{"version":"1.0","type":"agent_native_article","locale":"en","slug":"ai-agents-without-governance-operating-inside-your-company-mpgknard","title":"AI Agents Without Governance Are Operating Right Now Inside Your Company","primary_category":"ai","author":{"name":"Andrés Molina","slug":"andres-molina"},"published_at":"2026-05-22T06:03:07.916Z","total_votes":76,"comment_count":0,"has_map":true,"urls":{"human":"https://sustainabl.net/en/articulo/ai-agents-without-governance-operating-inside-your-company-mpgknard","agent":"https://sustainabl.net/agent-native/en/articulo/ai-agents-without-governance-operating-inside-your-company-mpgknard"},"summary":{"one_line":"Ungoverned AI agents are already acting inside enterprise systems—touching customer data, moving money, and modifying configurations—while governance frameworks remain a deferred conversation.","core_question":"How did AI agents proliferate inside large enterprises without oversight, and what does it cost to keep treating governance as a future problem?","main_thesis":"The adoption of agentic AI in enterprises outpaced governance not due to negligence but due to a cognitive bias that framed each incremental deployment as a low-risk extension of the previous one. The result is a sprawl of autonomous agents operating on critical infrastructure with no central inventory, no audit trail, and no shutdown procedure—creating asymmetric risk that organizations are psychologically incentivized to ignore until a failure forces the conversation."},"content_markdown":"## AI Agents Without Governance Are Operating in Your Company Right Now\n\nThe conversation about artificial intelligence in large enterprises follows a comfortable script: evaluating platforms, approving budgets, designing pilots. Meanwhile, inside CRM systems, customer service operations, and financial approval workflows, AI agents are making decisions without anyone knowing exactly how many of them exist, what data they touch, or what they do when no one is watching.\n\nThat is the uncomfortable fact the industry has been elegantly sidestepping for months. This is not a projection. Salesforce closed 29,000 contracts for its Agentforce platform. Cursor, the software development tool that reached around $2 billion in annual recurring revenue with just over fifty employees, reports that approximately 35% of its own merged *pull requests* are written by autonomous agents running in the cloud. Companies in the Global 2000 have agents touching customer data, moving money, and modifying configurations in production environments. Governance came later. In many cases, it still hasn't arrived.\n\nWhat this reveals is not a planning error. It is an adoption pattern with a very specific psychological logic, and understanding it matters more than listing technical solutions.\n\n## Why Speed Defeated Control Before Anyone Noticed\n\nThere is a distinction that technology risk analyses tend to ignore: the difference between adopting a tool and surrendering autonomy. When a team installs an AI assistant that suggests responses or summarizes documents, the sense of control remains intact. The human is still the one who decides. The agentic agent changes that equation at its foundation: it plans, executes multiple steps, calls external systems, and acts. It no longer suggests. It does.\n\nThat shift was not accompanied by an equivalent update in the perception of risk within organizations. And that has a precise behavioral explanation: **the cognitive continuity bias**. When a new technology is introduced incrementally, each step seems like a reasonable extension of the previous one. The first agent that automated support responses seemed equivalent to the chatbot of 2019. The next one, which began updating records in the CRM, seemed like a logical improvement. No one declared the moment when the line was crossed between an assisted tool and an autonomous system with access to critical infrastructure.\n\nTechnology teams did not fail out of negligence. They failed because the mental framework they used to evaluate risk was not calibrated to capture autonomy — only to capture technical complexity. And autonomy, unlike complexity, does not show up in an architecture diagram.\n\nThe result is what Boomi aptly calls *agent sprawl*: a proliferation of agents deployed by different business units, under different vendors, with different levels of access, and without a central inventory that would even allow anyone to know how many exist. The same problem organizations experienced with the uncontrolled expansion of SaaS software in the middle of the last decade, but with one material difference: these agents do not merely store data — they process it and act on it.\n\n## The Race to Become the Control Layer\n\nFaced with that vacuum, the major enterprise platform vendors are competing to occupy a specific position: the governance layer over agents. This is not a race to build better agents. It is a race to become the system that controls all the others.