AI Governance

Agent sprawl is the new shadow IT. Your business needs a control plane

Microsoft, Google, Salesforce and IBM all shipped agent governance platforms in the last thirty days. Here's why every business will need an agent control plane within twelve months, and what one actually does.

Rafal Bergman··8 min read

How many AI agents are running in your business right now?

If you can't answer that question with a number, you have a problem. And it's the same problem that cloud created in 2014 when every team started spinning up AWS accounts on a credit card, and the CFO discovered six months later that the company was running 400 services across nine regions with no inventory, no budgets, and no kill switch.

We are about to repeat that mistake at speed. The 2026 version is agent sprawl.

The new shadow IT

I wrote a few months ago about shadow AI, the problem of employees using ChatGPT and Claude on personal accounts to process company data. That problem hasn't gone away. But there's now a second, more serious version of it: the agents your organisation has actually deployed.

In the last 30 days, Microsoft, Google, Salesforce and IBM all shipped what they're calling agent management platforms. Microsoft Agent 365 is positioned as a control plane to observe, govern, and secure agents, including discovery of "shadow AI," agent credentials, permissions, and registry sync with AWS Bedrock and Google Cloud. Google's Gemini Enterprise Agent Platform launched with Agent Identity, an Agent Gateway, Agent Observability, simulation, evaluation, and prompt-injection defences. Salesforce shipped Agent Fabric for trusted agent identity, model choice, deterministic handoffs, and agent scanning. IBM positioned watsonx Orchestrate as a central orchestration layer for agents, tools, and workflows with governance and auditability built in.

Four of the largest enterprise software companies in the world, all shipping the same product category in the same month. That's not a coincidence. That's the shape of the next problem.

The early signal that this is becoming procurement-grade is the rise of two open standards: Anthropic's Model Context Protocol (MCP) and the emerging Agent-to-Agent (A2A) work championed by Google. These are turning into the default way agents discover and call tools across vendors. Within twelve months I expect to see RFPs from regulated industries that list "MCP support" and "agent identity controls" the way they list SSO and SCIM today.

What an agent control plane actually does

When you deploy agents at scale, you face five questions that no spreadsheet or wiki can answer for long:

Who built this agent? Inventory. Owner. Purpose. Date deployed. Last reviewed.

What can it access? Data sources, customer records, internal documents, third-party APIs. Permissions need to be inherited from human identity, not assumed.

What can it do? Which tools it can call. Which actions are reversible and which are not. Which require human approval.

What budget can it spend? Token limits per task, per day, per month. Hard caps before the bill arrives, not after.

What did it do? A decision log. Which prompt, which tools, which outputs, which approvals. Reproducible, auditable, exportable.

These are the same five questions IAM answers for human identity, FinOps answers for cloud cost, and observability answers for production systems. The reason every major vendor is building this layer now is that agents collapse all three problems into one new stack.

An agent control plane is what IAM, FinOps, and APM became when they merged.

Lakhani, Spataro and Stave framed this shift in Harvard Business Review more directly than most vendors will: "agents should be treated as a managed workforce rather than a collection of software scripts." Once you accept that framing, the questions get easier. You already know how to onboard, evaluate, monitor, and offboard a workforce. The new task is doing it for software.

The reality check on urgency

The situation is less urgent than the vendor messaging suggests. Gartner's April Hype Cycle placed agentic AI at the Peak of Inflated Expectations and noted that only 17% of organisations had actually deployed AI agents in production. More than 60% expect to within two years, but expectation and reality are different animals.

The point is not that you need an agent control plane today. The point is that the window between "we don't have agents" and "we have agents we can't account for" is going to be about six months. That's how long it took most companies to move from "we have one AWS account" to "we have no idea how many AWS accounts we have." Agents will move faster because they're easier to spin up and harder to see.

Why this matters now

There's a specific moment where this becomes urgent, and most companies miss it.

It's not when you deploy your first agent. It's when your third department deploys an agent without telling the second one. Customer support has a triage agent. Legal has a contract review agent. Finance has a reconciliation agent. They were built by three different teams, with three different vendors, on three different model providers, with three different definitions of "approved data access." Nobody owns the cross-cutting view.

I have seen this play out twice already, on smaller scales. In one business, a customer success team had built a perfectly reasonable agent to summarise account notes before renewal calls. Around the same time, a separate operations team had built an agent that wrote into the same CRM records. Neither team knew about the other. When the renewal agent's summary started including content the operations agent had written automatically, the business spent a week working out whether the resulting renewal note had been generated, edited, or invented. The answer existed somewhere in the logs. Nobody owned the logs.

That moment usually arrives between deployment numbers four and eight. After that, retrofitting governance is roughly twice as expensive as building it in. I've watched the same cost curve in cloud, in containers, in microservices, and in data pipelines. It's identical every time.

What I'd do in your position

If you're the CTO, COO, or head of operations at a company that has deployed more than one agent, or is about to, I'd do four things in the next quarter:

Build the inventory first. Not the platform, the inventory. A simple register of every agent in production or in pilot: owner, purpose, data access, model, monthly cost. You will be surprised by what you find. Most leaders are.

Define your agent development lifecycle. Treat agents like production systems, because they are. Requirements, tool contracts, data contracts, evaluations, red-team tests, permission reviews, simulation, rollout, monitoring, rollback, incident management, audit. Most of these already exist for your software. You need to extend them, not invent them.

Pick the control plane after you understand the requirements. The vendor space is moving weekly. Microsoft, Google, Salesforce, IBM, and a dozen smaller players will all claim to solve this. The right answer depends on where your data already lives and which agents you already run. Don't buy the platform first and shape your operating model around the vendor.

Test the kill switch. Every agent in production needs an off button. Not a "we'll figure it out" off button. A documented, owner-on-call, actually-tested off button. Pick a Tuesday morning and run a drill: shut the agent down, observe what breaks downstream, time how long it takes to recover. This is the single fastest way to expose which agents are genuinely understood by their owners and which are running on hope.

The board-level reframe

For boards and PE-backed leadership teams, the simplest reframe is this: agents are software that takes actions on your behalf, using your data, spending your money, and creating audit trails you may not own. The governance you would demand for any other system that did all four of those things should apply here.

This is not a reason to slow down agent adoption. It's a reason to build the inventory and the lifecycle now, while you have three agents instead of thirty. The companies that lead on this in 2026 will look like the companies that built proper cloud governance in 2015. The ones that don't will look like the ones still cleaning up cloud waste a decade later.

If you'd like to talk through what an agent inventory or lifecycle would look like in your business, get in touch. I've built governance frameworks alongside production AI systems at NHS Wales and in regulated insurance, where the audit bar is high and the cost of getting it wrong is higher.

Related: Shadow AI is your next audit finding · Agentic AI in 2026. What actually works · The AI Transformation Sprint

Rafal Bergman
Rafal Bergman
Fractional CTO | Director of AI Engineering | PhD

Serial founder, four exits. Currently Director of AI Engineering at OpenAsset. I help organisations stop running AI pilots and start shipping systems that move the P&L. Connect on LinkedIn

Ready to make AI actually work?

Tell me what you're working on. I'll respond personally. If there's a fit, we'll take it from there.

Get in touchView services first
or take the free AI readiness assessment →

Currently accepting one new client alongside existing commitments. Second slot opens Q3 2026.