Gartner is warning of a dramatic surge in the number of AI agents across large enterprises, projecting that the average Fortune 500 company could be managing more than 150,000 agents by 2028, up from fewer than 15 in 2025. This rapid expansion is expected to significantly increase IT complexity and introduce new operational and security challenges.
At the same time, governance frameworks are not keeping pace.
Only 13% of organizations believe they have adequate AI agent governance in place. Gartner stresses that restricting access to AI tools is not a sustainable solution, as it may drive employees toward unsanctioned “shadow AI,” increasing risks such as data loss, misinformation, and oversharing.
Why It Matters: The growth of AI agents is accelerating faster than most organizations can realistically manage, turning what was once a niche capability into a core operational layer. As adoption scales, enterprises must rethink how they handle governance, visibility, and accountability to ensure these systems deliver value without introducing unmanaged risk.
- Agent sprawl is scaling faster than control systems: The projected leap from fewer than 15 agents to over 150,000 per enterprise represents a shift in how software is created and used. Each agent can act autonomously, integrate with multiple systems, and evolve over time, making it increasingly difficult for IT teams to maintain a clear picture of what is running, where, and why. Without scalable control mechanisms, organizations risk losing operational oversight.
- Governance gaps expose organizations to real and compounding risks: In environments where governance is immature or inconsistent, AI agents may access sensitive data, generate inaccurate outputs, or take actions outside their intended scope. These risks are not isolated. Errors or misuse can cascade across systems, especially when agents are interconnected. This makes governance a critical component of enterprise risk management.
- Blocking AI tools can backfire and increase exposure: Attempting to tightly restrict or ban AI usage often leads employees to seek alternative tools outside official channels. This “shadow AI” is typically invisible to IT and security teams, meaning it operates without safeguards, monitoring, or policy enforcement. As a result, organizations may end up with greater risk than if they had enabled controlled, transparent usage from the start.
- Centralized visibility is key to managing complexity at scale: Establishing a comprehensive inventory of AI agents, across both approved platforms and unofficial tools, is essential for regaining control. With centralized visibility, organizations can categorize agents by risk level, apply adaptive policies, and monitor usage patterns. This foundation enables more proactive management, rather than reactive troubleshooting after issues arise.
- Culture, training, and shared practices are critical enablers: Technology alone cannot solve the challenges of AI agent sprawl. Employees need clear guidance on how to build, deploy, and use agents responsibly. Training programs, internal communities of practice, and shared governance standards help embed responsible AI usage into everyday workflows. Over time, this cultural alignment reduces misuse and supports sustainable, scalable adoption.
Go Deeper -> Gartner Identifies Six Steps to Manage AI Agent Sprawl – Gartner
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.