\n\nSalesforce integrates its controls within its own environment, with the Einstein Trust Layer operating as a policy perimeter inside Agentforce. Microsoft extends governance from its productivity infrastructure and Azure, using Copilot Studio as an administration panel. ServiceNow presented at its Knowledge 2026 event an AI Control Tower that consolidates multi-platform governance, incorporating its acquisitions of Veza and Armis to map agent identities and permissions at enterprise scale. IBM bets on auditability in regulated industries with watsonx Orchestrate. Google anchors its proposal within the Google Cloud perimeter.\n\nThe pattern is consistent: each vendor expands governance from the asset it already controls. That is rational from a business perspective and generates a structural problem from the client's perspective. The mid-sized or large Global 2000 company does not run agents from a single vendor. It runs LangGraph in one department, Agentforce in sales, an internal system in operations, and perhaps a proprietary development in finance. None of the vendors has an incentive to build governance that serves the competitor's agents equally well.\n\nThat is the opening that independent players are trying to capitalize on. Kore.ai, which claims to serve more than 450 Global 2000 clients in regulated industries, launched a multi-framework agent management platform in March 2026 and extended it in May of that same year onto Microsoft Azure as a launch partner for Microsoft Agent 365. The technical architecture they propose separates agentic reasoning from deterministic control into distinct layers, with a compiled declarative language called Agent Blueprint Language for defining agents and six multi-agent orchestration patterns. The design logic is that governance rules operate outside the model, not inside the prompt. That matters because a prompt can be reinterpreted by the model; an external deterministic layer cannot.\n\nWhat remains unresolved is whether the promise of multi-vendor governance can hold when each platform has incentives to keep its agents within its own perimeter. Verification of that architecture under real production conditions will continue to be the criterion that separates genuine value proposition from a sales slide.\n\n## The Problem CIOs Are Avoiding Naming\n\nThere is an organizational friction that underlies all of this and that technical analyses tend to omit: **agent governance forces organizations to answer questions that nobody wants to answer**.\n\nInventorying all active agents in an organization means revealing how many were deployed without formal approval. Defining access permissions means opening conversations about which business units have too much power over sensitive data. Creating audit logs of every action taken by every agent means that when something goes wrong, there will be a trail pointing to those responsible. These are not technical conversations. They are political conversations.\n\nThe omission bias operates powerfully here. It is psychologically more comfortable not to audit than to discover a problem that forces action. As long as the agent is functioning, the incentive to examine whether it should be functioning with that level of access is low. The cost of discovering an issue is concentrated in the present, as friction and difficult conversations. The benefit of having it under control only materializes when something fails, and that moment feels abstract until it actually happens.\n\nIBM articulates this directly in its agent governance analysis: organizations need emergency shutdown procedures for autonomous systems that are failing or behaving unexpectedly. That implies that someone must have already documented the complete map of what the agent can do, before the agent does something no one anticipated. Preparedness requires visibility. And visibility requires admitting that it currently does not exist.\n\nThe World Economic Forum has proposed treating the onboarding process for an agent with the same rigor as the onboarding of an employee: defining function, role, level of autonomy, use cases, environment, capabilities, and restrictions. It is a metaphor that captures something psychologically significant. No company would think of hiring employees without defining what they can do, which systems they have access to, and who supervises their work. With agents, that same basic logic was skipped because the technical object seemed smaller, more controllable, more reversible than a person. It turned out it was not.\n\n## The Cost of Continuing to Call It \"Phase Two\"\n\nThe most costly phrase in enterprise technology adoption is not \"this won't work.\" The most costly one is \"we'll implement governance in the next phase.\" Because by the next phase, the system already has dependencies, already has users who rely on it, has already generated results that someone uses to make decisions, and dismantling it — or even auditing it in depth — produces a level of friction the organization is not willing to absorb.