Gartner, Inc., a business and technology insights company, has identified six steps to help organizations reduce the risks of AI agent sprawl.
Gartner predicts that by 2028, an average global Fortune 500 enterprise will have over 150,000 agents in use, up from less than 15 in 2025, generating significant AI agent sprawl, IT complexity and management challenges.
By 2028, an Average Global Fortune 500 Enterprise Will Have Over 150,000 Agents in Use
“As CIOs and IT leaders see an explosion of AI agents across their organizations, many are contending with an ungoverned sprawl of agents that expose their organizations to a range of risks, including misinformation, oversharing and data loss,” said Max Goss, Sr. Director Analyst at Gartner.
“Many organizations resort to blocking or restricting the use of AI agents, but this is not a long-term solution. If employees are unable to work in the sanctioned tools, they will likely go around the organization’s controls and start using shadow AI, which presents far greater risks. Organizations need to find a balance where they can govern agents and manage sprawl, but also safely empower employees to innovate with these tools.”
Only 13% of Organizations Think They Have the Right AI Agent Governance in Place
Gartner identified six steps to help CIOs and IT leaders establish governance and guardrails to reduce the risks of AI agent sprawl.
- Establish agent governance and policies: Set clear rules for when and how agents are built, who can create and share them, and what connectors are permitted.
- Build centralized agent inventory: Organizations can use AI trust, risk, and security management (AI TRiSM) tools to help discover and categorize agents across applications, both from sanctioned tools, and from shadow AI solutions. Once organizations have an agent inventory, they can start to build adaptive controls to enforce the right policies based on the level of risk the agent presents.
- Define agent identity, permissions and life cycle model: Manage the agent identity, permission model and access controls, review, and retire redundant agents to prevent uncontrolled sprawl.
- Develop AI information governance: Govern what information the AI tool or agent has access to and ensure that there is a process in place to keep the data current, manage its permissions to prevent oversharing, and archive the data when it is obsolete.
- Monitor and remediate agent behavior: Establish ongoing visibility into agent usage, ensure policy compliance, detect anomalous behavior, and correct agents that exceed their intended scope or risk tolerance.
- Foster a culture of responsible AI usage: Support the workforce with training programs and a community of practice to drive adoption and amplify best practices on agent management across the organization.
Keyword: AI Agent Sprawl.
PRESS RELEASE
