scaled their AI practice roughly 13 times faster than those without one, with 30% fewer operational irregularities. For a large enterprise, that failure-rate reduction alone was estimated at over $100 million a year in avoided rework and incident response.

Orchestration isn’t a governance tax. It’s what makes scale possible at all — the same way API gateways didn’t slow down microservices, they were the thing that let microservices scale past a dozen services without collapsing into chaos.

The role nobody’s hired for yet

Every layer of this problem points at the same missing piece: an inventory without an owner is just a spreadsheet. Someone needs to hold the actual accountability for what agents exist, what they’re permitted to do, and when they get retired — a role distinct from both traditional IT governance and the data science team that built the model in the first place.

Right now, that responsibility is either split across five teams that don’t talk to each other, or it belongs to nobody at all. That’s not a tooling gap. Every vendor at RSAC 2026 launched an agent governance product, and by most accounts none of them solved this on their own — because inventory tools can tell you what exists, but they can’t tell you who’s accountable for it.

The organizations pulling ahead in 2026 aren’t the ones that deployed the most agents. They’re the ones that can answer a simple question about every single one: who owns this, and what happens when it’s wrong?

If your organization can’t answer that today, you’re not behind on AI. You’re behind on the one part of AI adoption that was never really about the model at all.

Sources: Gartner (Apr 2026 press briefing, Gartner Digital Workplace Summit London), IBM Think 2026 enterprise survey, Gravitee State of AI Agent Security 2026, Salesforce 2026 Connectivity Benchmark, Okta agent sprawl research, Wall Street Journal enterprise AI reporting (2026), Microsoft Cyber Pulse 2026, World Economic Forum Cybersecurity Outlook 2026.


Agent AI Sprawl Nobody Owns was originally published in Towards AI on Medium, where people are continuing the conversation by highlighting and responding to this story.

Liked Liked