\n\nCredo AI describes this precisely by pointing out that responsibility and accountability continue to fall on the organization, even when an autonomous agent is the one directly executing the action. That carries legal, regulatory, and reputational implications that technology teams are generally not in a position to absorb on their own. These are conversations for the level of the CFO, the CISO, and the board.\n\nThe calculation that organizations are avoiding making explicitly is the following: the cost of implementing governance over agents that are already deployed is high. The cost of a failure by an agent operating within financial data, credit decisions, or regulated customer communications can be a multiple of that initial cost. The asymmetry is clear on paper. It is not clear in the mind of the person who has to approve a budget to audit systems that are apparently functioning.\n\nPalo Alto Networks estimates that agentic AI could unlock up to $2.6 trillion in economic value if it scales safely. The conditional matters. The potential value and the unmanaged risk coexist on the same infrastructure. The question for the CIO, the CISO, and the CFO is not which governance platform to evaluate. The question is how many agents are acting right now within the organization over which there is no capacity whatsoever to demonstrate what they did, why they did it, or who can stop them.\n\nThe companies that build that capacity over the next two years will be in a position to scale. Those that continue to treat governance as a future conversation will have to explain to their boards of directors — and possibly to their regulators — why they did not build it before there was anything to explain.","article_map":{"title":"AI Agents Without Governance Are Operating Right Now Inside Your Company","entities":[{"name":"Salesforce","type":"company","role_in_article":"Primary example of agentic AI scale; 29,000 Agentforce contracts; Einstein Trust Layer as vendor-native governance perimeter"},{"name":"Agentforce","type":"product","role_in_article":"Salesforce's agentic AI platform cited as evidence of enterprise-scale agent deployment"},{"name":"Cursor","type":"company","role_in_article":"Example of autonomous agent adoption depth; 35% of merged pull requests written by agents"},{"name":"Microsoft","type":"company","role_in_article":"Governance layer competitor extending from productivity infrastructure and Azure via Copilot Studio"},{"name":"Copilot Studio","type":"product","role_in_article":"Microsoft's agent administration panel for governance"},{"name":"ServiceNow","type":"company","role_in_article":"Presented AI Control Tower at Knowledge 2026 for multi-platform governance; acquired Veza and Armis"},{"name":"IBM","type":"company","role_in_article":"Bets on auditability in regulated industries with watsonx Orchestrate; articulates need for emergency shutdown procedures"},{"name":"watsonx Orchestrate","type":"product","role_in_article":"IBM's agent governance platform targeting regulated industries"},{"name":"Google","type":"company","role_in_article":"Anchors governance proposal within Google Cloud perimeter"},{"name":"Kore.ai","type":"company","role_in_article":"Independent multi-vendor governance player; 450+ Global 2000 clients; launched Agent Blueprint Language and multi-framework platform"},{"name":"Boomi","type":"company","role_in_article":"Coined the term 'agent sprawl' to describe uncontrolled agent proliferation across business units"},{"name":"Palo Alto Networks","type":"company","role_in_article":"Estimates agentic AI could unlock $2.6 trillion in economic value if scaled safely"}],"tradeoffs":["Speed of agentic AI deployment vs. visibility and control over what agents are doing in production","Vendor-native governance convenience vs. structural blind spots in multi-vendor enterprise environments","Cost of implementing governance over already-deployed agents vs. cost of a failure in financial or regulated data systems","Omission bias comfort of not auditing vs. regulatory and reputational exposure when something fails","Centralized governance layer control vs. business unit autonomy in deploying agents for their specific needs","Prompt-based governance flexibility vs. deterministic external layer reliability"],"key_claims":[{"claim":"Salesforce has closed 29,000 contracts for its Agentforce platform.","confidence":"high","support_type":"reported_fact"},{"claim":"Cursor reached approximately $2 billion in annual recurring revenue with just over fifty employees, with 35% of merged pull requests written by autonomous agents.","confidence":"high","support_type":"reported_fact"},{"claim":"Organizations cannot currently demonstrate what their deployed agents did, why they did it, or who can stop them.","confidence":"medium","support_type":"inference"},{"claim":"Cognitive continuity bias—not negligence—explains why technology teams failed to identify the autonomy threshold.","confidence":"interpretive","support_type":"editorial_judgment"},{"claim":"Vendor-native