AI Agents Without Governance Are Operating in Your Company Right Now
The conversation about artificial intelligence in large enterprises follows a comfortable script: evaluating platforms, approving budgets, designing pilots. Meanwhile, inside CRM systems, customer service operations, and financial approval workflows, AI agents are making decisions without anyone knowing exactly how many of them exist, what data they touch, or what they do when no one is watching.
That is the uncomfortable fact the industry has been elegantly sidestepping for months. This is not a projection. Salesforce closed 29,000 contracts for its Agentforce platform. Cursor, the software development tool that reached around $2 billion in annual recurring revenue with just over fifty employees, reports that approximately 35% of its own merged pull requests are written by autonomous agents running in the cloud. Companies in the Global 2000 have agents touching customer data, moving money, and modifying configurations in production environments. Governance came later. In many cases, it still hasn't arrived.
What this reveals is not a planning error. It is an adoption pattern with a very specific psychological logic, and understanding it matters more than listing technical solutions.
Why Speed Defeated Control Before Anyone Noticed
There is a distinction that technology risk analyses tend to ignore: the difference between adopting a tool and surrendering autonomy. When a team installs an AI assistant that suggests responses or summarizes documents, the sense of control remains intact. The human is still the one who decides. The agentic agent changes that equation at its foundation: it plans, executes multiple steps, calls external systems, and acts. It no longer suggests. It does.
That shift was not accompanied by an equivalent update in the perception of risk within organizations. And that has a precise behavioral explanation: the cognitive continuity bias. When a new technology is introduced incrementally, each step seems like a reasonable extension of the previous one. The first agent that automated support responses seemed equivalent to the chatbot of 2019. The next one, which began updating records in the CRM, seemed like a logical improvement. No one declared the moment when the line was crossed between an assisted tool and an autonomous system with access to critical infrastructure.
Technology teams did not fail out of negligence. They failed because the mental framework they used to evaluate risk was not calibrated to capture autonomy — only to capture technical complexity. And autonomy, unlike complexity, does not show up in an architecture diagram.
The result is what Boomi aptly calls agent sprawl: a proliferation of agents deployed by different business units, under different vendors, with different levels of access, and without a central inventory that would even allow anyone to know how many exist. The same problem organizations experienced with the uncontrolled expansion of SaaS software in the middle of the last decade, but with one material difference: these agents do not merely store data — they process it and act on it.
The Race to Become the Control Layer
Faced with that vacuum, the major enterprise platform vendors are competing to occupy a specific position: the governance layer over agents. This is not a race to build better agents. It is a race to become the system that controls all the others.
Salesforce integrates its controls within its own environment, with the Einstein Trust Layer operating as a policy perimeter inside Agentforce. Microsoft extends governance from its productivity infrastructure and Azure, using Copilot Studio as an administration panel. ServiceNow presented at its Knowledge 2026 event an AI Control Tower that consolidates multi-platform governance, incorporating its acquisitions of Veza and Armis to map agent identities and permissions at enterprise scale. IBM bets on auditability in regulated industries with watsonx Orchestrate. Google anchors its proposal within the Google Cloud perimeter.
The pattern is consistent: each vendor expands governance from the asset it already controls. That is rational from a business perspective and generates a structural problem from the client's perspective. The mid-sized or large Global 2000 company does not run agents from a single vendor. It runs LangGraph in one department, Agentforce in sales, an internal system in operations, and perhaps a proprietary development in finance. None of the vendors has an incentive to build governance that serves the competitor's agents equally well.
That is the opening that independent players are trying to capitalize on. Kore.ai, which claims to serve more than 450 Global 2000 clients in regulated industries, launched a multi-framework agent management platform in March 2026 and extended it in May of that same year onto Microsoft Azure as a launch partner for Microsoft Agent 365. The technical architecture they propose separates agentic reasoning from deterministic control into distinct layers, with a compiled declarative language called Agent Blueprint Language for defining agents and six multi-agent orchestration patterns. The design logic is that governance rules operate outside the model, not inside the prompt. That matters because a prompt can be reinterpreted by the model; an external deterministic layer cannot.
What remains unresolved is whether the promise of multi-vendor governance can hold when each platform has incentives to keep its agents within its own perimeter. Verification of that architecture under real production conditions will continue to be the criterion that separates genuine value proposition from a sales slide.
The Problem CIOs Are Avoiding Naming
There is an organizational friction that underlies all of this and that technical analyses tend to omit: agent governance forces organizations to answer questions that nobody wants to answer.
Inventorying all active agents in an organization means revealing how many were deployed without formal approval. Defining access permissions means opening conversations about which business units have too much power over sensitive data. Creating audit logs of every action taken by every agent means that when something goes wrong, there will be a trail pointing to those responsible. These are not technical conversations. They are political conversations.
The omission bias operates powerfully here. It is psychologically more comfortable not to audit than to discover a problem that forces action. As long as the agent is functioning, the incentive to examine whether it should be functioning with that level of access is low. The cost of discovering an issue is concentrated in the present, as friction and difficult conversations. The benefit of having it under control only materializes when something fails, and that moment feels abstract until it actually happens.
IBM articulates this directly in its agent governance analysis: organizations need emergency shutdown procedures for autonomous systems that are failing or behaving unexpectedly. That implies that someone must have already documented the complete map of what the agent can do, before the agent does something no one anticipated. Preparedness requires visibility. And visibility requires admitting that it currently does not exist.
The World Economic Forum has proposed treating the onboarding process for an agent with the same rigor as the onboarding of an employee: defining function, role, level of autonomy, use cases, environment, capabilities, and restrictions. It is a metaphor that captures something psychologically significant. No company would think of hiring employees without defining what they can do, which systems they have access to, and who supervises their work. With agents, that same basic logic was skipped because the technical object seemed smaller, more controllable, more reversible than a person. It turned out it was not.
The Cost of Continuing to Call It "Phase Two"
The most costly phrase in enterprise technology adoption is not "this won't work." The most costly one is "we'll implement governance in the next phase." Because by the next phase, the system already has dependencies, already has users who rely on it, has already generated results that someone uses to make decisions, and dismantling it — or even auditing it in depth — produces a level of friction the organization is not willing to absorb.
Credo AI describes this precisely by pointing out that responsibility and accountability continue to fall on the organization, even when an autonomous agent is the one directly executing the action. That carries legal, regulatory, and reputational implications that technology teams are generally not in a position to absorb on their own. These are conversations for the level of the CFO, the CISO, and the board.
The calculation that organizations are avoiding making explicitly is the following: the cost of implementing governance over agents that are already deployed is high. The cost of a failure by an agent operating within financial data, credit decisions, or regulated customer communications can be a multiple of that initial cost. The asymmetry is clear on paper. It is not clear in the mind of the person who has to approve a budget to audit systems that are apparently functioning.
Palo Alto Networks estimates that agentic AI could unlock up to $2.6 trillion in economic value if it scales safely. The conditional matters. The potential value and the unmanaged risk coexist on the same infrastructure. The question for the CIO, the CISO, and the CFO is not which governance platform to evaluate. The question is how many agents are acting right now within the organization over which there is no capacity whatsoever to demonstrate what they did, why they did it, or who can stop them.
The companies that build that capacity over the next two years will be in a position to scale. Those that continue to treat governance as a future conversation will have to explain to their boards of directors — and possibly to their regulators — why they did not build it before there was anything to explain.