governance architectures create structural blind spots for multi-vendor enterprises because no vendor has an incentive to govern competitors' agents equally well.","confidence":"high","support_type":"inference"},{"claim":"The most costly phrase in enterprise technology adoption is 'we'll implement governance in the next phase.'","confidence":"interpretive","support_type":"editorial_judgment"},{"claim":"Palo Alto Networks estimates agentic AI could unlock up to $2.6 trillion in economic value if it scales safely.","confidence":"high","support_type":"reported_fact"},{"claim":"IBM's agent governance analysis states organizations need emergency shutdown procedures for autonomous systems that are failing or behaving unexpectedly.","confidence":"high","support_type":"reported_fact"}],"main_thesis":"The adoption of agentic AI in enterprises outpaced governance not due to negligence but due to a cognitive bias that framed each incremental deployment as a low-risk extension of the previous one. The result is a sprawl of autonomous agents operating on critical infrastructure with no central inventory, no audit trail, and no shutdown procedure—creating asymmetric risk that organizations are psychologically incentivized to ignore until a failure forces the conversation.","core_question":"How did AI agents proliferate inside large enterprises without oversight, and what does it cost to keep treating governance as a future problem?","core_tensions":["Organizational incentives favor deployment speed while risk exposure accumulates silently in the background","Vendor governance solutions are structurally misaligned with multi-vendor enterprise reality","Political friction of revealing unauthorized deployments blocks the visibility that governance requires","The moment governance becomes most necessary—after agents have dependencies and users—is also the moment it is most costly to implement","Accountability remains with the organization even as autonomous agents make the actual decisions"],"open_questions":["Can multi-vendor governance architectures like Kore.ai's actually hold when each platform has incentives to keep agents within its own perimeter?","What is the actual count of ungoverned agents operating inside a typical Global 2000 company today?","At what point does regulatory pressure force governance timelines rather than organizational choice?","How do organizations conduct agent inventories without triggering the political consequences that make CIOs avoid the exercise?","Will the governance layer consolidate around one or two dominant platforms, or remain fragmented like the agent layer itself?","What liability frameworks will emerge to assign accountability when an ungoverned agent causes a material failure?"],"training_value":{"recommended_for":["CIOs and CTOs evaluating enterprise AI governance strategy","CISOs assessing autonomous agent risk in production environments","CFOs and boards needing to understand AI liability and accountability frameworks","Enterprise architects designing multi-vendor AI infrastructure","Risk and compliance teams building AI audit frameworks","Consultants advising on digital transformation governance"],"when_this_article_is_useful":["When advising a CIO, CISO, or CFO on whether to prioritize AI governance investment","When evaluating enterprise AI governance platform vendors and understanding their structural incentives","When building a business case for AI risk management infrastructure","When assessing whether an organization's AI adoption has outpaced its oversight capacity","When designing agent onboarding or access permission frameworks","When preparing board-level presentations on AI risk exposure"],"what_a_business_agent_can_learn":["How cognitive continuity bias causes organizations to cross critical autonomy thresholds without triggering risk reassessment","Why governance conversations are systematically deferred and what the compounding cost structure of that deferral looks like","How to frame the agent governance decision as an asymmetric risk calculation for CFO and board audiences","The structural difference between vendor-native governance and multi-vendor independent governance, and when each is appropriate","Why omission bias is the primary behavioral obstacle to enterprise AI risk management, not technical complexity","How agent sprawl mirrors SaaS sprawl dynamics but with categorically higher stakes","The political—not just technical—barriers to conducting an agent inventory in a large organization"]},"argument_outline":[{"label":"1. The scale is already real","point":"Salesforce has closed 29,000 Agentforce contracts. Cursor reports 35% of merged pull requests are written by autonomous agents. Global 2000 companies have agents touching customer data, moving money, and modifying production configurations.","why_it_matters":"This is not a future scenario. The governance gap is active and measurable today, not hypothetical."},{"label":"2. Cognitive continuity bias explains the gap","point":"Each agentic deployment felt like a reasonable extension of the previous tool—chatbot to response suggester to CRM updater—so no one identified the moment autonomy crossed a critical threshold.","why_it_matters":"The failure was not technical negligence; it was a miscalibrated mental model. Risk frameworks were built to assess complexity, not autonomy."},{"label":"3. Agent sprawl mirrors SaaS sprawl but with higher stakes","point":"Multiple business units deployed agents under different vendors with different access levels and no central inventory—the same pattern as uncontrolled SaaS expansion, but agents act on data rather than just storing it.","why_it_matters":"The structural risk is categorically different from SaaS sprawl: autonomous action on sensitive data compounds exposure exponentially."},{"label":"4. Vendors are racing to own the governance layer, not just build better agents","point":"Salesforce, Microsoft, ServiceNow, IBM, and Google each extend governance from the asset they already control. Independent players like Kore.ai are betting on multi-vendor governance as the gap no single vendor will fill for competitors.","why_it_matters":"Vendor-native governance creates lock-in and leaves multi-vendor enterprises with structural blind spots. The governance layer is the next platform war."},{"label":"5. Organizational politics block visibility more than technology does","point":"Inventorying agents reveals unauthorized deployments. Defining permissions opens power conversations. Creating audit logs creates accountability trails. These are political problems, not technical ones.","why_it_matters":"Omission bias makes inaction the path of least resistance. The cost of discovering a problem is immediate; the cost of not having governance only materializes at failure."},{"label":"6. Deferring governance compounds the cost","point":"Once agents have dependencies, users, and decision outputs, auditing or dismantling them generates friction the organization refuses to absorb. Responsibility remains with the organization regardless of which agent executed the action.","why_it_matters":"The asymmetry is clear: governance implementation cost is high but bounded; a failure in financial, credit, or regulated data can be a multiple of that cost."}],"one_line_summary":"Ungoverned AI agents are already acting inside enterprise systems—touching customer data, moving money, and modifying configurations—while governance frameworks remain a deferred conversation.","related_articles":[{"reason":"Directly extends the governance argument: covers the moment AI agents gained autonomous payment capabilities via AWS Bedrock AgentCore Payments, making the governance gap materially more urgent and financially consequential","article_id":12830},{"reason":"Analyzes the structural pattern of value concentrating in the control or support layer rather than the visible layer—directly maps to the article's argument that the governance layer is the real platform war","article_id":12803},{"reason":"Examines how AI is splitting enterprise software into structural winners and losers, providing context for why vendor-native governance creates lock-in advantages for incumbents","article_id":12867},{"reason":"Explores why AI pilots fail before producing results—relevant to understanding the organizational dynamics that allow ungoverned agents to persist without formal evaluation","article_id":12849}],"business_patterns":["Cognitive continuity bias drives incremental adoption past critical autonomy thresholds without triggering risk reassessment","Agent sprawl replicates SaaS sprawl dynamics but with higher stakes because agents act on data rather than store it","Platform vendors expand governance from the asset they already control, creating lock-in rather than neutral oversight","Governance conversations are deferred until system dependencies make auditing prohibitively disruptive","Omission bias systematically underweights the cost of inaction in technology risk management","The governance layer becomes the next platform war once the agent layer commoditizes","Independent governance players emerge to fill the multi-vendor gap that no single platform vendor will fill for competitors"],"business_decisions":["Whether to conduct a full inventory of all active AI agents in the organization before a failure forces the issue","Whether to implement governance infrastructure now at high but bounded cost versus deferring and accepting asymmetric failure risk","Whether to rely on vendor-native governance platforms or invest in multi-vendor independent governance layers","Whether to treat agent onboarding with the same procedural rigor as employee onboarding","Whether to escalate AI agent governance to CFO, CISO, and board level rather than leaving it as a technology team conversation","Whether to build emergency shutdown procedures for autonomous agents before deploying them in production","Whether to audit agents deployed without formal approval, accepting the political friction that entails"]}}